Compare commits
44 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
b0c3dab64e
|
|||
|
33f0f06763
|
|||
|
5998535761
|
|||
|
1a368998c8
|
|||
|
8c07c02102
|
|||
|
702d22f9aa
|
|||
|
e0bf57e2d0
|
|||
|
b3e9f16e55
|
|||
|
dd3f8ac11e
|
|||
|
d93eab4d41
|
|||
|
6117ff372d
|
|||
|
782e744f08
|
|||
|
9337ac72d8
|
|||
|
ac458dade8
|
|||
|
a90e087a5d
|
|||
|
4c1b110d18
|
|||
|
c7a027a4d8
|
|||
| 65d5dcf137 | |||
|
567e41362b
|
|||
|
0fa6ddd870
|
|||
|
22a61e1df3
|
|||
|
d8e9dd2685
|
|||
|
400c65eec8
|
|||
|
f0931daa67
|
|||
|
e8265e45a5
|
|||
|
365fa9cd6d
|
|||
|
a10e341056
|
|||
|
ab16c9f83e
|
|||
|
182ca2bad7
|
|||
|
1508d39ed8
|
|||
| 42536befdb | |||
| d09a453f3d | |||
| 983362a69a | |||
| f4399312b4 | |||
|
b40e835215
|
|||
|
057e66f945
|
|||
|
49bc12f93b
|
|||
|
0dd09e2d5a
|
|||
|
ec9a2e875b
|
|||
|
7a31c01955
|
|||
|
9e5f51f6f5
|
|||
|
086a3fc0ce
|
|||
|
56e03ffffe
|
|||
|
32682cfb8c
|
@@ -1,3 +1,3 @@
|
||||
include LICENSE README.md
|
||||
recursive-include docs *
|
||||
recursive-include misc *
|
||||
recursive-include pyquarantine/docs *
|
||||
recursive-include pyquarantine/misc *
|
||||
|
||||
30
README.md
30
README.md
@@ -8,7 +8,7 @@ Each quarantine can be configured with a quarantine type, notification type, whi
|
||||
|
||||
Addionally, pyquarantine-milter provides a sanitized, harmless version of the text parts of e-mails, which can be embedded in e-mail notifications. This makes it easier for users to decide, if a match is a false-positive or not. If a matching quarantine provides a quarantine ID of the original e-mail, it is also available as a template variable. This is useful if you want to add links to a webservice to notification e-mails, to give your users the ability to release e-mails or whitelist the from-address for example. The webservice then releases the e-mail from the quarantine.
|
||||
|
||||
The project is currently in alpha status, but will soon be used in a productive enterprise environment and possibly existing bugs will be fixed.
|
||||
The project is currently in beta status, but it is already used in a productive enterprise environment which processes about a million e-mails per month.
|
||||
|
||||
## Requirements
|
||||
* pymilter <https://pythonhosted.org/pymilter/>
|
||||
@@ -36,8 +36,8 @@ The following configuration options are mandatory in the global section:
|
||||
The following configuration options are mandatory in each quarantine section:
|
||||
* **regex**
|
||||
Case insensitive regular expression to filter e-mail headers.
|
||||
* **quarantine_type**
|
||||
One of the quarantine-types described below.
|
||||
* **storage_type**
|
||||
One of the storage types described below.
|
||||
* **action**
|
||||
One of the actions described below.
|
||||
* **notification_type**
|
||||
@@ -45,18 +45,18 @@ The following configuration options are mandatory in each quarantine section:
|
||||
* **whitelist_type**
|
||||
One of the whitelist types described below.
|
||||
* **smtp_host**
|
||||
SMTP host to inject original e-mails. This is needed if not all recipients of an e-mail are whitelisted
|
||||
SMTP host used to release original e-mails from the quarantine.
|
||||
* **smtp_port**
|
||||
SMTP port
|
||||
|
||||
The following configuration options are optional in each quarantine section:
|
||||
* **ignore_hosts**
|
||||
* **host_whitelist**
|
||||
Comma-separated list of host and network addresses to be ignored by this quarantine.
|
||||
* **reject_reason**
|
||||
Reason to return to the client if action is set to reject.
|
||||
|
||||
|
||||
### Quarantine types
|
||||
### Storage types
|
||||
* **NONE**
|
||||
Original e-mails scrapped, sent to nirvana, black-holed or however you want to call it.
|
||||
|
||||
@@ -64,7 +64,7 @@ The following configuration options are optional in each quarantine section:
|
||||
Original e-mails are stored on the filesystem with a unique filename. The filename is available as a
|
||||
template variable used in notifiaction templates.
|
||||
The following configuration options are mandatory for this quarantine type:
|
||||
* **quarantine_directory**
|
||||
* **storage_directory**
|
||||
The directory in which quarantined e-mails are stored.
|
||||
|
||||
|
||||
@@ -77,11 +77,17 @@ The following configuration options are optional in each quarantine section:
|
||||
|
||||
The following template variables are available:
|
||||
* **{EMAIL_ENVELOPE_FROM}**
|
||||
E-mail from-address received by the milter.
|
||||
E-mail sender address received by the milter.
|
||||
* **{EMAIL_ENVELOPE_FROM_URL}**
|
||||
Like EMAIL_ENVELOPE_FROM, but URL encoded
|
||||
* **{EMAIL_FROM}**
|
||||
Value of the from header of the original e-mail.
|
||||
* **{EMAIL_TO}**
|
||||
Value of the FROM header of the original e-mail.
|
||||
* **{EMAIL_ENVELOPE_TO}**
|
||||
E-mail recipient address of this notification.
|
||||
* **{EMAIL_ENVELOPE_TO_URL}**
|
||||
Like EMAIL_ENVELOPE_TO, but URL encoded
|
||||
* **{EMAIL_TO}**
|
||||
Value of the TO header of the original e-mail.
|
||||
* **{EMAIL_SUBJECT}**
|
||||
Configured e-mail subject.
|
||||
* **{EMAIL_QUARANTINE_ID}**
|
||||
@@ -97,6 +103,10 @@ The following configuration options are optional in each quarantine section:
|
||||
Content of a named subgroup, 'subgroup_name' will be replaced by its name.
|
||||
|
||||
The following configuration options are mandatory for this notification type:
|
||||
* **notification_email_smtp_host**
|
||||
SMTP host used to send notification e-mails.
|
||||
* **notification_email_smtp_port**
|
||||
SMTP port.
|
||||
* **notification_email_envelope_from**
|
||||
Notification e-mail envelope from-address.
|
||||
* **notification_email_from**
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -20,26 +20,43 @@ import logging.handlers
|
||||
import sys
|
||||
import time
|
||||
|
||||
import pyquarantine
|
||||
from pyquarantine import QuarantineMilter, setup_milter
|
||||
from pyquarantine import __version__ as version
|
||||
|
||||
from pyquarantine.version import __version__ as version
|
||||
|
||||
def _get_quarantine_obj(config, quarantine):
|
||||
def _get_quarantine(quarantines, name):
|
||||
try:
|
||||
quarantine_obj = next((q["quarantine_obj"]
|
||||
for q in config if q["name"] == quarantine))
|
||||
quarantine = next((q for q in quarantines if q.name == name))
|
||||
except StopIteration:
|
||||
raise RuntimeError("invalid quarantine '{}'".format(quarantine))
|
||||
return quarantine_obj
|
||||
raise RuntimeError("invalid quarantine 'name'")
|
||||
return quarantine
|
||||
|
||||
|
||||
def _get_whitelist_obj(config, quarantine):
|
||||
try:
|
||||
whitelist_obj = next((q["whitelist_obj"]
|
||||
for q in config if q["name"] == quarantine))
|
||||
except StopIteration:
|
||||
raise RuntimeError("invalid quarantine '{}'".format(quarantine))
|
||||
return whitelist_obj
|
||||
def _get_storage(quarantines, name):
|
||||
quarantine = _get_quarantine(quarantines, name)
|
||||
storage = quarantine.get_storage()
|
||||
if not storage:
|
||||
raise RuntimeError(
|
||||
"storage type is set to NONE")
|
||||
return storage
|
||||
|
||||
|
||||
def _get_notification(quarantines, name):
|
||||
quarantine = _get_quarantine(quarantines, name)
|
||||
notification = quarantine.get_notification()
|
||||
if not notification:
|
||||
raise RuntimeError(
|
||||
"notification type is set to NONE")
|
||||
return notification
|
||||
|
||||
|
||||
def _get_whitelist(quarantines, name):
|
||||
quarantine = _get_quarantine(quarantines, name)
|
||||
whitelist = quarantine.get_whitelist()
|
||||
if not whitelist:
|
||||
raise RuntimeError(
|
||||
"whitelist type is set to NONE")
|
||||
return whitelist
|
||||
|
||||
|
||||
def print_table(columns, rows):
|
||||
@@ -56,10 +73,10 @@ def print_table(columns, rows):
|
||||
# get the length of the longest value
|
||||
lengths.append(
|
||||
len(str(max(rows, key=lambda x: len(str(x[key])))[key])))
|
||||
# use the the longer one
|
||||
# use the longer one
|
||||
length = max(lengths)
|
||||
column_lengths.append(length)
|
||||
column_formats.append("{{:<{}}}".format(length))
|
||||
column_formats.append(f"{{:<{length}}}")
|
||||
|
||||
# define row format
|
||||
row_format = " | ".join(column_formats)
|
||||
@@ -83,47 +100,70 @@ def print_table(columns, rows):
|
||||
print(row_format.format(*row))
|
||||
|
||||
|
||||
def list_quarantines(config, args):
|
||||
def list_quarantines(quarantines, args):
|
||||
if args.batch:
|
||||
print("\n".join([quarantine["name"] for quarantine in config]))
|
||||
print("\n".join([q.name for q in quarantines]))
|
||||
else:
|
||||
qlist = []
|
||||
for q in quarantines:
|
||||
storage = q.get_storage()
|
||||
if storage:
|
||||
storage_type = q.get_storage().storage_type
|
||||
else:
|
||||
storage_type = "NONE"
|
||||
|
||||
notification = q.get_notification()
|
||||
if notification:
|
||||
notification_type = q.get_notification().notification_type
|
||||
else:
|
||||
notification_type = "NONE"
|
||||
|
||||
whitelist = q.get_whitelist()
|
||||
if whitelist:
|
||||
whitelist_type = q.get_whitelist().whitelist_type
|
||||
else:
|
||||
whitelist_type = "NONE"
|
||||
|
||||
qlist.append({
|
||||
"name": q.name,
|
||||
"storage": storage_type,
|
||||
"notification": notification_type,
|
||||
"whitelist": whitelist_type,
|
||||
"action": q.action})
|
||||
print_table(
|
||||
[("Name", "name"), ("Quarantine", "quarantine_type"),
|
||||
("Notification", "notification_type"), ("Action", "action")],
|
||||
config
|
||||
[("Name", "name"),
|
||||
("Storage", "storage"),
|
||||
("Notification", "notification"),
|
||||
("Whitelist", "whitelist"),
|
||||
("Action", "action")],
|
||||
qlist
|
||||
)
|
||||
|
||||
|
||||
def list_quarantine_emails(config, args):
|
||||
def list_quarantine_emails(quarantines, args):
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
# get quarantine object
|
||||
quarantine = _get_quarantine_obj(config, args.quarantine)
|
||||
if quarantine is None:
|
||||
raise RuntimeError(
|
||||
"quarantine type is set to None, unable to list emails")
|
||||
|
||||
storage = _get_storage(quarantines, args.quarantine)
|
||||
# find emails and transform some metadata values to strings
|
||||
rows = []
|
||||
emails = quarantine.find(
|
||||
mailfrom=args.mailfrom,
|
||||
recipients=args.recipients,
|
||||
older_than=args.older_than)
|
||||
for quarantine_id, metadata in emails.items():
|
||||
row = emails[quarantine_id]
|
||||
row["quarantine_id"] = quarantine_id
|
||||
emails = storage.find(
|
||||
args.mailfrom, args.recipients, args.older_than)
|
||||
for storage_id, metadata in emails.items():
|
||||
row = emails[storage_id]
|
||||
row["storage_id"] = storage_id
|
||||
row["date"] = time.strftime(
|
||||
'%Y-%m-%d %H:%M:%S',
|
||||
time.localtime(
|
||||
metadata["date"]))
|
||||
row["mailfrom"] = metadata["mailfrom"]
|
||||
row["recipient"] = metadata["recipients"].pop(0)
|
||||
row["subject"] = emails[quarantine_id]["headers"]["subject"][:60]
|
||||
if "subject" not in emails[storage_id]["headers"].keys():
|
||||
emails[storage_id]["headers"]["subject"] = ""
|
||||
row["subject"] = emails[storage_id]["headers"]["subject"][:60].strip()
|
||||
rows.append(row)
|
||||
|
||||
if metadata["recipients"]:
|
||||
row = {
|
||||
"quarantine_id": "",
|
||||
"storage_id": "",
|
||||
"date": "",
|
||||
"mailfrom": "",
|
||||
"recipient": metadata["recipients"].pop(0),
|
||||
@@ -137,23 +177,18 @@ def list_quarantine_emails(config, args):
|
||||
return
|
||||
|
||||
if not emails:
|
||||
logger.info("quarantine '{}' is empty".format(args.quarantine))
|
||||
logger.info(f"quarantine '{args.quarantine}' is empty")
|
||||
print_table(
|
||||
[("Quarantine-ID", "quarantine_id"), ("Date", "date"),
|
||||
[("Quarantine-ID", "storage_id"), ("Date", "date"),
|
||||
("From", "mailfrom"), ("Recipient(s)", "recipient"),
|
||||
("Subject", "subject")],
|
||||
rows
|
||||
)
|
||||
|
||||
|
||||
def list_whitelist(config, args):
|
||||
def list_whitelist(quarantines, args):
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
# get whitelist object
|
||||
whitelist = _get_whitelist_obj(config, args.quarantine)
|
||||
if whitelist is None:
|
||||
raise RuntimeError(
|
||||
"whitelist type is set to None, unable to list entries")
|
||||
whitelist = _get_whitelist(quarantines, args.quarantine)
|
||||
|
||||
# find whitelist entries
|
||||
entries = whitelist.find(
|
||||
@@ -162,8 +197,7 @@ def list_whitelist(config, args):
|
||||
older_than=args.older_than)
|
||||
if not entries:
|
||||
logger.info(
|
||||
"whitelist of quarantine '{}' is empty".format(
|
||||
args.quarantine))
|
||||
f"whitelist of quarantine '{args.quarantine}' is empty")
|
||||
return
|
||||
|
||||
# transform some values to strings
|
||||
@@ -184,14 +218,9 @@ def list_whitelist(config, args):
|
||||
)
|
||||
|
||||
|
||||
def add_whitelist_entry(config, args):
|
||||
def add_whitelist_entry(quarantines, args):
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
# get whitelist object
|
||||
whitelist = _get_whitelist_obj(config, args.quarantine)
|
||||
if whitelist is None:
|
||||
raise RuntimeError(
|
||||
"whitelist type is set to None, unable to add entries")
|
||||
whitelist = _get_whitelist(quarantines, args.quarantine)
|
||||
|
||||
# check existing entries
|
||||
entries = whitelist.check(args.mailfrom, args.recipient)
|
||||
@@ -229,53 +258,41 @@ def add_whitelist_entry(config, args):
|
||||
logger.info("whitelist entry added successfully")
|
||||
|
||||
|
||||
def delete_whitelist_entry(config, args):
|
||||
def delete_whitelist_entry(quarantines, args):
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
whitelist = _get_whitelist_obj(config, args.quarantine)
|
||||
if whitelist is None:
|
||||
raise RuntimeError(
|
||||
"whitelist type is set to None, unable to delete entries")
|
||||
|
||||
whitelist = _get_whitelist(quarantines, args.quarantine)
|
||||
whitelist.delete(args.whitelist_id)
|
||||
logger.info("whitelist entry deleted successfully")
|
||||
|
||||
|
||||
def notify_email(config, args):
|
||||
def notify(quarantines, args):
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
quarantine = _get_quarantine_obj(config, args.quarantine)
|
||||
if quarantine is None:
|
||||
raise RuntimeError(
|
||||
"quarantine type is set to None, unable to send notification")
|
||||
quarantine = _get_quarantine(quarantines, args.quarantine)
|
||||
quarantine.notify(args.quarantine_id, args.recipient)
|
||||
logger.info("sent notification successfully")
|
||||
logger.info("notification sent successfully")
|
||||
|
||||
|
||||
def release_email(config, args):
|
||||
def release(quarantines, args):
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
quarantine = _get_quarantine_obj(config, args.quarantine)
|
||||
if quarantine is None:
|
||||
raise RuntimeError(
|
||||
"quarantine type is set to None, unable to release email")
|
||||
|
||||
quarantine = _get_quarantine(quarantines, args.quarantine)
|
||||
quarantine.release(args.quarantine_id, args.recipient)
|
||||
logger.info("quarantined email released successfully")
|
||||
|
||||
|
||||
def delete_email(config, args):
|
||||
def delete(quarantines, args):
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
quarantine = _get_quarantine_obj(config, args.quarantine)
|
||||
if quarantine is None:
|
||||
raise RuntimeError(
|
||||
"quarantine type is set to None, unable to delete email")
|
||||
|
||||
quarantine.delete(args.quarantine_id, args.recipient)
|
||||
storage = _get_storage(quarantines, args.quarantine)
|
||||
storage.delete(args.quarantine_id, args.recipient)
|
||||
logger.info("quarantined email deleted successfully")
|
||||
|
||||
|
||||
def get(quarantines, args):
|
||||
storage = _get_storage(quarantines, args.quarantine)
|
||||
fp, _ = storage.get_mail(args.quarantine_id)
|
||||
print(fp.read().decode())
|
||||
fp.close()
|
||||
|
||||
|
||||
class StdErrFilter(logging.Filter):
|
||||
def filter(self, rec):
|
||||
return rec.levelno in (logging.ERROR, logging.WARNING)
|
||||
@@ -298,7 +315,7 @@ def main():
|
||||
"-c", "--config",
|
||||
help="Config files to read.",
|
||||
nargs="+", metavar="CFG",
|
||||
default=pyquarantine.QuarantineMilter.get_configfiles())
|
||||
default=QuarantineMilter.get_cfg_files())
|
||||
parser.add_argument(
|
||||
"-d", "--debug",
|
||||
help="Log debugging messages.",
|
||||
@@ -307,7 +324,7 @@ def main():
|
||||
"-v", "--version",
|
||||
help="Print version.",
|
||||
action="version",
|
||||
version="%(prog)s ({})".format(version))
|
||||
version=f"%(prog)s ({version})")
|
||||
parser.set_defaults(syslog=False)
|
||||
subparsers = parser.add_subparsers(
|
||||
dest="command",
|
||||
@@ -388,7 +405,7 @@ def main():
|
||||
"-a", "--all",
|
||||
help="Release email for all recipients.",
|
||||
action="store_true")
|
||||
quarantine_notify_parser.set_defaults(func=notify_email)
|
||||
quarantine_notify_parser.set_defaults(func=notify)
|
||||
# quarantine release command
|
||||
quarantine_release_parser = quarantine_subparsers.add_parser(
|
||||
"release",
|
||||
@@ -415,7 +432,7 @@ def main():
|
||||
"-a", "--all",
|
||||
help="Release email for all recipients.",
|
||||
action="store_true")
|
||||
quarantine_release_parser.set_defaults(func=release_email)
|
||||
quarantine_release_parser.set_defaults(func=release)
|
||||
# quarantine delete command
|
||||
quarantine_delete_parser = quarantine_subparsers.add_parser(
|
||||
"delete",
|
||||
@@ -441,7 +458,18 @@ def main():
|
||||
"-a", "--all",
|
||||
help="Delete email for all recipients.",
|
||||
action="store_true")
|
||||
quarantine_delete_parser.set_defaults(func=delete_email)
|
||||
quarantine_delete_parser.set_defaults(func=delete)
|
||||
# quarantine get command
|
||||
quarantine_get_parser = quarantine_subparsers.add_parser(
|
||||
"get",
|
||||
description="Get email from quarantine.",
|
||||
help="Get email from quarantine",
|
||||
formatter_class=formatter_class)
|
||||
quarantine_get_parser.add_argument(
|
||||
"quarantine_id",
|
||||
metavar="ID",
|
||||
help="Quarantine ID.")
|
||||
quarantine_get_parser.set_defaults(func=get)
|
||||
|
||||
# whitelist command group
|
||||
whitelist_parser = subparsers.add_parser(
|
||||
@@ -552,8 +580,8 @@ def main():
|
||||
|
||||
# try to generate milter configs
|
||||
try:
|
||||
global_config, config = pyquarantine.generate_milter_config(
|
||||
config_files=args.config, configtest=True)
|
||||
setup_milter(
|
||||
cfg_files=args.config, test=True)
|
||||
except RuntimeError as e:
|
||||
logger.error(e)
|
||||
sys.exit(255)
|
||||
@@ -574,7 +602,7 @@ def main():
|
||||
|
||||
# call the commands function
|
||||
try:
|
||||
args.func(config, args)
|
||||
args.func(QuarantineMilter.quarantines, args)
|
||||
except RuntimeError as e:
|
||||
logger.error(e)
|
||||
sys.exit(1)
|
||||
|
||||
@@ -30,12 +30,12 @@ preferred_quarantine_action = last
|
||||
|
||||
|
||||
[spam]
|
||||
# Option: ignore_hosts
|
||||
# Option: host_whitelist
|
||||
# Notes: Set a list of host and network addresses to be ignored by this quarantine.
|
||||
# All the common host/network notations are supported, including IPv6.
|
||||
# Value: [ HOST ]
|
||||
#
|
||||
ignore_hosts = 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
|
||||
host_whitelist = 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
|
||||
|
||||
# Option: regex
|
||||
# Notes: Set the case insensitive regular expression to match against email headers.
|
||||
@@ -57,18 +57,18 @@ smtp_host = 127.0.0.1
|
||||
#
|
||||
smtp_port = 25
|
||||
|
||||
# Option: quarantine_type
|
||||
# Notes: Set the quarantine type.
|
||||
# Option: storage_type
|
||||
# Notes: Set the storage type.
|
||||
# Values: [ file | none ]
|
||||
#
|
||||
quarantine_type = file
|
||||
storage_type = file
|
||||
|
||||
# Option: quarantine_directory
|
||||
# Option: storage_directory
|
||||
# Notes: Set the directory to store quarantined emails.
|
||||
# This option is needed by quarantine type 'file'.
|
||||
# Values: [ DIRECTORY ]
|
||||
#
|
||||
quarantine_directory = /var/lib/pyquarantine/spam
|
||||
storage_directory = /var/lib/pyquarantine/spam
|
||||
|
||||
# Option: action
|
||||
# Notes: Set the milter action to perform if email is processed by this quarantine.
|
||||
@@ -88,6 +88,18 @@ reject_reason = Message rejected
|
||||
#
|
||||
notification_type = email
|
||||
|
||||
# Option: notification_email_smtp_host
|
||||
# Notes: Set the SMTP host. It will be used to send notification e-mails.
|
||||
# Values: [ HOSTNAME | IP_ADDRESS ]
|
||||
#
|
||||
notification_email_smtp_host = 127.0.0.1
|
||||
|
||||
# Option: notification_email_smtp_port
|
||||
# Notes: Set the SMTP port.
|
||||
# Values: [ PORT ]
|
||||
#
|
||||
notification_email_smtp_port = 25
|
||||
|
||||
# Option: notification_email_envelope_from
|
||||
# Notes: Set the envelope-from address used when sending notification emails.
|
||||
# This option is needed by notification type 'email'.
|
||||
@@ -10,6 +10,10 @@
|
||||
<td><b>From:</b></td>
|
||||
<td>{EMAIL_FROM}</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>Envelope-To:</b></td>
|
||||
<td>{EMAIL_ENVELOPE_TO}</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>To:</b></td>
|
||||
<td>{EMAIL_TO}</td>
|
||||
|
Before Width: | Height: | Size: 2.1 KiB After Width: | Height: | Size: 2.1 KiB |
@@ -14,7 +14,6 @@
|
||||
|
||||
import logging
|
||||
import smtplib
|
||||
import sys
|
||||
|
||||
from multiprocessing import Process, Queue
|
||||
|
||||
@@ -26,6 +25,10 @@ process = None
|
||||
|
||||
def smtp_send(smtp_host, smtp_port, mailfrom, recipient, mail):
|
||||
s = smtplib.SMTP(host=smtp_host, port=smtp_port)
|
||||
s.ehlo()
|
||||
if s.has_extn("STARTTLS"):
|
||||
s.starttls()
|
||||
s.ehlo()
|
||||
s.sendmail(mailfrom, [recipient], mail)
|
||||
s.quit()
|
||||
|
||||
@@ -41,23 +44,22 @@ def mailprocess():
|
||||
if not m:
|
||||
break
|
||||
|
||||
smtp_host, smtp_port, queueid, mailfrom, recipient, mail, emailtype = m
|
||||
smtp_host, smtp_port, qid, mailfrom, recipient, mail, emailtype = m
|
||||
try:
|
||||
smtp_send(smtp_host, smtp_port, mailfrom, recipient, mail)
|
||||
except Exception as e:
|
||||
logger.error(
|
||||
"{}: error while sending {} to '{}': {}".format(
|
||||
queueid, emailtype, recipient, e))
|
||||
f"{qid}: error while sending {emailtype} "
|
||||
f"to '{recipient}': {e}")
|
||||
else:
|
||||
logger.info(
|
||||
"{}: successfully sent {} to: {}".format(
|
||||
queueid, emailtype, recipient))
|
||||
f"{qid}: successfully sent {emailtype} to: {recipient}")
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
logger.debug("mailer process terminated")
|
||||
|
||||
|
||||
def sendmail(smtp_host, smtp_port, queueid, mailfrom, recipients, mail,
|
||||
def sendmail(smtp_host, smtp_port, qid, mailfrom, recipients, mail,
|
||||
emailtype="email"):
|
||||
"Send an email."
|
||||
global logger
|
||||
@@ -77,8 +79,8 @@ def sendmail(smtp_host, smtp_port, queueid, mailfrom, recipients, mail,
|
||||
for recipient in recipients:
|
||||
try:
|
||||
queue.put(
|
||||
(smtp_host, smtp_port, queueid, mailfrom, recipient, mail,
|
||||
(smtp_host, smtp_port, qid, mailfrom, recipient, mail,
|
||||
emailtype),
|
||||
timeout=30)
|
||||
except Queue.Full as e:
|
||||
except Queue.Full:
|
||||
raise RuntimeError("email queue is full")
|
||||
|
||||
@@ -17,26 +17,27 @@ import logging
|
||||
import re
|
||||
|
||||
from bs4 import BeautifulSoup
|
||||
from cgi import escape
|
||||
from collections import defaultdict
|
||||
from email.policy import default as default_policy
|
||||
from email.mime.multipart import MIMEMultipart
|
||||
from email.mime.text import MIMEText
|
||||
from email.mime.image import MIMEImage
|
||||
from html import escape
|
||||
from os.path import basename
|
||||
from urllib.parse import quote
|
||||
|
||||
from pyquarantine import mailer
|
||||
|
||||
|
||||
class BaseNotification(object):
|
||||
"Notification base class"
|
||||
notification_type = "base"
|
||||
|
||||
def __init__(self, global_config, config, configtest=False):
|
||||
self.quarantine_name = config["name"]
|
||||
self.global_config = global_config
|
||||
self.config = config
|
||||
def __init__(self, name, global_cfg, cfg, test=False):
|
||||
self.name = name
|
||||
self.logger = logging.getLogger(__name__)
|
||||
|
||||
def notify(self, queueid, quarantine_id, mailfrom, recipients, headers,
|
||||
def notify(self, qid, storage_id, mailfrom, recipients, headers,
|
||||
fp, subgroups=None, named_subgroups=None, synchronous=False):
|
||||
fp.seek(0)
|
||||
pass
|
||||
@@ -44,8 +45,7 @@ class BaseNotification(object):
|
||||
|
||||
class EMailNotification(BaseNotification):
|
||||
"Notification class to send notifications via mail."
|
||||
_html_text = "text/html"
|
||||
_plain_text = "text/plain"
|
||||
notification_type = "email"
|
||||
_bad_tags = [
|
||||
"applet",
|
||||
"embed",
|
||||
@@ -109,44 +109,40 @@ class EMailNotification(BaseNotification):
|
||||
"width"
|
||||
]
|
||||
|
||||
def __init__(self, global_config, config, configtest=False):
|
||||
def __init__(self, name, global_cfg, cfg, test=False):
|
||||
super(EMailNotification, self).__init__(
|
||||
global_config, config, configtest)
|
||||
name, global_cfg, cfg, test)
|
||||
|
||||
# check if mandatory options are present in config
|
||||
for option in [
|
||||
"smtp_host",
|
||||
"smtp_port",
|
||||
"notification_email_envelope_from",
|
||||
"notification_email_from",
|
||||
"notification_email_subject",
|
||||
"notification_email_template",
|
||||
"notification_email_embedded_imgs"]:
|
||||
if option not in self.config.keys() and option in self.global_config.keys():
|
||||
self.config[option] = self.global_config[option]
|
||||
if option not in self.config.keys():
|
||||
raise RuntimeError(
|
||||
"mandatory option '{}' not present in config section '{}' or 'global'".format(
|
||||
option, self.quarantine_name))
|
||||
|
||||
# check if optional config options are present in config
|
||||
defaults = {
|
||||
"notification_email_replacement_img": "",
|
||||
"notification_email_strip_images": "false",
|
||||
"notification_email_parser_lib": "lxml"
|
||||
}
|
||||
for option in defaults.keys():
|
||||
if option not in config.keys() and \
|
||||
option in global_config.keys():
|
||||
config[option] = global_config[option]
|
||||
if option not in config.keys():
|
||||
config[option] = defaults[option]
|
||||
# check config
|
||||
for opt in [
|
||||
"notification_email_smtp_host",
|
||||
"notification_email_smtp_port",
|
||||
"notification_email_envelope_from",
|
||||
"notification_email_from",
|
||||
"notification_email_subject",
|
||||
"notification_email_template",
|
||||
"notification_email_embedded_imgs"] + list(defaults.keys()):
|
||||
if opt in cfg:
|
||||
continue
|
||||
if opt in global_cfg:
|
||||
cfg[opt] = global_cfg[opt]
|
||||
elif opt in defaults:
|
||||
cfg[opt] = defaults[opt]
|
||||
else:
|
||||
raise RuntimeError(
|
||||
f"mandatory option '{opt}' not present in config "
|
||||
f"section '{self.name}' or 'global'")
|
||||
|
||||
self.smtp_host = self.config["smtp_host"]
|
||||
self.smtp_port = self.config["smtp_port"]
|
||||
self.mailfrom = self.config["notification_email_envelope_from"]
|
||||
self.from_header = self.config["notification_email_from"]
|
||||
self.subject = self.config["notification_email_subject"]
|
||||
self.smtp_host = cfg["notification_email_smtp_host"]
|
||||
self.smtp_port = cfg["notification_email_smtp_port"]
|
||||
self.mailfrom = cfg["notification_email_envelope_from"]
|
||||
self.from_header = cfg["notification_email_from"]
|
||||
self.subject = cfg["notification_email_subject"]
|
||||
|
||||
testvars = defaultdict(str, test="TEST")
|
||||
|
||||
@@ -155,46 +151,48 @@ class EMailNotification(BaseNotification):
|
||||
self.from_header.format_map(testvars)
|
||||
except ValueError as e:
|
||||
raise RuntimeError(
|
||||
"error parsing notification_email_from: {}".format(e))
|
||||
f"error parsing notification_email_from: {e}")
|
||||
|
||||
# test-parse subject
|
||||
try:
|
||||
self.subject.format_map(testvars)
|
||||
except ValueError as e:
|
||||
raise RuntimeError(
|
||||
"error parsing notification_email_subject: {}".format(e))
|
||||
f"error parsing notification_email_subject: {e}")
|
||||
|
||||
# read and parse email notification template
|
||||
try:
|
||||
self.template = open(
|
||||
self.config["notification_email_template"], "r").read()
|
||||
cfg["notification_email_template"], "r").read()
|
||||
self.template.format_map(testvars)
|
||||
except IOError as e:
|
||||
raise RuntimeError("error reading template: {}".format(e))
|
||||
raise RuntimeError(f"error reading template: {e}")
|
||||
except ValueError as e:
|
||||
raise RuntimeError("error parsing template: {}".format(e))
|
||||
raise RuntimeError(f"error parsing template: {e}")
|
||||
|
||||
strip_images = self.config["notification_email_strip_images"].strip().upper()
|
||||
strip_images = cfg["notification_email_strip_images"].strip().upper()
|
||||
if strip_images in ["TRUE", "ON", "YES"]:
|
||||
self.strip_images = True
|
||||
elif strip_images in ["FALSE", "OFF", "NO"]:
|
||||
self.strip_images = False
|
||||
else:
|
||||
raise RuntimeError("error parsing notification_email_strip_images: unknown value")
|
||||
raise RuntimeError(
|
||||
"error parsing notification_email_strip_images: unknown value")
|
||||
|
||||
self.parser_lib = self.config["notification_email_parser_lib"].strip()
|
||||
self.parser_lib = cfg["notification_email_parser_lib"].strip()
|
||||
if self.parser_lib not in ["lxml", "html.parser"]:
|
||||
raise RuntimeError("error parsing notification_email_parser_lib: unknown value")
|
||||
raise RuntimeError(
|
||||
"error parsing notification_email_parser_lib: unknown value")
|
||||
|
||||
# read email replacement image if specified
|
||||
replacement_img = self.config["notification_email_replacement_img"].strip()
|
||||
replacement_img = cfg["notification_email_replacement_img"].strip()
|
||||
if not self.strip_images and replacement_img:
|
||||
try:
|
||||
self.replacement_img = MIMEImage(
|
||||
open(replacement_img, "rb").read())
|
||||
except IOError as e:
|
||||
raise RuntimeError(
|
||||
"error reading replacement image: {}".format(e))
|
||||
f"error reading replacement image: {e}")
|
||||
else:
|
||||
self.replacement_img.add_header(
|
||||
"Content-ID", "<removed_for_security_reasons>")
|
||||
@@ -203,78 +201,87 @@ class EMailNotification(BaseNotification):
|
||||
|
||||
# read images to embed if specified
|
||||
embedded_img_paths = [
|
||||
p.strip() for p in self.config["notification_email_embedded_imgs"].split(",") if p]
|
||||
p.strip() for p in cfg["notification_email_embedded_imgs"].split(
|
||||
",") if p]
|
||||
self.embedded_imgs = []
|
||||
for img_path in embedded_img_paths:
|
||||
# read image
|
||||
try:
|
||||
img = MIMEImage(open(img_path, "rb").read())
|
||||
except IOError as e:
|
||||
raise RuntimeError("error reading image: {}".format(e))
|
||||
raise RuntimeError(f"error reading image: {e}")
|
||||
else:
|
||||
img.add_header("Content-ID", "<{}>".format(basename(img_path)))
|
||||
filename = basename(img_path)
|
||||
img.add_header("Content-ID", f"<{filename}>")
|
||||
self.embedded_imgs.append(img)
|
||||
|
||||
def get_text(self, queueid, part):
|
||||
"Get the mail text in html form from email part."
|
||||
mimetype = part.get_content_type()
|
||||
def get_email_body_soup(self, qid, msg):
|
||||
"Extract and decode email body and return it as BeautifulSoup object."
|
||||
# try to find the body part
|
||||
self.logger.debug(f"{qid}: trying to find email body")
|
||||
try:
|
||||
body = msg.get_body(preferencelist=("html", "plain"))
|
||||
except Exception as e:
|
||||
self.logger.error(
|
||||
f"{qid}: an error occured in "
|
||||
f"email.message.EmailMessage.get_body: {e}")
|
||||
body = None
|
||||
|
||||
if body:
|
||||
charset = body.get_content_charset() or "utf-8"
|
||||
content = body.get_payload(decode=True)
|
||||
try:
|
||||
content = content.decode(encoding=charset, errors="replace")
|
||||
except LookupError:
|
||||
self.logger.info(
|
||||
f"{qid}: unknown encoding '{charset}', "
|
||||
f"falling back to UTF-8")
|
||||
content = content.decode("utf-8", errors="replace")
|
||||
content_type = body.get_content_type()
|
||||
if content_type == "text/plain":
|
||||
# convert text/plain to text/html
|
||||
self.logger.debug(
|
||||
"{}: extracting content of email text part".format(queueid))
|
||||
text = part.get_payload(decode=True)
|
||||
|
||||
if mimetype == EMailNotification._plain_text:
|
||||
self.logger.debug(
|
||||
"{}: content mimetype is {}, converting to {}".format(
|
||||
queueid, mimetype, self._html_text))
|
||||
text = re.sub(r"^(.*)$", r"\1<br/>",
|
||||
escape(text.decode()), flags=re.MULTILINE)
|
||||
f"{qid}: content type is {content_type}, "
|
||||
f"converting to text/html")
|
||||
content = re.sub(r"^(.*)$", r"\1<br/>",
|
||||
escape(content, quote=False),
|
||||
flags=re.MULTILINE)
|
||||
else:
|
||||
self.logger.debug(
|
||||
"{}: content mimetype is {}".format(
|
||||
queueid, mimetype))
|
||||
f"{qid}: content type is {content_type}")
|
||||
else:
|
||||
self.logger.error(
|
||||
f"{qid}: unable to find email body")
|
||||
content = "ERROR: unable to find email body"
|
||||
|
||||
# create BeautifulSoup object
|
||||
length = len(content)
|
||||
self.logger.debug(
|
||||
"{}: trying to create BeatufilSoup object with parser lib {}, "
|
||||
"text length is {} bytes".format(
|
||||
queueid, self.parser_lib, len(text)))
|
||||
soup = BeautifulSoup(text, self.parser_lib)
|
||||
f"{qid}: trying to create BeatufilSoup object with "
|
||||
f"parser lib {self.parser_lib}, "
|
||||
f"text length is {length} bytes")
|
||||
soup = BeautifulSoup(content, self.parser_lib)
|
||||
self.logger.debug(
|
||||
"{}: sucessfully created BeautifulSoup object".format(queueid))
|
||||
f"{qid}: sucessfully created BeautifulSoup object")
|
||||
|
||||
return soup
|
||||
|
||||
def get_text_multipart(self, queueid, msg, preferred=_html_text):
|
||||
"Get the mail text of a multipart email in html form."
|
||||
soup = None
|
||||
|
||||
for part in msg.get_payload():
|
||||
mimetype = part.get_content_type()
|
||||
if mimetype in [EMailNotification._plain_text,
|
||||
EMailNotification._html_text]:
|
||||
soup = self.get_text(queueid, part)
|
||||
elif mimetype.startswith("multipart"):
|
||||
soup = self.get_text_multipart(queueid, part, preferred)
|
||||
|
||||
if soup is not None and mimetype == preferred:
|
||||
break
|
||||
return soup
|
||||
|
||||
def sanitize(self, queueid, soup):
|
||||
def sanitize(self, qid, soup):
|
||||
"Sanitize mail html text."
|
||||
self.logger.debug("{}: sanitizing email text".format(queueid))
|
||||
self.logger.debug(f"{qid}: sanitizing email text")
|
||||
|
||||
# completly remove bad elements
|
||||
for element in soup(EMailNotification._bad_tags):
|
||||
self.logger.debug(
|
||||
"{}: removing dangerous tag '{}' and its content".format(
|
||||
queueid, element.name))
|
||||
f"{qid}: removing dangerous tag '{element.name}' "
|
||||
f"and its content")
|
||||
element.extract()
|
||||
|
||||
# remove not whitelisted elements, but keep their content
|
||||
for element in soup.find_all(True):
|
||||
if element.name not in EMailNotification._good_tags:
|
||||
self.logger.debug(
|
||||
"{}: removing tag '{}', keep its content".format(
|
||||
queueid, element.name))
|
||||
f"{qid}: removing tag '{element.name}', keep its content")
|
||||
element.replaceWithChildren()
|
||||
|
||||
# remove not whitelisted attributes
|
||||
@@ -283,45 +290,24 @@ class EMailNotification(BaseNotification):
|
||||
if attribute not in EMailNotification._good_attributes:
|
||||
if element.name == "a" and attribute == "href":
|
||||
self.logger.debug(
|
||||
"{}: setting attribute href to '#' on tag '{}'".format(
|
||||
queueid, element.name))
|
||||
f"{qid}: setting attribute href to '#' "
|
||||
f"on tag '{element.name}'")
|
||||
element["href"] = "#"
|
||||
else:
|
||||
self.logger.debug(
|
||||
"{}: removing attribute '{}' from tag '{}'".format(
|
||||
queueid, attribute, element.name))
|
||||
f"{qid}: removing attribute '{attribute}' "
|
||||
f"from tag '{element.name}'")
|
||||
del(element.attrs[attribute])
|
||||
return soup
|
||||
|
||||
def get_html_text_part(self, queueid, msg):
|
||||
"Get the mail text of an email in html form."
|
||||
soup = None
|
||||
mimetype = msg.get_content_type()
|
||||
|
||||
self.logger.debug(
|
||||
"{}: trying to find text part of email".format(queueid))
|
||||
if mimetype in [EMailNotification._plain_text,
|
||||
EMailNotification._html_text]:
|
||||
soup = self.get_text(queueid, msg)
|
||||
elif mimetype.startswith("multipart"):
|
||||
soup = self.get_text_multipart(queueid, msg)
|
||||
|
||||
if soup is None:
|
||||
self.logger.error(
|
||||
"{}: unable to extract text part of email".format(queueid))
|
||||
text = "ERROR: unable to extract text from email body"
|
||||
soup = BeautifulSoup(text, "lxml", "UTF-8")
|
||||
|
||||
return soup
|
||||
|
||||
def notify(self, queueid, quarantine_id, mailfrom, recipients, headers, fp,
|
||||
def notify(self, qid, storage_id, mailfrom, recipients, headers, fp,
|
||||
subgroups=None, named_subgroups=None, synchronous=False):
|
||||
"Notify recipients via email."
|
||||
super(
|
||||
EMailNotification,
|
||||
self).notify(
|
||||
queueid,
|
||||
quarantine_id,
|
||||
qid,
|
||||
storage_id,
|
||||
mailfrom,
|
||||
recipients,
|
||||
headers,
|
||||
@@ -330,61 +316,62 @@ class EMailNotification(BaseNotification):
|
||||
named_subgroups,
|
||||
synchronous)
|
||||
|
||||
# extract html text from email
|
||||
self.logger.debug(
|
||||
"{}: extraction email text from original email".format(queueid))
|
||||
soup = self.get_html_text_part(
|
||||
queueid, email.message_from_binary_file(fp))
|
||||
# extract body from email
|
||||
soup = self.get_email_body_soup(
|
||||
qid, email.message_from_binary_file(fp, policy=default_policy))
|
||||
|
||||
# replace picture sources
|
||||
image_replaced = False
|
||||
if self.strip_images:
|
||||
self.logger.debug(
|
||||
"{}: looking for images to strip".format(queueid))
|
||||
f"{qid}: looking for images to strip")
|
||||
for element in soup("img"):
|
||||
if "src" in element.attrs.keys():
|
||||
self.logger.debug(
|
||||
"{}: strip image: {}".format(
|
||||
queueid, element["src"]))
|
||||
f"{qid}: strip image: {element['src']}")
|
||||
element.extract()
|
||||
elif self.replacement_img:
|
||||
self.logger.debug(
|
||||
"{}: looking for images to replace".format(queueid))
|
||||
f"{qid}: looking for images to replace")
|
||||
for element in soup("img"):
|
||||
if "src" in element.attrs.keys():
|
||||
self.logger.debug(
|
||||
"{}: replacing image: {}".format(
|
||||
queueid, element["src"]))
|
||||
f"{qid}: replacing image: {element['src']}")
|
||||
element["src"] = "cid:removed_for_security_reasons"
|
||||
image_replaced = True
|
||||
|
||||
# sanitizing email text of original email
|
||||
sanitized_text = self.sanitize(queueid, soup)
|
||||
sanitized_text = self.sanitize(qid, soup)
|
||||
del soup
|
||||
|
||||
# sending email notifications
|
||||
for recipient in recipients:
|
||||
self.logger.debug(
|
||||
"{}: generating notification email for '{}'".format(
|
||||
queueid, recipient))
|
||||
self.logger.debug("{}: parsing email template".format(queueid))
|
||||
f"{qid}: generating notification email for '{recipient}'")
|
||||
self.logger.debug(f"{qid}: parsing email template")
|
||||
|
||||
# generate dict containing all template variables
|
||||
variables = defaultdict(str,
|
||||
variables = defaultdict(
|
||||
str,
|
||||
EMAIL_HTML_TEXT=sanitized_text,
|
||||
EMAIL_FROM=escape(headers["from"]),
|
||||
EMAIL_ENVELOPE_FROM=escape(mailfrom),
|
||||
EMAIL_TO=escape(recipient),
|
||||
EMAIL_SUBJECT=escape(headers["subject"]),
|
||||
EMAIL_QUARANTINE_ID=quarantine_id)
|
||||
EMAIL_FROM=escape(headers["from"], quote=False),
|
||||
EMAIL_ENVELOPE_FROM=escape(mailfrom, quote=False),
|
||||
EMAIL_ENVELOPE_FROM_URL=escape(quote(mailfrom),
|
||||
quote=False),
|
||||
EMAIL_TO=escape(headers["to"], quote=False),
|
||||
EMAIL_ENVELOPE_TO=escape(recipient, quote=False),
|
||||
EMAIL_ENVELOPE_TO_URL=escape(quote(recipient)),
|
||||
EMAIL_SUBJECT=escape(headers["subject"], quote=False),
|
||||
EMAIL_QUARANTINE_ID=storage_id)
|
||||
|
||||
if subgroups:
|
||||
number = 0
|
||||
for subgroup in subgroups:
|
||||
variables["SUBGROUP_{}".format(number)] = escape(subgroup)
|
||||
variables[f"SUBGROUP_{number}"] = escape(subgroup,
|
||||
quote=False)
|
||||
if named_subgroups:
|
||||
for key, value in named_subgroups.items():
|
||||
named_subgroups[key] = escape(value)
|
||||
named_subgroups[key] = escape(value, quote=False)
|
||||
variables.update(named_subgroups)
|
||||
|
||||
# parse template
|
||||
@@ -401,26 +388,24 @@ class EMailNotification(BaseNotification):
|
||||
|
||||
if image_replaced:
|
||||
self.logger.debug(
|
||||
"{}: attaching notification_replacement_img".format(queueid))
|
||||
f"{qid}: attaching notification_replacement_img")
|
||||
msg.attach(self.replacement_img)
|
||||
|
||||
for img in self.embedded_imgs:
|
||||
self.logger.debug("{}: attaching imgage".format(queueid))
|
||||
self.logger.debug(f"{qid}: attaching imgage")
|
||||
msg.attach(img)
|
||||
|
||||
self.logger.debug(
|
||||
"{}: sending notification email to: {}".format(
|
||||
queueid, recipient))
|
||||
f"{qid}: sending notification email to: {recipient}")
|
||||
if synchronous:
|
||||
try:
|
||||
mailer.smtp_send(self.smtp_host, self.smtp_port,
|
||||
self.mailfrom, recipient, msg.as_string())
|
||||
except Exception as e:
|
||||
raise RuntimeError(
|
||||
"error while sending email to '{}': {}".format(
|
||||
recipient, e))
|
||||
f"error while sending email to '{recipient}': {e}")
|
||||
else:
|
||||
mailer.sendmail(self.smtp_host, self.smtp_port, queueid,
|
||||
mailer.sendmail(self.smtp_host, self.smtp_port, qid,
|
||||
self.mailfrom, recipient, msg.as_string(),
|
||||
"notification email")
|
||||
|
||||
|
||||
@@ -1,309 +0,0 @@
|
||||
# PyQuarantine-Milter is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# PyQuarantine-Milter is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with PyQuarantineMilter. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
|
||||
from calendar import timegm
|
||||
from datetime import datetime
|
||||
from glob import glob
|
||||
from shutil import copyfileobj
|
||||
from time import gmtime
|
||||
|
||||
from pyquarantine import mailer
|
||||
|
||||
|
||||
class BaseQuarantine(object):
|
||||
"Quarantine base class"
|
||||
|
||||
def __init__(self, global_config, config, configtest=False):
|
||||
self.name = config["name"]
|
||||
self.global_config = global_config
|
||||
self.config = config
|
||||
self.logger = logging.getLogger(__name__)
|
||||
|
||||
def add(self, queueid, mailfrom, recipients, headers,
|
||||
fp, subgroups=None, named_subgroups=None):
|
||||
"Add email to quarantine."
|
||||
fp.seek(0)
|
||||
return ""
|
||||
|
||||
def find(self, mailfrom=None, recipients=None, older_than=None):
|
||||
"Find emails in quarantine."
|
||||
return
|
||||
|
||||
def get_metadata(self, quarantine_id):
|
||||
"Return metadata of quarantined email."
|
||||
return
|
||||
|
||||
def delete(self, quarantine_id, recipient=None):
|
||||
"Delete email from quarantine."
|
||||
return
|
||||
|
||||
def notify(self, quarantine_id, recipient=None):
|
||||
"Notify recipient about email in quarantine."
|
||||
if not self.config["notification_obj"]:
|
||||
raise RuntimeError(
|
||||
"notification type is set to None, unable to send notifications")
|
||||
return
|
||||
|
||||
def release(self, quarantine_id, recipient=None):
|
||||
"Release email from quarantine."
|
||||
return
|
||||
|
||||
|
||||
class FileQuarantine(BaseQuarantine):
|
||||
"Quarantine class to store mails on filesystem."
|
||||
|
||||
def __init__(self, global_config, config, configtest=False):
|
||||
super(FileQuarantine, self).__init__(global_config, config, configtest)
|
||||
|
||||
# check if mandatory options are present in config
|
||||
for option in ["quarantine_directory"]:
|
||||
if option not in self.config.keys() and option in self.global_config.keys():
|
||||
self.config[option] = self.global_config[option]
|
||||
if option not in self.config.keys():
|
||||
raise RuntimeError(
|
||||
"mandatory option '{}' not present in config section '{}' or 'global'".format(
|
||||
option, self.name))
|
||||
self.directory = self.config["quarantine_directory"]
|
||||
|
||||
# check if quarantine directory exists and is writable
|
||||
if not os.path.isdir(self.directory) or not os.access(
|
||||
self.directory, os.W_OK):
|
||||
raise RuntimeError(
|
||||
"file quarantine directory '{}' does not exist or is not writable".format(
|
||||
self.directory))
|
||||
self._metadata_suffix = ".metadata"
|
||||
|
||||
def _save_datafile(self, quarantine_id, fp):
|
||||
datafile = os.path.join(self.directory, quarantine_id)
|
||||
try:
|
||||
with open(datafile, "wb") as f:
|
||||
copyfileobj(fp, f)
|
||||
except IOError as e:
|
||||
raise RuntimeError("unable save data file: {}".format(e))
|
||||
|
||||
def _save_metafile(self, quarantine_id, metadata):
|
||||
metafile = os.path.join(
|
||||
self.directory, "{}{}".format(
|
||||
quarantine_id, self._metadata_suffix))
|
||||
try:
|
||||
with open(metafile, "w") as f:
|
||||
json.dump(metadata, f, indent=2)
|
||||
except IOError as e:
|
||||
raise RuntimeError("unable to save metadata file: {}".format(e))
|
||||
|
||||
def _remove(self, quarantine_id):
|
||||
datafile = os.path.join(self.directory, quarantine_id)
|
||||
metafile = "{}{}".format(datafile, self._metadata_suffix)
|
||||
|
||||
try:
|
||||
os.remove(metafile)
|
||||
except IOError as e:
|
||||
raise RuntimeError("unable to remove metadata file: {}".format(e))
|
||||
|
||||
try:
|
||||
os.remove(datafile)
|
||||
except IOError as e:
|
||||
raise RuntimeError("unable to remove data file: {}".format(e))
|
||||
|
||||
def add(self, queueid, mailfrom, recipients, headers,
|
||||
fp, subgroups=None, named_subgroups=None):
|
||||
"Add email to file quarantine and return quarantine-id."
|
||||
super(
|
||||
FileQuarantine,
|
||||
self).add(
|
||||
queueid,
|
||||
mailfrom,
|
||||
recipients,
|
||||
headers,
|
||||
fp,
|
||||
subgroups,
|
||||
named_subgroups)
|
||||
quarantine_id = "{}_{}".format(
|
||||
datetime.now().strftime("%Y%m%d%H%M%S"), queueid)
|
||||
|
||||
# save mail
|
||||
self._save_datafile(quarantine_id, fp)
|
||||
|
||||
# save metadata
|
||||
metadata = {
|
||||
"mailfrom": mailfrom,
|
||||
"recipients": recipients,
|
||||
"headers": headers,
|
||||
"date": timegm(gmtime()),
|
||||
"queue_id": queueid,
|
||||
"subgroups": subgroups,
|
||||
"named_subgroups": named_subgroups
|
||||
}
|
||||
try:
|
||||
self._save_metafile(quarantine_id, metadata)
|
||||
except RuntimeError as e:
|
||||
datafile = os.path.join(self.directory, quarantine_id)
|
||||
os.remove(datafile)
|
||||
raise e
|
||||
|
||||
return quarantine_id
|
||||
|
||||
def get_metadata(self, quarantine_id):
|
||||
"Return metadata of quarantined email."
|
||||
super(FileQuarantine, self).get_metadata(quarantine_id)
|
||||
|
||||
metafile = os.path.join(
|
||||
self.directory, "{}{}".format(
|
||||
quarantine_id, self._metadata_suffix))
|
||||
if not os.path.isfile(metafile):
|
||||
raise RuntimeError(
|
||||
"invalid quarantine id '{}'".format(quarantine_id))
|
||||
|
||||
try:
|
||||
with open(metafile, "r") as f:
|
||||
metadata = json.load(f)
|
||||
except IOError as e:
|
||||
raise RuntimeError("unable to read metadata file: {}".format(e))
|
||||
except json.JSONDecodeError as e:
|
||||
raise RuntimeError(
|
||||
"invalid meta file '{}': {}".format(
|
||||
metafile, e))
|
||||
|
||||
return metadata
|
||||
|
||||
def find(self, mailfrom=None, recipients=None, older_than=None):
|
||||
"Find emails in quarantine."
|
||||
super(FileQuarantine, self).find(mailfrom, recipients, older_than)
|
||||
if isinstance(mailfrom, str):
|
||||
mailfrom = [mailfrom]
|
||||
if isinstance(recipients, str):
|
||||
recipients = [recipients]
|
||||
|
||||
emails = {}
|
||||
metafiles = glob(os.path.join(
|
||||
self.directory, "*{}".format(self._metadata_suffix)))
|
||||
for metafile in metafiles:
|
||||
if not os.path.isfile(metafile):
|
||||
continue
|
||||
|
||||
quarantine_id = os.path.basename(
|
||||
metafile[:-len(self._metadata_suffix)])
|
||||
metadata = self.get_metadata(quarantine_id)
|
||||
if older_than is not None:
|
||||
if timegm(gmtime()) - metadata["date"] < (older_than * 86400):
|
||||
continue
|
||||
|
||||
if mailfrom is not None:
|
||||
if metadata["mailfrom"] not in mailfrom:
|
||||
continue
|
||||
|
||||
if recipients is not None:
|
||||
if len(recipients) == 1 and \
|
||||
recipients[0] not in metadata["recipients"]:
|
||||
continue
|
||||
elif len(set(recipients + metadata["recipients"])) == len(recipients + metadata["recipients"]):
|
||||
continue
|
||||
|
||||
emails[quarantine_id] = metadata
|
||||
|
||||
return emails
|
||||
|
||||
def delete(self, quarantine_id, recipient=None):
|
||||
"Delete email in quarantine."
|
||||
super(FileQuarantine, self).delete(quarantine_id, recipient)
|
||||
|
||||
try:
|
||||
metadata = self.get_metadata(quarantine_id)
|
||||
except RuntimeError as e:
|
||||
raise RuntimeError("unable to delete email: {}".format(e))
|
||||
|
||||
if recipient is None:
|
||||
self._remove(quarantine_id)
|
||||
else:
|
||||
if recipient not in metadata["recipients"]:
|
||||
raise RuntimeError("invalid recipient '{}'".format(recipient))
|
||||
|
||||
metadata["recipients"].remove(recipient)
|
||||
if not metadata["recipients"]:
|
||||
self._remove(quarantine_id)
|
||||
else:
|
||||
self._save_metafile(quarantine_id, metadata)
|
||||
|
||||
def notify(self, quarantine_id, recipient=None):
|
||||
"Notify recipient about email in quarantine."
|
||||
super(FileQuarantine, self).notify(quarantine_id, recipient)
|
||||
|
||||
try:
|
||||
metadata = self.get_metadata(quarantine_id)
|
||||
except RuntimeError as e:
|
||||
raise RuntimeError("unable to release email: {}".format(e))
|
||||
|
||||
if recipient is not None:
|
||||
if recipient not in metadata["recipients"]:
|
||||
raise RuntimeError("invalid recipient '{}'".format(recipient))
|
||||
recipients = [recipient]
|
||||
else:
|
||||
recipients = metadata["recipients"]
|
||||
|
||||
datafile = os.path.join(self.directory, quarantine_id)
|
||||
try:
|
||||
with open(datafile, "rb") as fp:
|
||||
self.config["notification_obj"].notify(
|
||||
metadata["queue_id"], quarantine_id, metadata["mailfrom"],
|
||||
recipients, metadata["headers"], fp,
|
||||
metadata["subgroups"], metadata["named_subgroups"],
|
||||
synchronous=True)
|
||||
except IOError as e:
|
||||
raise RuntimeError
|
||||
|
||||
def release(self, quarantine_id, recipient=None):
|
||||
"Release email from quarantine."
|
||||
super(FileQuarantine, self).release(quarantine_id, recipient)
|
||||
|
||||
try:
|
||||
metadata = self.get_metadata(quarantine_id)
|
||||
except RuntimeError as e:
|
||||
raise RuntimeError("unable to release email: {}".format(e))
|
||||
|
||||
if recipient is not None:
|
||||
if recipient not in metadata["recipients"]:
|
||||
raise RuntimeError("invalid recipient '{}'".format(recipient))
|
||||
recipients = [recipient]
|
||||
else:
|
||||
recipients = metadata["recipients"]
|
||||
|
||||
datafile = os.path.join(self.directory, quarantine_id)
|
||||
try:
|
||||
with open(datafile, "rb") as f:
|
||||
mail = f.read()
|
||||
except IOError as e:
|
||||
raise RuntimeError("unable to read data file: {}".format(e))
|
||||
|
||||
for recipient in recipients:
|
||||
try:
|
||||
mailer.smtp_send(
|
||||
self.config["smtp_host"],
|
||||
self.config["smtp_port"],
|
||||
metadata["mailfrom"],
|
||||
recipient,
|
||||
mail)
|
||||
except Exception as e:
|
||||
raise RuntimeError(
|
||||
"error while sending email to '{}': {}".format(
|
||||
recipient, e))
|
||||
|
||||
self.delete(quarantine_id, recipient)
|
||||
|
||||
|
||||
# list of quarantine types and their related quarantine classes
|
||||
TYPES = {"file": FileQuarantine}
|
||||
@@ -22,7 +22,8 @@ import sys
|
||||
|
||||
import pyquarantine
|
||||
|
||||
from pyquarantine.version import __version__ as version
|
||||
from pyquarantine import __version__ as version
|
||||
|
||||
|
||||
def main():
|
||||
"Run PyQuarantine-Milter."
|
||||
@@ -35,11 +36,11 @@ def main():
|
||||
"-c", "--config",
|
||||
help="List of config files to read.",
|
||||
nargs="+",
|
||||
default=pyquarantine.QuarantineMilter.get_configfiles())
|
||||
default=pyquarantine.QuarantineMilter.get_cfg_files())
|
||||
parser.add_argument(
|
||||
"-s", "--socket",
|
||||
help="Socket used to communicate with the MTA.",
|
||||
required=True)
|
||||
default="inet:8899@127.0.0.1")
|
||||
parser.add_argument(
|
||||
"-d", "--debug",
|
||||
help="Log debugging messages.",
|
||||
@@ -52,7 +53,7 @@ def main():
|
||||
"-v", "--version",
|
||||
help="Print version.",
|
||||
action="version",
|
||||
version="%(prog)s ({})".format(version))
|
||||
version=f"%(prog)s ({version})")
|
||||
args = parser.parse_args()
|
||||
|
||||
# setup logging
|
||||
@@ -61,24 +62,24 @@ def main():
|
||||
syslog_name = logname
|
||||
if args.debug:
|
||||
loglevel = logging.DEBUG
|
||||
logname = "{}[%(name)s]".format(logname)
|
||||
syslog_name = "{}: [%(name)s] %(levelname)s".format(syslog_name)
|
||||
logname = f"{logname}[%(name)s]"
|
||||
syslog_name = f"{syslog_name}: [%(name)s] %(levelname)s"
|
||||
|
||||
# set config files for milter class
|
||||
pyquarantine.QuarantineMilter.set_configfiles(args.config)
|
||||
pyquarantine.QuarantineMilter.set_cfg_files(args.config)
|
||||
root_logger = logging.getLogger()
|
||||
root_logger.setLevel(loglevel)
|
||||
|
||||
# setup console log
|
||||
stdouthandler = logging.StreamHandler(sys.stdout)
|
||||
stdouthandler.setLevel(logging.DEBUG)
|
||||
formatter = logging.Formatter("%(message)s".format(logname))
|
||||
formatter = logging.Formatter("%(message)s")
|
||||
stdouthandler.setFormatter(formatter)
|
||||
root_logger.addHandler(stdouthandler)
|
||||
logger = logging.getLogger(__name__)
|
||||
if args.test:
|
||||
try:
|
||||
pyquarantine.generate_milter_config(args.test)
|
||||
pyquarantine.setup_milter(test=args.test)
|
||||
print("Configuration ok")
|
||||
except RuntimeError as e:
|
||||
logger.error(e)
|
||||
@@ -86,7 +87,7 @@ def main():
|
||||
else:
|
||||
sys.exit(0)
|
||||
formatter = logging.Formatter(
|
||||
"%(asctime)s {}: [%(levelname)s] %(message)s".format(logname),
|
||||
f"%(asctime)s {logname}: [%(levelname)s] %(message)s",
|
||||
datefmt="%Y-%m-%d %H:%M:%S")
|
||||
stdouthandler.setFormatter(formatter)
|
||||
|
||||
@@ -94,25 +95,21 @@ def main():
|
||||
sysloghandler = logging.handlers.SysLogHandler(
|
||||
address="/dev/log", facility=logging.handlers.SysLogHandler.LOG_MAIL)
|
||||
sysloghandler.setLevel(loglevel)
|
||||
formatter = logging.Formatter("{}: %(message)s".format(syslog_name))
|
||||
formatter = logging.Formatter(f"{syslog_name}: %(message)s")
|
||||
sysloghandler.setFormatter(formatter)
|
||||
root_logger.addHandler(sysloghandler)
|
||||
|
||||
logger.info("PyQuarantine-Milter starting")
|
||||
try:
|
||||
# generate milter config
|
||||
global_config, config = pyquarantine.generate_milter_config()
|
||||
pyquarantine.setup_milter()
|
||||
except RuntimeError as e:
|
||||
logger.error(e)
|
||||
sys.exit(255)
|
||||
|
||||
pyquarantine.QuarantineMilter.global_config = global_config
|
||||
pyquarantine.QuarantineMilter.config = config
|
||||
|
||||
# register to have the Milter factory create instances of your class:
|
||||
Milter.factory = pyquarantine.QuarantineMilter
|
||||
Milter.set_exception_policy(Milter.TEMPFAIL)
|
||||
# Milter.set_flags(0) # tell sendmail which features we use
|
||||
|
||||
# run milter
|
||||
rc = 0
|
||||
@@ -122,6 +119,7 @@ def main():
|
||||
except Milter.milter.error as e:
|
||||
logger.error(e)
|
||||
rc = 255
|
||||
|
||||
pyquarantine.mailer.queue.put(None)
|
||||
logger.info("PyQuarantine-Milter terminated")
|
||||
sys.exit(rc)
|
||||
|
||||
252
pyquarantine/storages.py
Normal file
252
pyquarantine/storages.py
Normal file
@@ -0,0 +1,252 @@
|
||||
# PyQuarantine-Milter is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# PyQuarantine-Milter is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with PyQuarantineMilter. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
|
||||
from calendar import timegm
|
||||
from datetime import datetime
|
||||
from glob import glob
|
||||
from shutil import copyfileobj
|
||||
from time import gmtime
|
||||
|
||||
|
||||
class BaseMailStorage(object):
|
||||
"Mail storage base class"
|
||||
storage_type = "base"
|
||||
|
||||
def __init__(self, name, global_cfg, cfg, test=False):
|
||||
self.name = name
|
||||
self.logger = logging.getLogger(__name__)
|
||||
|
||||
def add(self, qid, mailfrom, recipients, headers,
|
||||
fp, subgroups=None, named_subgroups=None):
|
||||
"Add email to storage."
|
||||
fp.seek(0)
|
||||
return ""
|
||||
|
||||
def find(self, mailfrom=None, recipients=None, older_than=None):
|
||||
"Find emails in storage."
|
||||
return
|
||||
|
||||
def get_metadata(self, storage_id):
|
||||
"Return metadata of email in storage."
|
||||
return
|
||||
|
||||
def delete(self, storage_id, recipients=None):
|
||||
"Delete email from storage."
|
||||
return
|
||||
|
||||
def get_mail(self, storage_id):
|
||||
"Return a file pointer to the email and metadata."
|
||||
return
|
||||
|
||||
|
||||
class FileMailStorage(BaseMailStorage):
|
||||
"Storage class to store mails on filesystem."
|
||||
storage_type = "file"
|
||||
|
||||
def __init__(self, name, global_cfg, cfg, test=False):
|
||||
super(FileMailStorage, self).__init__(name, global_cfg, cfg, test)
|
||||
|
||||
defaults = {}
|
||||
# check config
|
||||
|
||||
for opt in ["storage_directory"] + list(defaults.keys()):
|
||||
if opt in cfg:
|
||||
continue
|
||||
if opt in global_cfg:
|
||||
cfg[opt] = global_cfg[opt]
|
||||
elif opt in defaults:
|
||||
cfg[opt] = defaults[opt]
|
||||
else:
|
||||
raise RuntimeError(
|
||||
f"mandatory option '{opt}' not present in config "
|
||||
f"section '{self.name}' or 'global'")
|
||||
self.directory = cfg["storage_directory"]
|
||||
|
||||
# check if quarantine directory exists and is writable
|
||||
if not os.path.isdir(self.directory) or not os.access(
|
||||
self.directory, os.W_OK):
|
||||
raise RuntimeError(
|
||||
f"file quarantine directory '{self.directory}' does "
|
||||
f"not exist or is not writable")
|
||||
self._metadata_suffix = ".metadata"
|
||||
|
||||
def _save_datafile(self, storage_id, fp):
|
||||
datafile = os.path.join(self.directory, storage_id)
|
||||
try:
|
||||
with open(datafile, "wb") as f:
|
||||
copyfileobj(fp, f)
|
||||
except IOError as e:
|
||||
raise RuntimeError(f"unable save data file: {e}")
|
||||
|
||||
def _save_metafile(self, storage_id, metadata):
|
||||
metafile = os.path.join(
|
||||
self.directory, f"{storage_id}{self._metadata_suffix}")
|
||||
try:
|
||||
with open(metafile, "w") as f:
|
||||
json.dump(metadata, f, indent=2)
|
||||
except IOError as e:
|
||||
raise RuntimeError(f"unable to save metadata file: {e}")
|
||||
|
||||
def _remove(self, storage_id):
|
||||
datafile = os.path.join(self.directory, storage_id)
|
||||
metafile = f"{datafile}{self._metadata_suffix}"
|
||||
|
||||
try:
|
||||
os.remove(metafile)
|
||||
except IOError as e:
|
||||
raise RuntimeError(f"unable to remove metadata file: {e}")
|
||||
|
||||
try:
|
||||
os.remove(datafile)
|
||||
except IOError as e:
|
||||
raise RuntimeError(f"unable to remove data file: {e}")
|
||||
|
||||
def add(self, qid, mailfrom, recipients, headers,
|
||||
fp, subgroups=None, named_subgroups=None):
|
||||
"Add email to file storage and return storage id."
|
||||
super(
|
||||
FileMailStorage,
|
||||
self).add(
|
||||
qid,
|
||||
mailfrom,
|
||||
recipients,
|
||||
headers,
|
||||
fp,
|
||||
subgroups,
|
||||
named_subgroups)
|
||||
timestamp = datetime.now().strftime("%Y%m%d%H%M%S")
|
||||
storage_id = f"{timestamp}_{qid}"
|
||||
|
||||
# save mail
|
||||
self._save_datafile(storage_id, fp)
|
||||
|
||||
# save metadata
|
||||
metadata = {
|
||||
"mailfrom": mailfrom,
|
||||
"recipients": recipients,
|
||||
"headers": headers,
|
||||
"date": timegm(gmtime()),
|
||||
"queue_id": qid,
|
||||
"subgroups": subgroups,
|
||||
"named_subgroups": named_subgroups
|
||||
}
|
||||
try:
|
||||
self._save_metafile(storage_id, metadata)
|
||||
except RuntimeError as e:
|
||||
datafile = os.path.join(self.directory, storage_id)
|
||||
os.remove(datafile)
|
||||
raise e
|
||||
|
||||
return storage_id
|
||||
|
||||
def get_metadata(self, storage_id):
|
||||
"Return metadata of email in storage."
|
||||
super(FileMailStorage, self).get_metadata(storage_id)
|
||||
|
||||
metafile = os.path.join(
|
||||
self.directory, f"{storage_id}{self._metadata_suffix}")
|
||||
if not os.path.isfile(metafile):
|
||||
raise RuntimeError(
|
||||
f"invalid storage id '{storage_id}'")
|
||||
|
||||
try:
|
||||
with open(metafile, "r") as f:
|
||||
metadata = json.load(f)
|
||||
except IOError as e:
|
||||
raise RuntimeError(f"unable to read metadata file: {e}")
|
||||
except json.JSONDecodeError as e:
|
||||
raise RuntimeError(
|
||||
f"invalid metafile '{metafile}': {e}")
|
||||
|
||||
return metadata
|
||||
|
||||
def find(self, mailfrom=None, recipients=None, older_than=None):
|
||||
"Find emails in storage."
|
||||
super(FileMailStorage, self).find(mailfrom, recipients, older_than)
|
||||
if isinstance(mailfrom, str):
|
||||
mailfrom = [mailfrom]
|
||||
if isinstance(recipients, str):
|
||||
recipients = [recipients]
|
||||
|
||||
emails = {}
|
||||
metafiles = glob(os.path.join(
|
||||
self.directory, f"*{self._metadata_suffix}"))
|
||||
for metafile in metafiles:
|
||||
if not os.path.isfile(metafile):
|
||||
continue
|
||||
|
||||
storage_id = os.path.basename(
|
||||
metafile[:-len(self._metadata_suffix)])
|
||||
metadata = self.get_metadata(storage_id)
|
||||
if older_than is not None:
|
||||
if timegm(gmtime()) - metadata["date"] < (older_than * 86400):
|
||||
continue
|
||||
|
||||
if mailfrom is not None:
|
||||
if metadata["mailfrom"] not in mailfrom:
|
||||
continue
|
||||
|
||||
if recipients is not None:
|
||||
if len(recipients) == 1 and \
|
||||
recipients[0] not in metadata["recipients"]:
|
||||
continue
|
||||
elif len(set(recipients + metadata["recipients"])) == \
|
||||
len(recipients + metadata["recipients"]):
|
||||
continue
|
||||
|
||||
emails[storage_id] = metadata
|
||||
|
||||
return emails
|
||||
|
||||
def delete(self, storage_id, recipients=None):
|
||||
"Delete email from storage."
|
||||
super(FileMailStorage, self).delete(storage_id, recipients)
|
||||
|
||||
try:
|
||||
metadata = self.get_metadata(storage_id)
|
||||
except RuntimeError as e:
|
||||
raise RuntimeError(f"unable to delete email: {e}")
|
||||
|
||||
if not recipients:
|
||||
self._remove(storage_id)
|
||||
else:
|
||||
if type(recipients) == str:
|
||||
recipients = [recipients]
|
||||
for recipient in recipients:
|
||||
if recipient not in metadata["recipients"]:
|
||||
raise RuntimeError(f"invalid recipient '{recipient}'")
|
||||
metadata["recipients"].remove(recipient)
|
||||
if not metadata["recipients"]:
|
||||
self._remove(storage_id)
|
||||
else:
|
||||
self._save_metafile(storage_id, metadata)
|
||||
|
||||
def get_mail(self, storage_id):
|
||||
super(FileMailStorage, self).get_mail(storage_id)
|
||||
|
||||
metadata = self.get_metadata(storage_id)
|
||||
datafile = os.path.join(self.directory, storage_id)
|
||||
try:
|
||||
fp = open(datafile, "rb")
|
||||
except IOError as e:
|
||||
raise RuntimeError(f"unable to open email data file: {e}")
|
||||
return (fp, metadata)
|
||||
|
||||
|
||||
# list of storage types and their related storage classes
|
||||
TYPES = {"file": FileMailStorage}
|
||||
@@ -1 +0,0 @@
|
||||
__version__ = "0.0.2"
|
||||
@@ -15,7 +15,6 @@
|
||||
import logging
|
||||
import peewee
|
||||
import re
|
||||
import sys
|
||||
|
||||
from datetime import datetime
|
||||
from playhouse.db_url import connect
|
||||
@@ -24,14 +23,14 @@ from playhouse.db_url import connect
|
||||
class WhitelistBase(object):
|
||||
"Whitelist base class"
|
||||
|
||||
def __init__(self, global_config, config, configtest=False):
|
||||
self.global_config = global_config
|
||||
self.config = config
|
||||
self.configtest = configtest
|
||||
self.name = config["name"]
|
||||
whitelist_type = "base"
|
||||
|
||||
def __init__(self, name, global_cfg, cfg, test=False):
|
||||
self.name = name
|
||||
self.test = test
|
||||
self.logger = logging.getLogger(__name__)
|
||||
self.valid_entry_regex = re.compile(
|
||||
r"^[a-zA-Z0-9_.+-]*?(@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+)?$")
|
||||
r"^[a-zA-Z0-9_.=+-]*?(@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+)?$")
|
||||
|
||||
def check(self, mailfrom, recipient):
|
||||
"Check if mailfrom/recipient combination is whitelisted."
|
||||
@@ -73,44 +72,52 @@ class Meta(object):
|
||||
|
||||
class DatabaseWhitelist(WhitelistBase):
|
||||
"Whitelist class to store whitelist in a database"
|
||||
whitelist_type = "db"
|
||||
_db_connections = {}
|
||||
_db_tables = {}
|
||||
|
||||
def __init__(self, global_config, config, configtest=False):
|
||||
def __init__(self, name, global_cfg, cfg, test=False):
|
||||
super(
|
||||
DatabaseWhitelist,
|
||||
self).__init__(
|
||||
global_config,
|
||||
config,
|
||||
configtest)
|
||||
global_cfg,
|
||||
cfg,
|
||||
test)
|
||||
|
||||
# check if mandatory options are present in config
|
||||
for option in ["whitelist_db_connection", "whitelist_db_table"]:
|
||||
if option not in self.config.keys() and option in self.global_config.keys():
|
||||
self.config[option] = self.global_config[option]
|
||||
if option not in self.config.keys():
|
||||
defaults = {}
|
||||
|
||||
# check config
|
||||
for opt in ["whitelist_db_connection",
|
||||
"whitelist_db_table"] + list(defaults.keys()):
|
||||
if opt in cfg:
|
||||
continue
|
||||
if opt in global_cfg:
|
||||
cfg[opt] = global_cfg[opt]
|
||||
elif opt in defaults:
|
||||
cfg[opt] = defaults[opt]
|
||||
else:
|
||||
raise RuntimeError(
|
||||
"mandatory option '{}' not present in config section '{}' or 'global'".format(
|
||||
option, self.name))
|
||||
f"mandatory option '{opt}' not present in config "
|
||||
f"section '{self.name}' or 'global'")
|
||||
|
||||
tablename = self.config["whitelist_db_table"]
|
||||
connection_string = self.config["whitelist_db_connection"]
|
||||
tablename = cfg["whitelist_db_table"]
|
||||
connection_string = cfg["whitelist_db_connection"]
|
||||
|
||||
if connection_string in DatabaseWhitelist._db_connections.keys():
|
||||
db = DatabaseWhitelist._db_connections[connection_string]
|
||||
else:
|
||||
try:
|
||||
# connect to database
|
||||
self.logger.debug(
|
||||
"connecting to database '{}'".format(
|
||||
re.sub(
|
||||
conn = re.sub(
|
||||
r"(.*?://.*?):.*?(@.*)",
|
||||
r"\1:<PASSWORD>\2",
|
||||
connection_string)))
|
||||
connection_string)
|
||||
self.logger.debug(
|
||||
f"connecting to database '{conn}'")
|
||||
db = connect(connection_string)
|
||||
except Exception as e:
|
||||
raise RuntimeError(
|
||||
"unable to connect to database: {}".format(e))
|
||||
f"unable to connect to database: {e}")
|
||||
|
||||
DatabaseWhitelist._db_connections[connection_string] = db
|
||||
|
||||
@@ -118,7 +125,7 @@ class DatabaseWhitelist(WhitelistBase):
|
||||
self.meta = Meta
|
||||
self.meta.database = db
|
||||
self.meta.table_name = tablename
|
||||
self.model = type("WhitelistModel_{}".format(self.name), (WhitelistModel,), {
|
||||
self.model = type(f"WhitelistModel_{self.name}", (WhitelistModel,), {
|
||||
"Meta": self.meta
|
||||
})
|
||||
|
||||
@@ -127,13 +134,12 @@ class DatabaseWhitelist(WhitelistBase):
|
||||
|
||||
if tablename not in DatabaseWhitelist._db_tables[connection_string]:
|
||||
DatabaseWhitelist._db_tables[connection_string].append(tablename)
|
||||
if not self.configtest:
|
||||
if not self.test:
|
||||
try:
|
||||
db.create_tables([self.model])
|
||||
except Exception as e:
|
||||
raise RuntimeError(
|
||||
"unable to initialize table '{}': {}".format(
|
||||
tablename, e))
|
||||
f"unable to initialize table '{tablename}': {e}")
|
||||
|
||||
def _entry_to_dict(self, entry):
|
||||
result = {}
|
||||
@@ -163,17 +169,19 @@ class DatabaseWhitelist(WhitelistBase):
|
||||
|
||||
# generate list of possible mailfroms
|
||||
self.logger.debug(
|
||||
"query database for whitelist entries from <{}> to <{}>".format(
|
||||
mailfrom, recipient))
|
||||
f"query database for whitelist entries from <{mailfrom}> "
|
||||
f"to <{recipient}>")
|
||||
mailfroms = [""]
|
||||
if "@" in mailfrom and not mailfrom.startswith("@"):
|
||||
mailfroms.append("@{}".format(mailfrom.split("@")[1]))
|
||||
domain = mailfrom.split("@")[1]
|
||||
mailfroms.append(f"@{domain}")
|
||||
mailfroms.append(mailfrom)
|
||||
|
||||
# generate list of possible recipients
|
||||
recipients = [""]
|
||||
if "@" in recipient and not recipient.startswith("@"):
|
||||
recipients.append("@{}".format(recipient.split("@")[1]))
|
||||
domain = recipient.split("@")[1]
|
||||
recipients.append(f"@{domain}")
|
||||
recipients.append(recipient)
|
||||
|
||||
# query the database
|
||||
@@ -183,7 +191,7 @@ class DatabaseWhitelist(WhitelistBase):
|
||||
self.model.mailfrom.in_(mailfroms),
|
||||
self.model.recipient.in_(recipients)))
|
||||
except Exception as e:
|
||||
raise RuntimeError("unable to query database: {}".format(e))
|
||||
raise RuntimeError(f"unable to query database: {e}")
|
||||
|
||||
if not entries:
|
||||
# no whitelist entry found
|
||||
@@ -215,7 +223,8 @@ class DatabaseWhitelist(WhitelistBase):
|
||||
try:
|
||||
for entry in list(self.model.select()):
|
||||
if older_than is not None:
|
||||
if (datetime.now() - entry.last_used).total_seconds() < (older_than * 86400):
|
||||
delta = (datetime.now() - entry.last_used).total_seconds()
|
||||
if delta < (older_than * 86400):
|
||||
continue
|
||||
|
||||
if mailfrom is not None:
|
||||
@@ -228,7 +237,7 @@ class DatabaseWhitelist(WhitelistBase):
|
||||
|
||||
entries.update(self._entry_to_dict(entry))
|
||||
except Exception as e:
|
||||
raise RuntimeError("unable to query database: {}".format(e))
|
||||
raise RuntimeError(f"unable to query database: {e}")
|
||||
|
||||
return entries
|
||||
|
||||
@@ -249,7 +258,7 @@ class DatabaseWhitelist(WhitelistBase):
|
||||
comment=comment,
|
||||
permanent=permanent)
|
||||
except Exception as e:
|
||||
raise RuntimeError("unable to add entry to database: {}".format(e))
|
||||
raise RuntimeError(f"unable to add entry to database: {e}")
|
||||
|
||||
def delete(self, whitelist_id):
|
||||
"Delete entry from whitelist."
|
||||
@@ -260,7 +269,7 @@ class DatabaseWhitelist(WhitelistBase):
|
||||
deleted = query.execute()
|
||||
except Exception as e:
|
||||
raise RuntimeError(
|
||||
"unable to delete entry from database: {}".format(e))
|
||||
f"unable to delete entry from database: {e}")
|
||||
|
||||
if deleted == 0:
|
||||
raise RuntimeError("invalid whitelist id")
|
||||
@@ -284,10 +293,11 @@ class WhitelistCache(object):
|
||||
mailfrom, recipient)
|
||||
return self.cache[whitelist][recipient]
|
||||
|
||||
def get_whitelisted_recipients(self, whitelist, mailfrom, recipients):
|
||||
def get_recipients(self, whitelist, mailfrom, recipients):
|
||||
self.load(whitelist, mailfrom, recipients)
|
||||
return list(
|
||||
filter(lambda x: self.cache[whitelist][x], self.cache[whitelist].keys()))
|
||||
return list(filter(
|
||||
lambda x: self.cache[whitelist][x],
|
||||
self.cache[whitelist].keys()))
|
||||
|
||||
|
||||
# list of whitelist types and their related whitelist classes
|
||||
|
||||
2
setup.cfg
Normal file
2
setup.cfg
Normal file
@@ -0,0 +1,2 @@
|
||||
[metadata]
|
||||
version = attr: pyquarantine.__version__
|
||||
7
setup.py
7
setup.py
@@ -4,11 +4,8 @@ def read_file(fname):
|
||||
with open(fname, 'r') as f:
|
||||
return f.read()
|
||||
|
||||
version = {}
|
||||
exec(read_file("pyquarantine/version.py"), version)
|
||||
|
||||
setup(name = "pyquarantine",
|
||||
version = version["__version__"],
|
||||
author = "Thomas Oettli",
|
||||
author_email = "spacefreak@noop.ch",
|
||||
description = "A pymilter based sendmail/postfix pre-queue filter.",
|
||||
@@ -22,7 +19,7 @@ setup(name = "pyquarantine",
|
||||
# 3 - Alpha
|
||||
# 4 - Beta
|
||||
# 5 - Production/Stable
|
||||
"Development Status :: 3 - Alpha",
|
||||
"Development Status :: 4 - Beta",
|
||||
"License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)",
|
||||
"Operating System :: OS Independent",
|
||||
"Programming Language :: Python",
|
||||
@@ -36,5 +33,5 @@ setup(name = "pyquarantine",
|
||||
]
|
||||
},
|
||||
install_requires = ["pymilter", "netaddr", "beautifulsoup4[lxml]", "peewee"],
|
||||
python_requires = ">=3"
|
||||
python_requires = ">=3.6"
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user