14 messages in net.sourceforge.lists.courier-usersRE: [courier-users] Definitive way to...
FromSent OnAttachments
Lloyd ZusmanFeb 7, 2004 1:25 pm 
Gordon MessmerFeb 7, 2004 2:20 pm 
Gordon MessmerFeb 7, 2004 2:56 pm 
Lloyd ZusmanFeb 7, 2004 3:10 pm 
Lloyd ZusmanFeb 7, 2004 3:46 pm 
Gordon MessmerFeb 7, 2004 3:51 pm 
Lloyd ZusmanFeb 7, 2004 4:46 pm 
Lloyd ZusmanFeb 8, 2004 4:25 pm 
Mitch (WebCob)Feb 8, 2004 4:52 pm 
Lloyd ZusmanFeb 8, 2004 5:10 pm 
Lloyd ZusmanFeb 8, 2004 6:40 pm 
Mitch (WebCob)Feb 8, 2004 7:09 pm 
Mitch (WebCob)Feb 8, 2004 7:21 pm 
Lloyd ZusmanFeb 8, 2004 7:55 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:RE: [courier-users] Definitive way to determine whether there's been authorization?Actions...
From:Mitch (WebCob) (mit@webcob.com)
Date:Feb 8, 2004 4:52:38 pm
List:net.sourceforge.lists.courier-users

If the last received header (the one added by YOUR server says AUTH, you can trust it - otherwise it can be spoofed. I just read the headers.

You can use a for loop and a counter to ensure you only check the first received header.

m/

-----Original Message----- From: cour@lists.sourceforge.net [mailto:cour@lists.sourceforge.net]On Behalf Of Lloyd Zusman Sent: Sunday, February 08, 2004 4:23 PM To: cour@lists.sourceforge.net Subject: [courier-users] Definitive way to determine whether there's been authorization?

In the courier-pythonfilter module below, I am looking into the message data file for a line that looks like this among the message headers:

(AUTH: LOGIN whatever)

When I see this, I accept the message and don't send it through my subsequent SPF processing.

However, I just realized that this can be easily spoofed, as follows:

% telnet mx.myhost.com 25 ehlo somewhere.com mail from: <some@somewhere.com> rcpt to: <per@myhost.com> data (AUTH: LOGIN foobar) From: <some@somewhere.com> To: <per@myhost.com> Subject: whatever

Message .

Because of this, I'd like to know if there is a definitive way from within a courierfilter module to determine whether a given SMTP dialog is the result of a successful authorization, or whether it's a simple, non-authorized dialog, such as the one above.

I don't see any way to find this out from the message data file or from the message control file, but I hope that I'm overlooking something.

Any ideas?

Thanks in advance.

Here's the courier-pythonfilter module that I mentioned above:

import re import sys import string import courier.control import courier.config

# Accepts all incoming messages that have been submitted via a # successful AUTH dialog.

# Run before any other filter. order = 1

# Record in the system log that this filter was initialized. sys.stderr.write( 'Initialized the AUTH python filter\n' )

authpat = re.compile(r'^\(AUTH:\s+LOGIN\s+\S+\)', re.I) emptypat = re.compile(r'^\s*$')

def dofilter( message_data_file, message_ctrl_files ): lines = open(message_data_file,'r').readlines() lines = map(string.strip, lines) for line in lines: match = emptypat.search(line) if match: # Stop processing after final message header return '' match = authpat.search(line) if match: sys.stderr.write( 'Login authorization succeeded: message accepted\n' ) return '200 Ok' return ''

-- Lloyd Zusman lj@asfast.com

_______________________________________________ courier-users mailing list cour@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users