Browse Source

feature: do not allow to send unencrypted for specified (mandatory tls) domains

Hendrik Sünkler 8 years ago
parent
commit
785d0b898b

+ 6
- 2
posttls/core/admin.py View File

@@ -1,7 +1,7 @@
1 1
 from django.contrib import admin
2 2
 from django.contrib.auth.admin import UserAdmin
3 3
 
4
-from .models import User, TLSNotification, TLSLogEntry
4
+from .models import User, TLSNotification, TLSLogEntry, MandatoryTLSDomains
5 5
 
6 6
 
7 7
 # Custom User Model
@@ -20,6 +20,10 @@ class TLSLogEntryAdmin(admin.ModelAdmin):
20 20
     list_display = ('queue_id', 'sender', 'recipients', 'action', 'date')
21 21
 
22 22
 
23
+class MandatoryTLSDomainsAdmin(admin.ModelAdmin):
24
+    list_display = ('domain',)
25
+
26
+
23 27
 admin.site.register(TLSNotification, TLSNotificationAdmin)
24 28
 admin.site.register(TLSLogEntry, TLSLogEntryAdmin)
25
-
29
+admin.site.register(MandatoryTLSDomains, MandatoryTLSDomainsAdmin)

+ 50
- 26
posttls/core/management/commands/process_queue.py View File

@@ -9,10 +9,15 @@ import sys
9 9
 import datetime
10 10
 from email.header import decode_header
11 11
 
12
-from core.models import TLSNotification
12
+from core.models import TLSNotification, MandatoryTLSDomains
13 13
 
14 14
 
15
-def send_mail(message):
15
+def send_mail(message, deleted):
16
+    """
17
+    Send mail notification to sender.
18
+    If the domain of a recipient is listed in MandatoryTLSDomains,
19
+    the mail was deleted and 'deleted' is set to True.
20
+    """
16 21
     import smtplib
17 22
     from email.mime.multipart import MIMEMultipart
18 23
     from email.mime.text import MIMEText
@@ -34,7 +39,8 @@ def send_mail(message):
34 39
                                      'subject': message['subject'],
35 40
                                      'queue_id': message['queue_id'],
36 41
                                      'postfix_sysadmin_mail_address': settings.POSTTLS_NOTIFICATION_SYSADMIN_MAIL_ADDRESS,
37
-                                     'postfix_tls_host': settings.POSTTLS_TLS_HOST})
42
+                                     'postfix_tls_host': settings.POSTTLS_TLS_HOST,
43
+                                     'deleted': deleted})
38 44
 
39 45
     text_content = strip_tags(html_content)  # this strips the html tags
40 46
 
@@ -174,28 +180,46 @@ class Command(BaseCommand):
174 180
                 # set the subject
175 181
                 message['subject'] = str(subject)
176 182
 
177
-                #######################################################################
178
-                # Send notification and handle database entry
179
-
180
-                # Check the database if an earlier notification was already sent
181
-                try:
182
-                    notification = TLSNotification.objects.get(queue_id=message["queue_id"])
183
-                except:
184
-                    notification = ""
185
-
186
-                if not notification:
187
-                    # If this is the first notification, send it and make a database entry
188
-                    n = TLSNotification(queue_id=message["queue_id"], notification=datetime.datetime.today())
189
-                    n.save()
190
-                    send_mail(message)
191
-                else:
192
-                    # If the last notification is more than 30 minutes ago,
193
-                    # send another notification
194
-                    if notification.notification.replace(tzinfo=None) \
195
-                            < datetime.datetime.today() - datetime.timedelta(minutes=30):
196
-                        notification.delete()
183
+                ###################################################################
184
+                # If the domain is listed in MandatoryTLSDomains, delete the mail and inform the sender
185
+                mandatory_tls = False
186
+                mandatory_tls_domains = MandatoryTLSDomains.objects.all()
187
+                for domain in mandatory_tls_domains:
188
+                    if domain.domain in message["recipients"]:
189
+                        mandatory_tls = True
190
+
191
+                if mandatory_tls:
192
+                    # delete mail
193
+                    p = subprocess.Popen(['sudo', 'postsuper', '-d', message['queue_id']],
194
+                                         stdin=subprocess.PIPE,
195
+                                         stdout=subprocess.PIPE,
196
+                                         stderr=subprocess.STDOUT)
197
+                    output = str(p.stdout.read(), "utf-8").splitlines()
198
+
199
+                    # send notification to sender
200
+                    send_mail(message, deleted=True)
201
+
202
+                else:  # if not mandatory_tls
203
+                    #######################################################################
204
+                    # Send notification and handle database entry
205
+
206
+                    # Check the database if an earlier notification was already sent
207
+                    try:
208
+                        notification = TLSNotification.objects.get(queue_id=message["queue_id"])
209
+                    except:
210
+                        notification = ""
211
+
212
+                    if not notification:
213
+                        # If this is the first notification, send it and make a database entry
197 214
                         n = TLSNotification(queue_id=message["queue_id"], notification=datetime.datetime.today())
198 215
                         n.save()
199
-                        send_mail(message)
200
-
201
-        self.stdout.write('Successfully processed Postfix Queue!')
216
+                        send_mail(message, deleted=False)
217
+                    else:
218
+                        # If the last notification is more than 30 minutes ago,
219
+                        # send another notification
220
+                        if notification.notification.replace(tzinfo=None) \
221
+                                    < datetime.datetime.today() - datetime.timedelta(minutes=30):
222
+                            notification.delete()
223
+                            n = TLSNotification(queue_id=message["queue_id"], notification=datetime.datetime.today())
224
+                            n.save()
225
+                            send_mail(message, deleted=False)

+ 22
- 0
posttls/core/migrations/0006_mandatorytlsdomains.py View File

@@ -0,0 +1,22 @@
1
+# -*- coding: utf-8 -*-
2
+# Generated by Django 1.9.2 on 2016-02-28 15:55
3
+from __future__ import unicode_literals
4
+
5
+from django.db import migrations, models
6
+
7
+
8
+class Migration(migrations.Migration):
9
+
10
+    dependencies = [
11
+        ('core', '0005_auto_20160228_1615'),
12
+    ]
13
+
14
+    operations = [
15
+        migrations.CreateModel(
16
+            name='MandatoryTLSDomains',
17
+            fields=[
18
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
19
+                ('domain', models.CharField(max_length=100, verbose_name='Domain')),
20
+            ],
21
+        ),
22
+    ]

+ 10
- 1
posttls/core/models.py View File

@@ -32,4 +32,13 @@ class TLSLogEntry(models.Model):
32 32
     date = models.DateTimeField('Date')
33 33
 
34 34
     def __str__(self):
35
-        return self.queue_id
35
+        return self.queue_id
36
+
37
+
38
+class MandatoryTLSDomains(models.Model):
39
+    """For these domains the user shouln't be allowed to send emails unencrypted"""
40
+
41
+    domain = models.CharField('Domain', max_length=100)
42
+
43
+    def __str__(self):
44
+        return self.domain

+ 16
- 9
posttls/core/templates/core/mail_template.html View File

@@ -13,16 +13,23 @@
13 13
                 <li style='font-size: 14px;'>Subject: {{ subject }}</li>
14 14
             </ul>
15 15
 
16
-            <p style="font-size: 14px;">Please tell me how you want me to handle this case:</p>
16
+            {% if deleted %}
17
+                <p style="font-size: 14px;">Since our company policy requires TLS
18
+                    encryption for the recipient(s) mentioned above, your mail was deleted.
19
+                    Please find a different - and secure - channel for communication.</p>
20
+            {% else %}
17 21
 
18
-            <p>
19
-                <a href='https://{{postfix_tls_host}}:8080/?queue_id={{queue_id}}&action=redirect' style='text-decoration: none;'>
20
-                    <button style="font-size: 14px; color: white; cursor: pointer; margin-left: 0px; margin-top: 10px; color: white; border: 0; border-radius: 4px; text-shadow: 0 1px 1px rgba(0, 0, 0, 0.2); background: rgb(223, 166, 53); padding: 10px;">Send unencrypted</button>
21
-                </a>
22
-                <a href='https://{{postfix_tls_host}}:8080/?queue_id={{queue_id}}&action=delete' style='text-decoration: none;'>
23
-                    <button style="font-size: 14px; color: white; cursor: pointer; margin-left: 0px; margin-top: 10px; color: white; border: 0; border-radius: 4px; text-shadow: 0 1px 1px rgba(0, 0, 0, 0.2); background: rgb(28, 184, 65); padding: 10px;">Delete message</button>
24
-                </a>
25
-            </p>
22
+                <p style="font-size: 14px;">Please tell me how you want me to handle this case:</p>
23
+
24
+                <p>
25
+                    <a href='https://{{postfix_tls_host}}:8080/?queue_id={{queue_id}}&action=redirect' style='text-decoration: none;'>
26
+                        <button style="font-size: 14px; color: white; cursor: pointer; margin-left: 0px; margin-top: 10px; color: white; border: 0; border-radius: 4px; text-shadow: 0 1px 1px rgba(0, 0, 0, 0.2); background: rgb(223, 166, 53); padding: 10px;">Send unencrypted</button>
27
+                    </a>
28
+                    <a href='https://{{postfix_tls_host}}:8080/?queue_id={{queue_id}}&action=delete' style='text-decoration: none;'>
29
+                        <button style="font-size: 14px; color: white; cursor: pointer; margin-left: 0px; margin-top: 10px; color: white; border: 0; border-radius: 4px; text-shadow: 0 1px 1px rgba(0, 0, 0, 0.2); background: rgb(28, 184, 65); padding: 10px;">Delete message</button>
30
+                    </a>
31
+                </p>
32
+            {% endif %}
26 33
 
27 34
             <p style='font-size: 14px; margin-top: 25px;'>If you have any questions, please contact your <a href="mailto:{{postfix_sysadmin_mail_address}}" style="color: black;">System Administrator</a>.</p>
28 35
         </td>

Loading…
Cancel
Save