commit 42e3702cd1cfdf78901c49fc6368998fce9e2dc5 Author: Isis Lovecruft <isis@torproject.org> Date: Mon Jun 2 20:20:48 2014 +0000 Move dkim function to new bridgedb.email.dkim module. --- lib/bridgedb/email/dkim.py | 55 ++++++++++++++++++++++++++++++++++++++++++ lib/bridgedb/email/server.py | 35 --------------------------- 2 files changed, 55 insertions(+), 35 deletions(-) diff --git a/lib/bridgedb/email/dkim.py b/lib/bridgedb/email/dkim.py new file mode 100644 index 0000000..311a03a --- /dev/null +++ b/lib/bridgedb/email/dkim.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 ; test-case-name: bridgedb.test.test_email_dkim -*- +#_____________________________________________________________________________ +# +# This file is part of BridgeDB, a Tor bridge distribution system. +# +# :authors: Nick Mathewson <nickm@torproject.org> +# Isis Lovecruft <isis@torproject.org> 0xA3ADB67A2CDB8B35 +# Matthew Finkel <sysrqb@torproject.org> +# please also see AUTHORS file +# :copyright: (c) 2007-2014, The Tor Project, Inc. +# (c) 2013-2014, Isis Lovecruft +# :license: see LICENSE for licensing information +#_____________________________________________________________________________ + +"""Functions for checking DKIM verification results in email headers.""" + +from __future__ import unicode_literals + +import logging + + +def checkDKIM(message, rules): + """Check the DKIM verification results header. + + This check is only run if the incoming email, **message**, originated from + a domain for which we're configured (in the ``EMAIL_DOMAIN_RULES`` + dictionary in the config file) to check DKIM verification results for. + + :type message: :api:`twisted.mail.smtp.rfc822.Message` + :param message: The incoming client request email, including headers. + :param dict rules: The list of configured ``EMAIL_DOMAIN_RULES`` for the + canonical domain which the client's email request originated from. + + :rtype: bool + :returns: ``False`` if: + 1. We're supposed to expect and check the DKIM headers for the + client's email provider domain. + 2. Those headers were *not* okay. + Otherwise, returns ``True``. + """ + logging.info("Checking DKIM verification results...") + logging.debug("Domain has rules: %s" % ', '.join(rules)) + + if 'dkim' in rules: + # getheader() returns the last of a given kind of header; we want + # to get the first, so we use getheaders() instead. + dkimHeaders = message.getheaders("X-DKIM-Authentication-Results") + dkimHeader = "<no header>" + if dkimHeaders: + dkimHeader = dkimHeaders[0] + if not dkimHeader.startswith("pass"): + logging.info("Rejecting bad DKIM header on incoming email: %r " + % dkimHeader) + return False + return True diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py index 7904c36..f526b47 100644 --- a/lib/bridgedb/email/server.py +++ b/lib/bridgedb/email/server.py @@ -46,41 +46,6 @@ from bridgedb.parse.addr import UnsupportedDomain from bridgedb.parse.addr import canonicalizeEmailDomain -def checkDKIM(message, rules): - """Check the DKIM verification results header. - - This check is only run if the incoming email, **message**, originated from - a domain for which we're configured (in the ``EMAIL_DOMAIN_RULES`` - dictionary in the config file) to check DKIM verification results for. - - :type message: :api:`twisted.mail.smtp.rfc822.Message` - :param message: The incoming client request email, including headers. - :param dict rules: The list of configured ``EMAIL_DOMAIN_RULES`` for the - canonical domain which the client's email request originated from. - - :rtype: bool - :returns: ``False`` if: - 1. We're supposed to expect and check the DKIM headers for the - client's email provider domain. - 2. Those headers were *not* okay. - Otherwise, returns ``True``. - """ - logging.info("Checking DKIM verification results...") - logging.debug("Domain has rules: %s" % ', '.join(rules)) - - if 'dkim' in rules: - # getheader() returns the last of a given kind of header; we want - # to get the first, so we use getheaders() instead. - dkimHeaders = message.getheaders("X-DKIM-Authentication-Results") - dkimHeader = "<no header>" - if dkimHeaders: - dkimHeader = dkimHeaders[0] - if not dkimHeader.startswith("pass"): - logging.info("Rejecting bad DKIM header on incoming email: %r " - % dkimHeader) - return False - return True - def createResponseBody(lines, context, client, lang='en'): """Parse the **lines** from an incoming email request and determine how to respond.