Merge remote-tracking branch 'github/master'

Conflicts: ConfigParser.py
2026-06-06 07:12:54 -04:00 · 2014-06-19 09:11:15 -07:00 · 2014-06-19 09:11:15 -07:00 · 803c39e585
commit 803c39e585
parent 3df343495e 51980e212f
2 changed files with 51 additions and 4 deletions
--- a/ConfigParser.py
+++ b/ConfigParser.py
@ -4,7 +4,7 @@ import sys
 import json
 from datetime import datetime
 import string
-
+import collections

 def parse_timestamp(ts):
  try:
@ -49,7 +49,7 @@ class Config:
      elif atr == "expires":
        self.expires = parse_timestamp(val)
      elif atr == "tls-policies":
-        for domain,policies in self.check_tls_policy_domains(val):
+        for domain, policies in self.check_tls_policy_domains(val):
          if type(policies) != dict:
            raise TypeError, domain + "'s policies should be a dict: " + `policies`
          self.tls_policies[domain] = {} # being here enforces TLS at all
@ -77,8 +77,14 @@ class Config:
                raise ValueError, "Not a known enoforcement policy " + `value`
      elif atr == "acceptable-mxs":
        self.acceptable_mxs = val
-        for domain, mxball in self.acceptable_mxs.items():
-          pass
+        self.mx_domain_to_address_domains = collections.defaultdict(set)
+        for address_domain, properties in self.acceptable_mxs.items():
+          mx_list = properties["accept-mx-domains"]
+          if len(mx_list) > 1:
+            print "Lists of multiple accept-mx-domains not yet supported, skipping ", address_domain
+          mx_domain = mx_list[0]
+          self.mx_domain_to_address_domains[mx_domain].add(address_domain)
+        pass
      else:
        sys.stderr.write("Unknown attribute: " + `atr` + "\n")
    # XXX is it ever permissible to have a domain with an acceptable-mx 
@ -86,6 +92,14 @@ class Config:
    # here
    print self.tls_policies

+  def get_address_domains(self, mx_hostname):
+    for mx_domain, address_domains in self.mx_domain_to_address_domains.items():
+      # TODO: write this better
+      if (mx_hostname.find(mx_domain) > 0 and
+          mx_hostname.find(mx_domain) == len(mx_hostname) - len(mx_domain)):
+        return address_domains
+    return None
+
  def check_tls_policy_domains(self, val):
    if type(val) != dict:
      raise TypeError, "tls-policies should be a dict" + `val`
--- a/PostfixLogSummary.py
+++ b/PostfixLogSummary.py
@ -0,0 +1,33 @@
+#!/usr/bin/python2.7
+import re
+import sys
+import collections
+
+import ConfigParser
+
+def get_counts(input, config):
+  counts = collections.defaultdict(lambda: collections.defaultdict(int))
+  r = re.compile("([A-Za-z]+) TLS connection established to ([^[]*)")
+  for line in sys.stdin:
+    result = r.search(line)
+    if result:
+      validation = result.group(1)
+      mx_hostname = result.group(2)
+      address_domains = config.get_address_domains(mx_hostname)
+      if address_domains:
+        for d in address_domains:
+          counts[d][validation] += 1
+          counts[d]["all"] += 1
+  return counts
+
+def print_summary(counts):
+  for mx_hostname, validations in counts.items():
+    for validation, validation_count in validations.items():
+      if validation == "all":
+        continue
+      print mx_hostname, validation, validation_count / validations["all"]
+
+if __name__ == "__main__":
+  config = ConfigParser.Config("starttls-everywhere.json")
+  counts = get_counts(sys.stdin, config)
+  print_summary(counts)