diff --git a/mail/univention-mail-postfix/share/listfilter.py b/mail/univention-mail-postfix/share/listfilter.py index 2204c53..8fa1e2f 100755 --- a/mail/univention-mail-postfix/share/listfilter.py +++ b/mail/univention-mail-postfix/share/listfilter.py @@ -37,6 +37,8 @@ import re import traceback import syslog + +from ldap.filter import filter_format from univention.config_registry import ConfigRegistry usage = "help" @@ -79,7 +81,7 @@ def listfilter(attrib): # try the ldap stuff, if that fails send email anyway # get recipient restriction ldap_attr = ["univentionAllowedEmailGroups", "univentionAllowedEmailUsers"] - ldap_filter = '(&(mailPrimaryAddress=%s)(|(objectclass=univentionMailList)(objectclass=posixGroup)))' % recipient + ldap_filter = filter_format('(&(mailPrimaryAddress=%s)(|(objectclass=univentionMailList)(objectclass=posixGroup)))', [recipient]) result = ldap.search(base=options.ldap_base, filter=ldap_filter, attr=ldap_attr) if result: @@ -99,13 +101,13 @@ def listfilter(attrib): # get dn and groups of sender if check_sasl_username: - ldap_filter = '(&(uid=%s)(objectclass=posixAccount))' % sender + ldap_filter = filter_format('(&(uid=%s)(objectclass=posixAccount))', [sender]) else: - ldap_filter = '(&(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)(mail=%s))(objectclass=posixAccount))' % (sender, sender, sender) + ldap_filter = filter_format('(&(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)(mail=%s))(objectclass=posixAccount))', (sender, sender, sender)) user_result = ldap.search(base=options.ldap_base, filter=ldap_filter, attr=["dn"]) if user_result: user_dn = user_result[0][0] - ldap_filter = '(uniqueMember=%s)' % user_dn + ldap_filter = filter_format('(uniqueMember=%s)', [user_dn]) group_result = ldap.search(base=options.ldap_base, filter=ldap_filter, attr=["dn"]) if group_result: for i in group_result: @@ -136,7 +138,7 @@ def listfilter(attrib): return "DUNNO no restrictions" else: return "DUNNO no group found for %s" % recipient - except Exception: + except Exception: # FIXME: never catch everything return "WARN Error with attrib={}, check_sasl_username={}, traceback={}".format( attrib, check_sasl_username, traceback.format_exc().replace("\n", " "))