Write policies based on address domain, not stripped mx-domain

2026-06-06 15:22:38 -04:00 · 2014-06-16 18:26:56 +00:00 · 2014-06-16 18:26:56 +00:00 · 51f90ffafb
commit 51f90ffafb
parent 3cf61a54b7
3 changed files with 11 additions and 16 deletions
--- a/ConfigParser.py
+++ b/ConfigParser.py
@ -59,10 +59,10 @@ class Config:
                raise ValueError, "Not a valid TLS version string: " + `value`
              self.tls_policies[domain]["min-tls-version"] = str(value)
      elif atr == "acceptable-mxs":
+        self.acceptable_mxs = val
        pass
      else:
-        sys.stderr.write("Uknown attribute: " + `atr` + "\n")
-    print self.tls_policies
+        sys.stderr.write("Unknown attribute: " + `atr` + "\n")

  def check_tls_policy_domains(self, val):
    if type(val) != dict:
@ -73,11 +73,6 @@ class Config:
        d = str(domain) # convert from unicode
      except:
        raise TypeError, "tls-policy domain not a string" + `domain`
-      if not d.startswith("*."):
-        raise ValueError, "tls-policy domains must start with *.; try *."+d
-      d = d.partition("*.")[2]
-      if not looks_like_a_domain(d):
-        raise ValueError, "tls-policy for something that a domain? " + d
      yield (d, policies)

 if __name__ == "__main__":
--- a/MTAConfigGenerator.py
+++ b/MTAConfigGenerator.py
@ -114,10 +114,15 @@ class PostfixConfigGenerator(MTAConfigGenerator):

  def set_domainwise_tls_policies(self):
    self.policy_lines = []
-    for domain, policy in self.policy_config.tls_policies.items():
-      entry = domain + " encrypt"
-      if "min-tls-version" in policy:
-        entry += " " + policy["min-tls-version"]
+    for address_domain, properties in self.policy_config.acceptable_mxs.items():
+      mx_list = properties["accept-mx-domains"]
+      if len(mx_list) > 1:
+        print "Lists of multiple accept-mx-domains not yet supported, skipping ", address_domain
+      mx_domain = mx_list[0]
+      mx_policy = self.policy_config.tls_policies[mx_domain]
+      entry = address_domain + " encrypt"
+      if "min-tls-version" in mx_policy:
+        entry += " " + mx_policy["min-tls-version"]
      self.policy_lines.append(entry)

    f = open(DEFAULT_POLICY_FILE, "w")
--- a/starttls-everywhere.json
+++ b/starttls-everywhere.json
@ -50,11 +50,6 @@
    }
  }, 
  "acceptable-mxs": {
-    "wp.pl": {
-      "accept-mx-domains": [
-        "*.wp.pl"
-      ]
-    }, 
    "yahoo.co.uk": {
      "accept-mx-domains": [
        "*.yahoodns.net"