summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbin/kolab_smtp_access_policy.py48
1 files changed, 7 insertions, 41 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 61928ea..6daeefc 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -821,9 +821,14 @@ def verify_sender(policy_request):
log.debug(_("Found user object %(dn)s") %(sender_user), level=8)
+ if policy_request['sasl_username'] == policy_request['sender']:
+ sender_is_auth = True
+ else:
+ sender_is_auth = False
+
# Only when a user is authenticated do we have the means to check for
# kolabDelegate functionality.
- if not policy_request['sasl_username'] == '':
+ if not policy_request['sasl_username'] == '' and not sender_is_auth:
sender_is_delegate = verify_delegate(
policy_request,
sender_domain,
@@ -838,7 +843,7 @@ def verify_sender(policy_request):
# If the authenticated user is using delegate functionality, apply the
# recipient policy attribute for the envelope sender.
- if sender_is_delegate == False and sender_uses_alias == False:
+ if sender_is_delegate == False and sender_uses_alias == False and not sender_is_auth:
return False
elif sender_is_delegate:
@@ -1011,45 +1016,6 @@ if __name__ == "__main__":
else:
sender_allowed = verify_sender(policy_request)
- # If the authenticated username is the sender...
- elif policy_request["sasl_username"] == policy_request["sender"]:
- log.debug(
- _("Allowing authenticated sender %s to send as %s.") %(
- policy_request["sasl_username"],
- policy_request["sender"]
- ),
- level=8
- )
-
- sender_allowed = True
-
- permit(
- _("Authenticated as sender %s") %(
- policy_request['sender']
- )
- )
-
- policy_done = True
-
- # Or if the authenticated username is the sender but the sender address
- # lists an address with a recipient delimiter...
- #
- # TODO: The recipient delimiter is configurable!
- elif policy_request["sasl_username"] == \
- parse_address(
- policy_request["sender"]
- ):
-
- sender_allowed = True
-
- permit(
- _("Authenticated as sender %s") %(
- parse_address(policy_request["sender"])
- )
- )
-
- policy_done = True
-
else:
sender_allowed = verify_sender(policy_request)