diff options
| author | Mark Sapiro | 2016-12-26 14:43:36 -0800 |
|---|---|---|
| committer | Mark Sapiro | 2016-12-26 14:43:36 -0800 |
| commit | 2ead4c9f0f70ac3ebd06105562579f74fa6963f1 (patch) | |
| tree | a59cf040acff390d7b5847cf08f84ff5b51dbcfb /src/mailman/rules | |
| parent | 17aa36cf4a5ec2cfce7b1e6af585b0f18a82a28b (diff) | |
| download | mailman-2ead4c9f0f70ac3ebd06105562579f74fa6963f1.tar.gz mailman-2ead4c9f0f70ac3ebd06105562579f74fa6963f1.tar.zst mailman-2ead4c9f0f70ac3ebd06105562579f74fa6963f1.zip | |
Diffstat (limited to 'src/mailman/rules')
| -rw-r--r-- | src/mailman/rules/dmarc.py | 36 | ||||
| -rw-r--r-- | src/mailman/rules/docs/dmarc-mitigation.rst (renamed from src/mailman/rules/docs/dmarc-moderation.rst) | 29 | ||||
| -rw-r--r-- | src/mailman/rules/docs/rules.rst | 2 |
3 files changed, 27 insertions, 40 deletions
diff --git a/src/mailman/rules/dmarc.py b/src/mailman/rules/dmarc.py index b9781fd40..dac1cd88c 100644 --- a/src/mailman/rules/dmarc.py +++ b/src/mailman/rules/dmarc.py @@ -15,7 +15,7 @@ # You should have received a copy of the GNU General Public License along with # GNU Mailman. If not, see <http://www.gnu.org/licenses/>. -"""DMARC moderation rule.""" +"""DMARC mitigation rule.""" import re import logging @@ -26,7 +26,7 @@ from email.utils import parseaddr from lazr.config import as_timedelta from mailman.config import config from mailman.core.i18n import _ -from mailman.interfaces.mailinglist import DMARCModerationAction +from mailman.interfaces.mailinglist import DMARCMitigateAction from mailman.interfaces.rules import IRule from mailman.utilities.string import wrap from public import public @@ -110,7 +110,7 @@ def _get_org_dom(domain): def _IsDMARCProhibited(mlist, email): # This takes an email address, and returns True if DMARC policy is - # p=reject or possibly quarantine or none. + # p=reject or quarantine. email = email.lower() # Scan from the right in case quoted local part has an '@'. at_sign = email.rfind('@') @@ -205,54 +205,40 @@ def _DMARCProhibited(mlist, email, dmarc_domain, org=False): found p=reject in %s = %s""", mlist.list_name, email, dmarc_domain, name, entry) return True - - if (mlist.dmarc_quarantine_moderation_action and - policy == 'quarantine'): + if policy == 'quarantine': vlog.info( """%s: DMARC lookup for %s (%s) found p=quarantine in %s = %s""", mlist.list_name, email, dmarc_domain, name, entry) return True - - if (mlist.dmarc_none_moderation_action and - mlist.dmarc_quarantine_moderation_action and - mlist.dmarc_moderation_action in ( - DMARCModerationAction.munge_from, - DMARCModerationAction.wrap_message) and - policy == 'none'): - vlog.info( - '%s: DMARC lookup for %s (%s) found p=none in %s = %s', - mlist.list_name, email, dmarc_domain, name, entry) - return True - return False @public @implementer(IRule) -class DMARCModeration: - """The DMARC moderation rule.""" +class DMARCMitigation: + """The DMARC mitigation rule.""" - name = 'dmarc-moderation' + name = 'dmarc-mitigation' description = _('Find DMARC policy of From: domain.') record = True def check(self, mlist, msg, msgdata): """See `IRule`.""" - if mlist.dmarc_moderation_action is DMARCModerationAction.none: + if mlist.dmarc_mitigate_action is DMARCMitigateAction.no_mitigation: # Don't bother to check if we're not going to do anything. return False dn, addr = parseaddr(msg.get('from')) if _IsDMARCProhibited(mlist, addr): - # If dmarc_moderation_action is discard or reject, this rule fires + # If dmarc_mitigate_action is discard or reject, this rule fires # and jumps to the 'moderation' chain to do the actual discard. # Otherwise, the rule misses but sets a flag for the dmarc handler # to do the appropriate action. msgdata['dmarc'] = True - if mlist.dmarc_moderation_action is DMARCModerationAction.discard: + if mlist.dmarc_mitigate_action is DMARCMitigateAction.discard: msgdata['moderation_action'] = 'discard' msgdata['moderation_reasons'] = [_('DMARC moderation')] - elif mlist.dmarc_moderation_action is DMARCModerationAction.reject: + elif mlist.dmarc_mitigate_action is DMARCMitigateAction.reject: listowner = mlist.owner_address # noqa F841 reason = (mlist.dmarc_moderation_notice or _('You are not allowed to post to this mailing ' diff --git a/src/mailman/rules/docs/dmarc-moderation.rst b/src/mailman/rules/docs/dmarc-mitigation.rst index 8aab08161..7118a5be4 100644 --- a/src/mailman/rules/docs/dmarc-moderation.rst +++ b/src/mailman/rules/docs/dmarc-mitigation.rst @@ -1,17 +1,18 @@ ================ -DMARC moderation +DMARC mitigation ================ This rule only matches in order to jump to the moderation chain to reject -or discard the message. The rule looks at the list's dmarc_moderation_policy -and if it is other than 'none', it checks the domain of the From: address for -a DMARC policy and depending on settings may reject or discard the message or -just flag it for the dmarc handler to apply DMARC mitigations to the message. +or discard the message. The rule looks at the list's dmarc_mitigate_action +and if it is other than 'no_mitigation', it checks the domain of the From: +address for a DMARC policy and depending on settings may reject or discard +the message or just flag it for the dmarc handler to apply DMARC mitigations +to the message. >>> mlist = create_list('_xtest@example.com') - >>> rule = config.rules['dmarc-moderation'] + >>> rule = config.rules['dmarc-mitigation'] >>> print(rule.name) - dmarc-moderation + dmarc-mitigation First we set up a mock patcher to return predictable responses to DNS lookups. This returns p=reject for the example.biz domain and not for any others. @@ -21,8 +22,8 @@ This returns p=reject for the example.biz domain and not for any others. A message From: a domain without a DMARC policy does not set any flags. - >>> from mailman.interfaces.mailinglist import DMARCModerationAction - >>> mlist.dmarc_moderation_action = DMARCModerationAction.munge_from + >>> from mailman.interfaces.mailinglist import DMARCMitigateAction + >>> mlist.dmarc_mitigate_action = DMARCMitigateAction.munge_from >>> msg = message_from_string("""\ ... From: aperson@example.org ... To: _xtest@example.com @@ -37,9 +38,9 @@ A message From: a domain without a DMARC policy does not set any flags. True Even if the From: domain publishes p=reject, no flags are set if the list's -action is none. +action is no_mitigation. - >>> mlist.dmarc_moderation_action = DMARCModerationAction.none + >>> mlist.dmarc_mitigate_action = DMARCMitigateAction.no_mitigation >>> msg = message_from_string("""\ ... From: aperson@example.biz ... To: _xtest@example.com @@ -55,7 +56,7 @@ action is none. But with a different list setting, the message is flagged. - >>> mlist.dmarc_moderation_action = DMARCModerationAction.munge_from + >>> mlist.dmarc_mitigate_action = DMARCMitigateAction.munge_from >>> msg = message_from_string("""\ ... From: aperson@example.biz ... To: _xtest@example.com @@ -87,7 +88,7 @@ Subdomains which don't have a policy will check the organizational domain. The list's action can also be set to immediately discard or reject the message. - >>> mlist.dmarc_moderation_action = DMARCModerationAction.discard + >>> mlist.dmarc_mitigate_action = DMARCMitigateAction.discard >>> msg = message_from_string("""\ ... From: aperson@example.biz ... To: _xtest@example.com @@ -106,7 +107,7 @@ message. We can reject the message with a default reason. - >>> mlist.dmarc_moderation_action = DMARCModerationAction.reject + >>> mlist.dmarc_mitigate_action = DMARCMitigateAction.reject >>> msg = message_from_string("""\ ... From: aperson@example.biz ... To: _xtest@example.com diff --git a/src/mailman/rules/docs/rules.rst b/src/mailman/rules/docs/rules.rst index e00889061..8b351650c 100644 --- a/src/mailman/rules/docs/rules.rst +++ b/src/mailman/rules/docs/rules.rst @@ -22,7 +22,7 @@ names to rule objects. any True approved True banned-address True - dmarc-moderation True + dmarc-mitigation True emergency True implicit-dest True loop True |