#!/usr/bin/env python
#
# Copyright (C) 2001,2002,2003 Jason R. Mastaler <jason@mastaler.com>
#
# This file is part of TMDA.
#
# TMDA is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.  A copy of this license should
# be included in the file COPYING.
#
# TMDA is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# You should have received a copy of the GNU General Public License
# along with TMDA; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

"""Filter incoming messages on standard input.

Usage:  %(program)s [OPTIONS]

OPTIONS:
	-h
 	--help
	   Print this help message and exit.

        -V
        --version
           Print TMDA version information and exit.
           
	-c <file>
	--config-file <file>
	   Specify a different configuration file other than ~/.tmda/config.

        -d
	--discard
	   Discard message if address is invalid instead of bouncing it.

        -p
        --print
           Print the message to stdout.  This option is useful when TMDA is run
           as a filter in maildrop or procmail.  It overrides all other
           delivery options, even if a specific delivery is given in a matching
           rule.

           If the message is delivered, TMDA's exit code is 0.  If the message
           is dropped, bounced or a confirmation request is sent, the exit code
           will be 99.  You can use the exit code in maildrop/procmail to
           decide if you want to perform further processing.

        -t <dir>
        --template-dir <dir>
	   Full pathname to a directory containing custom TMDA templates.

        -I <file>
        --filter-incoming-file <file>
           Full pathname to your incoming filter file.  Overrides FILTER_INCOMING
           in ~/.tmda/config.
           
        -M <recipient> <sender>
        --filter-match <recipient> <sender>
           Check whether the given e-mail addresses match a line in your incoming
           filter and then exit.  The first address given should be the message
           recipient (you), and the second is the sender.  This option will also
           check for parsing errors in the filter file.
	   
        -S <script>
	--vhome-script <script>
        
	   Full pathname of script that prints a virtual email user's
	   home directory on standard output.  tmda-filter will read
	   that path and set $HOME to that path so that '~' expansion
	   works properly for virtual users.

	   The script takes two arguments, the user name and the
	   domain, on its command line.

	   This option is for use only with the VPopMail and VMailMgr
	   add-ons to qmail.  See the tmda0.XX/contrib directory for
	   sample scripts.
"""

import getopt
import os
import sys

try:
    import paths
except ImportError:
    # Prepend /usr/lib/python2.x/site-packages/TMDA/pythonlib
    sitedir = os.path.join(sys.prefix, 'lib', 'python'+sys.version[:3],
                           'site-packages', 'TMDA', 'pythonlib')
    sys.path.insert(0, sitedir)

from TMDA import Version


filter_match = None
discard = None
act_as_filter = 0
program = sys.argv[0]

def usage(code, msg=''):
    print __doc__ % globals()
    if msg:
        print msg
    sys.exit(code)

# If -S / --vhome-script flag is given on command line, use it to determine the
# virtual user's home directory and set $HOME to that, so that '~' refers to
# the virtual user's home directory and not the domain directory.
def setvuserhomedir(vhomescript):
    """Set $HOME to the recipient's (virtual user) home directory.""" 
    host = os.environ['HOST']
    parts = os.environ['EXT'].split('-confirm-', 1)[0].split('-')
    cmd = vhomescript + ' "%s"' + ' "%s"' % (host,)
    username = ''
    for part in parts:
        username += part
        fpin = os.popen(cmd % (username,))
        vuserhomedir = fpin.read().strip()
        if fpin.close() is None:
            os.environ['HOME'] = vuserhomedir
            os.chdir(vuserhomedir)
            break
        else:
            username += '-'
    else:  # didn't find username
        sys.exit(0)

try:
    opts, args = getopt.getopt(sys.argv[1:],
                            'c:dpt:I:M:S:Vh', ['config-file=',
                                               'discard',
                                               'print',
                                               'template-dir=',
                                               'filter-incoming-file=',
                                               'filter-match=',
                                               'vhome-script=',
                                               'version',
                                               'help'])
except getopt.error, msg:
    usage(1, msg)

for opt, arg in opts:
    if opt in ('-h', '--help'):
        usage(0)
    if opt == '-V':
        print Version.ALL
        sys.exit()
    if opt == '--version':
        print Version.TMDA
        sys.exit()
    elif opt in ('-M', '--filter-match'):
	filter_match = 1
    elif opt in ('-I', '--filter-incoming-file'):
	os.environ['TMDA_FILTER_INCOMING'] = arg
    elif opt in ('-t', '--template-dir'):
        os.environ['TMDA_TEMPLATE_DIR'] = arg
    elif opt in ('-d', '--discard'):
	discard = 1
    elif opt in ('-p', '--print'):
        act_as_filter = 1
    elif opt in ('-c', '--config-file'):
        os.environ['TMDARC'] = arg
    elif opt in ('-S', '--vhome-script'):
        if os.environ.has_key('EXT') and os.environ.has_key('HOST'):
            setvuserhomedir(arg)


from TMDA import Defaults
from TMDA import Address
from TMDA import Cookie
from TMDA import Errors
from TMDA import FilterParser
from TMDA import MTA
from TMDA import Util


from cStringIO import StringIO
from email.Utils import parseaddr, getaddresses
import email
import fileinput
import string
import time


# Just check Defaults.FILTER_INCOMING for syntax errors and possible
# matches, and then exit.
if filter_match:
    sender = sys.argv[-1]
    recip = sys.argv[-2]
    Util.filter_match(Defaults.FILTER_INCOMING, recip, sender)
    sys.exit()

if act_as_filter:
    Defaults.DELIVERY = '_filter_'

# We use this MTA instance to control the fate of the message.
mta = MTA.init(Defaults.MAIL_TRANSFER_AGENT, Defaults.DELIVERY)

# Read sys.stdin into a temporary variable for later access.
stdin = StringIO(sys.stdin.read())

# The incoming message as an email.Message object.
msgin = Util.msg_from_file(stdin)

# Original message contents as a string.
orig_msgin_as_string = Util.msg_as_string(msgin)

# Original message headers as a string.
orig_msgin_headers_as_string = Util.headers_as_string(msgin)

# Original message headers as a raw string.
orig_msgin_headers_as_raw_string = Util.headers_as_raw_string(msgin)

# Original message body.
orig_msgin_body = msgin.get_payload()

# Original message body as a raw string.
orig_msgin_body_as_raw_string = Util.body_as_raw_string(msgin)

# Calculate the incoming message size.
orig_msgin_size = len(orig_msgin_as_string)

# Collect the three essential environment variables, and defer if they
# are missing.

# SENDER is the envelope sender address.
envelope_sender = os.environ.get('SENDER')
if envelope_sender == None:
    raise Errors.MissingEnvironmentVariable('SENDER')
# RECIPIENT is the envelope recipient address.
# Use Defaults.RECIPIENT_HEADER instead if set.
recipient_header = None
if Defaults.RECIPIENT_HEADER:
    recipient_header = parseaddr(msgin.get(Defaults.RECIPIENT_HEADER))[1]
envelope_recipient = (recipient_header or os.environ.get('RECIPIENT'))
if envelope_recipient == None:
    raise Errors.MissingEnvironmentVariable('RECIPIENT')
# EXT is the recipient address extension.
address_extension = (os.environ.get('EXT')           # qmail
                     or os.environ.get('EXTENSION')) # Postfix
# Extract EXT from Defaults.RECIPIENT_HEADER if it isn't set.
if not address_extension and (Defaults.RECIPIENT_HEADER and recipient_header):
    recip = recipient_header.split('@')[0]       # remove domain
    if recip:
        pieces = recip.split(Defaults.RECIPIENT_DELIMITER, 1)
        if len(pieces) > 1:
            address_extension = pieces[1]

# If SENDER exists but its value is empty, the message has an empty
# envelope sender.  Set it to the string '<>' so it can be matched as
# such in the filter files.
if envelope_sender == '':
    envelope_sender = '<>'
# If running Sendmail, make sure envelope_sender contains a fully
# qualified address by appending the local hostname if necessary.
# This is often the case when the message is sent between local users
# on a Sendmail system.
elif (Defaults.MAIL_TRANSFER_AGENT == 'sendmail' and
      len(string.split(envelope_sender,'@')) == 1):
    envelope_sender = envelope_sender + '@' + Util.gethostname()
# Ditto for envelope_recipient
if (Defaults.MAIL_TRANSFER_AGENT == 'sendmail' and
    len(string.split(envelope_recipient,'@')) == 1):
    envelope_recipient = envelope_recipient + '@' + Util.gethostname()

# recipient_address is the original address the message was sent to,
# not qmail-send's rewritten interpretation.  This will be the same as
# envelope_recipient if we are not running under a qmail virtualdomain.
recipient_address = envelope_recipient
if (Defaults.MAIL_TRANSFER_AGENT == 'qmail' and
    Defaults.USEVIRTUALDOMAINS and
    os.path.exists(Defaults.VIRTUALDOMAINS)):
    # Parse the virtualdomains control file; see qmail-send(8) for
    # syntax rules.  All this because qmail doesn't store the original
    # envelope recipient in the environment.
    ousername, odomain = envelope_recipient.split('@', 1)
    for line in fileinput.input(Defaults.VIRTUALDOMAINS):
        vdomain_match = 0
        line = line.strip().lower()
        # Comment or blank line?
        if line == '' or line[0] in '#':
            continue
        else:
            vdomain, prepend = line.split(':', 1)
            # domain:prepend
            if vdomain == odomain.lower():
                vdomain_match = 1
            # .domain:prepend (wildcard)
            elif not vdomain.split('.', 1)[0]:
                if odomain.lower().find(vdomain) != -1:
                    vdomain_match = 1
            # user@domain:prepend
            else:
                try:
                    if vdomain.split('@', 1)[1] == odomain.lower():
                        vdomain_match = 1
                except IndexError:
                    pass
            if vdomain_match:
                # strip off the prepend
                if prepend:
                    nusername = ousername.replace(prepend + '-', '', 1)
                    recipient_address = nusername + '@' + odomain
                    # also strip off the prepend and the virtual
                    # username from address_extension
                    address_extension = (Defaults.RECIPIENT_DELIMITER.join
                                         (nusername.split
                                          (Defaults.RECIPIENT_DELIMITER, 1)[1:]))
                    fileinput.close()
                    break

os.environ['TMDA_RECIPIENT'] = recipient_address

# Collect some header values for later use.
subject = msgin.get('subject')
x_primary_address = parseaddr(msgin.get('x-primary-address'))[1]

pendingdir = Defaults.PENDING_DIR

# Catchall variable to enable/disable auto-responses.
auto_reply = 1


###########
# Functions
###########

def logit(action, msg):
    """Write delivery statistics to the logfile if it's enabled."""
    if action in ('DELIVER', 'OK') and Defaults.DELIVERY == '_filter_':
        action += ' [filtered to stdout]'
    action_msg = action + ' ' + msg
    if Defaults.LOGFILE_INCOMING and recipient_address:
        from TMDA import MessageLogger
        logger = MessageLogger.MessageLogger(Defaults.LOGFILE_INCOMING,
                                             msgin,
                                             envsender = envelope_sender,
                                             envrecip = recipient_address,
                                             msg_size = orig_msgin_size,
                                             action_msg = action_msg)
        logger.write()
    if Defaults.ACTION_HEADER_INCOMING and recipient_address:
        del msgin['X-TMDA-Action']
	msgin['X-TMDA-Action'] = action_msg


def autorespond_to_sender(sender):
    """Return true if TMDA should auto-respond to this sender."""
    # Try and detect a bounce message.
    if envelope_sender == '<>' or \
           envelope_sender == '#@[]' or \
           envelope_sender.lower().startswith('mailer-daemon'):
        logit ('NOREPLY', '(envelope sender = %s)' % envelope_sender)
        return 0
    # Majordomo messages don't give any indication that they are
    # auto-responses. tsk, tsk.
    if envelope_sender.lower().startswith('majordomo'):
        logit ('NOREPLY', '(Majordomo)')
        return 0
    # Try and detect an auto-response.
    guilty_header = None
    auto_submitted = msgin.get('auto-submitted')
    if auto_submitted:
        if auto_submitted.lower().strip().startswith('auto-generated') or \
               auto_submitted.lower().strip().startswith('auto-replied'):
            guilty_header = 'Auto-Submitted: %s' % auto_submitted
    # Try and detect a mailing list message.
    #   - header "List-ID:" (as per RFC 2919)
    #   - header "Mailing-List:"
    #   - header "X-Mailing-List:"
    #   - header "X-ML-Name:"
    #   - header "List-(Help|Unsubscribe|Subscribe|Post|Owner|Archive):"
    #     (as per RFC 2369)
    if guilty_header is None:
        list_headers = ['List-Id', 'List-Help', 'List-Subscribe',
                        'List-Unsubscribe', 'List-Post', 'List-Owner',
                        'List-Archive', 'Mailing-List', 'X-Mailing-List',
                        'X-Ml-Name']
        for hdr in list_headers:
            if msgin.has_key(hdr):
                guilty_header = '%s: %s' % (hdr, msgin.get(hdr))
                break
    #   - header "Precedence:" value junk, bulk, or list
    if guilty_header is None:
        precedence = msgin.get('precedence')
        if precedence and precedence.lower() in ('bulk', 'junk', 'list'):
            guilty_header = 'Precedence: %s' % precedence
    if guilty_header:
        logit ('NOREPLY', '(%s)' % guilty_header)
        return 0
    # Auto-response rate limiting.  Algorithm based on Bruce Guenter's
    # qmail-autoresponder (http://untroubled.org/qmail-autoresponder/).
    # See qmail-autoresponder(1) for more details.
    if Defaults.MAX_AUTORESPONSES_PER_DAY == 0:
        return 1
    if os.path.isdir(Defaults.RESPONSE_DIR):
        os.chdir(Defaults.RESPONSE_DIR)
        files = os.listdir('.')
        sndrlist = []
        for file in files:
            # Ignore foreign files.
            try:
                timestamp, pid, address = file.split('.', 2)
            except ValueError:
                continue
            # If file is more than one day old, delete it and continue.
            now = int(time.time())
            if now > (int(timestamp) + Util.seconds('1d')):
                try:
                    os.unlink(file)
                except OSError:
                    # ignore errors on unlink
                    pass
                continue
            else:
                sndrlist.append(address)
        # Count remaining occurrences of this sender, and don't
        # respond if that number it exceeds our threshold.
        if sndrlist.count(Util.normalize_sender(sender)) >= \
               Defaults.MAX_AUTORESPONSES_PER_DAY:
            logit('NOREPLY',
                  '(%s = %s)' % ('MAX_AUTORESPONSES_PER_DAY',
                                 Defaults.MAX_AUTORESPONSES_PER_DAY))
            return 0
    return 1


def send_bounce(bounce_message, type):
    """Send a auto-response back to the envelope sender address."""
    if autorespond_to_sender(envelope_sender) and auto_reply:
        from TMDA import AutoResponse
        ar = AutoResponse.AutoResponse(msgin, bounce_message,
                                       type, envelope_sender)
        ar.create()
        ar.send()
        # Optionally, record this auto-response.
        if Defaults.MAX_AUTORESPONSES_PER_DAY != 0:
            ar.record()


def send_cc(address):
    """Send a 'carbon copy' of the message to address."""
    Util.sendmail(Util.msg_as_string(msgin), address, envelope_sender)
    logit('CC', address)


def do_default_action(action, logname, bouncetext):
    """Handle ACTION_* actions"""
    disposal_time = time.time()
    if action in ('bounce', 'reject'):
        logit('BOUNCE', logname)
        bouncegen('bounce', bouncetext)
    elif action in ('drop', 'exit', 'stop'):
        logit('DROP', logname)
        mta.stop()
    elif action in ('accept', 'deliver', 'ok'):
        logit('OK', logname)
        mta.deliver(msgin)
    elif action == 'hold':
        logit('HOLD', logname)
        bouncegen('hold')
    else:
        logit('CONFIRM', logname)
        bouncegen('request')


def release_pending(timestamp, pid, msg):
    """Release a confirmed message from the pending queue."""
    # Remove Return-Path: to avoid duplicates.
    return_path = return_path = parseaddr(msg.get('return-path'))[1]
    del msg['return-path']
    # Remove X-TMDA-Recipient:
    recipient = msg.get('x-tmda-recipient')
    del msg['x-tmda-recipient']
    # To avoid a mail loop on re-injection, prepend an ``Old-'' prefix
    # to all existing Delivered-To lines.
    Util.rename_headers(msg, 'Delivered-To', 'Old-Delivered-To')
    # Add an X-TMDA-Confirm-Done: field to the top of the header for
    # later verification.  This includes a timestamp, pid, and HMAC.
    del msg['X-TMDA-Confirm-Done']
    msg['X-TMDA-Confirm-Done'] = Cookie.make_confirm_cookie(timestamp,
                                                            pid, 'done')
    # Add the date when confirmed in a header.
    del msg['X-TMDA-Confirmed']
    msg['X-TMDA-Confirmed'] = Util.unixdate()
    # Reinject the message to the original envelope recipient.
    Util.sendmail(Util.msg_as_string(msg), recipient, return_path)
    mta.stop()


def verify_confirm_cookie(confirm_cookie, confirm_action):
    """Verify a confirmation cookie."""
    # Save some time if the cookie is bogus.
    try:
        confirm_timestamp, confirm_pid, confirm_hmac = \
                           confirm_cookie.split('.')
    except ValueError:
        logit("BOUNCE", "invalid_confirmation_address")
        bouncegen('bounce', Defaults.BOUNCE_TEXT_INVALID_CONFIRMATION)
    confirmed_filename = '%s.%s.msg' % (confirm_timestamp, confirm_pid)
    confirmed_filepath = os.path.join(pendingdir, confirmed_filename)
    if confirm_action == 'accept':
        # Determine whether this message has already been delivered, and
        # if by manual release (:3,R), or confirmation (:3,C).
        if os.path.exists(confirmed_filepath + ':3,R'):
            delivery_status = 'r'
        elif os.path.exists(confirmed_filepath + ':3,C'):
            delivery_status = 'c'
        else:
            delivery_status = None
        new_confirm_hmac = Cookie.confirmationmac(confirm_timestamp,
                                                  confirm_pid, confirm_action)
        # Accept the message only if the HMAC can be verified.
        if not (confirm_hmac == new_confirm_hmac):
            logit("BOUNCE", "invalid_confirmation_address")
            bouncegen('bounce', Defaults.BOUNCE_TEXT_INVALID_CONFIRMATION)
        # If the message isn't recorded as delivered and doesn't exist,
        # alert sender that their original is missing.
        if not delivery_status and not (os.path.exists(confirmed_filepath)):
            logit("BOUNCE", "nonexistent_pending_message")
            bouncegen('bounce', Defaults.BOUNCE_TEXT_NONEXISTENT_PENDING)
        logit("CONFIRM", "accept " + confirmed_filename)
        # Optionally carbon copy the confirmation to another address.
        if Defaults.CONFIRM_ACCEPT_CC:
            send_cc(Defaults.CONFIRM_ACCEPT_CC)
        if os.path.exists(confirmed_filepath):
            msg = Util.msg_from_file(open(confirmed_filepath, 'r'))
            # Optionally append the sender's address to a file.
            if Defaults.CONFIRM_APPEND or Defaults.DB_CONFIRM_APPEND:
                confirm_append_addr = Util.confirm_append_address(
                    parseaddr(msg.get('x-primary-address'))[1],
                    parseaddr(msg.get('return-path'))[1])
                if not confirm_append_addr:
                    raise IOError, \
                          confirmed_filepath + ' has no Return-Path header!'
            if Defaults.CONFIRM_APPEND:
                if Util.append_to_file(confirm_append_addr,
                                       Defaults.CONFIRM_APPEND) != 0:
                    logit('CONFIRM_APPEND', Defaults.CONFIRM_APPEND)
            if Defaults.DB_CONFIRM_APPEND and Defaults.DB_CONNECTION:
                _username = Defaults.USERNAME.lower()
                _hostname = Defaults.HOSTNAME.lower()
                _recipient = _username + '@' + _hostname
                params = FilterParser.create_sql_params(
                    recipient=_recipient, username=_username,
                    hostname=_hostname, sender=confirm_append_addr)
                Util.db_insert(Defaults.DB_CONNECTION,
                               Defaults.DB_CONFIRM_APPEND,
                               params)
                logit('DB_CONFIRM_APPEND', '')
        # Optionally generate a confirmation acceptance notice.
        if Defaults.CONFIRM_ACCEPT_NOTIFY:
            if (delivery_status == 'c' and
                Defaults.CONFIRM_ACCEPT_TEXT_ALREADY_CONFIRMED):
                bouncegen('accept',
                          Defaults.CONFIRM_ACCEPT_TEXT_ALREADY_CONFIRMED)
            elif (delivery_status == 'r' and
                  Defaults.CONFIRM_ACCEPT_TEXT_ALREADY_RELEASED):
                bouncegen('accept',
                          Defaults.CONFIRM_ACCEPT_TEXT_ALREADY_RELEASED)
            elif ((not delivery_status) and
                  (Defaults.CONFIRM_ACCEPT_TEXT_INITIAL)):
                bouncegen('accept', Defaults.CONFIRM_ACCEPT_TEXT_INITIAL)
        # Just stop if the message has already been delivered.  Also,
        # change the release mark from 'R' to 'C' to note that this
        # message has had a confirmation attempt.
        if delivery_status:
            if delivery_status == 'r':
                os.rename(confirmed_filepath + ':3,R',
                          confirmed_filepath + ':3,C')
            mta.stop()
        # Release the message for delivery if we get this far.
        release_pending(confirm_timestamp, confirm_pid, msg)
    # post-confirmation
    elif confirm_action == 'done':
        # Regenerate the HMAC for comparison.
        new_confirm_hmac = Cookie.confirmationmac(confirm_timestamp,
                                                  confirm_pid, 'done')
        # Accept the message only if the HMAC can be verified.
        if not (confirm_hmac == new_confirm_hmac):
            logit("CONFIRM", "bad_confirm_done_cookie")
            # Ask for confirmation instead of bouncing or dropping the
            # message in case the sender inadvertently had an
            # X-TMDA-Confirm-Done field in this message, such as when
            # redirecting a previously confirmed message.
            bouncegen('request')
        else:
            # Update the delivery status flag and deliver the message.
            if msgin.has_key('x-tmda-confirmed'):
                status_flag = ':3,C'
            elif msgin.has_key('x-tmda-released'):
                status_flag = ':3,R'
            if os.path.exists(confirmed_filepath):
                os.rename(confirmed_filepath, confirmed_filepath + status_flag)
            logit("OK", "good_confirm_done_cookie")
            # Remove X-TMDA-Confirm-Done: since it's only used
            # internally.  This won't work when delivering '_qok_',
            # since another program (qmail-local) is doing the actual
            # writing of the message.
            del msgin['x-tmda-confirm-done']
            mta.deliver(msgin)


def verify_dated_cookie(dated_cookie):
    """Verify a dated cookie."""
    # Save some time if the cookie is bogus.
    try:
        cookie_date, datemac = dated_cookie.split('.')
    except ValueError:
        do_default_action(Defaults.ACTION_FAIL_DATED.lower(),
                          'action_fail_dated',
                          Defaults.BOUNCE_TEXT_FAIL_DATED)
    # Accept the message only if the address has not expired, and the
    # HMAC is valid.
    if datemac != Cookie.datemac(cookie_date): 
        do_default_action(Defaults.ACTION_FAIL_DATED.lower(),
                          'action_fail_dated',
                          Defaults.BOUNCE_TEXT_FAIL_DATED)
    else:
        if int(cookie_date) >= int('%d' % time.time()):
            logit("OK", "good_dated_cookie (%s)" % \
                  Util.unixdate(int(cookie_date)))
            mta.deliver(msgin)
        else:
            logmsg = "action_expired_dated (%s)" % \
                     Util.unixdate(int(cookie_date))
            do_default_action(Defaults.ACTION_EXPIRED_DATED.lower(),
                              logmsg, Defaults.BOUNCE_TEXT_EXPIRED_DATED)


def verify_sender_cookie(sender_address,sender_cookie):
    """Verify a sender cookie."""
    try:
        addr = Address.Factory(envelope_recipient)
        addr.verify(sender_address)
        logit("OK", "good_sender_cookie")
        mta.deliver(msgin)
    except Address.AddressError, msg:
        defact = Defaults.ACTION_FAIL_SENDER.lower()
        bouncetext = Defaults.BOUNCE_TEXT_FAIL_SENDER
        do_default_action(defact, 'action_fail_sender', bouncetext)


def verify_keyword_cookie(keyword_cookie):
    """Verify a keyword cookie."""
    parts = string.split(keyword_cookie, '.')
    keyword = string.join(parts[:-1], '.')
    mac = parts[-1:][0]
    newmac = Cookie.make_keywordmac(keyword)
    # Accept the message only if the HMAC can be verified.
    if mac == newmac:
        logit("OK", "good_keyword_cookie \"" + keyword + "\"")
        mta.deliver(msgin)
    else:
        defact = Defaults.ACTION_FAIL_KEYWORD.lower()
        bouncetext = Defaults.BOUNCE_TEXT_FAIL_KEYWORD
        do_default_action(defact, 'action_fail_keyword', bouncetext)


def create_pending_msg(timestamp, pid):
    pending_message = "%s.%s.msg" % (timestamp, pid)
    # Create ~/.tmda/ and friends if necessary.
    if not os.path.exists(pendingdir):
        os.makedirs(pendingdir, 0700) # stores the unconfirmed messages
    # X-TMDA-Recipient is used by release_pending().
    del msgin['X-TMDA-Recipient']
    msgin['X-TMDA-Recipient'] = recipient_address
    # Write ~/.tmda/pending/TIMESTAMP.PID.msg
    pending_contents = Util.msg_as_string(msgin)
    fn = os.path.join(pendingdir, pending_message)
    Util.writefile(pending_contents, fn)
    del msgin['X-TMDA-Recipient']
    return pending_message


def bouncegen(mode, text=None, template=None):
    """Bounce a message back to sender."""
    # Stop right away if --discard was specified.
    if discard:
        mta.stop()
    # Common variables.
    now = time.time()
    recipient_address = globals().get('recipient_address')
    recipient_local, recipient_domain = recipient_address.split('@', 1)
    envelope_sender = globals().get('envelope_sender')
    x_primary_address = globals().get('x_primary_address')
    confirm_append_address = Util.confirm_append_address(x_primary_address,
                                                         envelope_sender)
    subject = globals().get('subject')
    original_message_body = globals().get('orig_msgin_body_as_raw_string')
    original_message_headers = globals().get('orig_msgin_headers_as_raw_string')
    original_message_size = globals().get('orig_msgin_size')
    original_message = globals().get('orig_msgin_as_string')
    pending_lifetime = Util.format_timeout(Defaults.PENDING_LIFETIME)
    # Optional 'dated' address variables.
    if Defaults.DATED_TEMPLATE_VARS:
        dated_timeout = Util.format_timeout(Defaults.TIMEOUT)
        dated_expire_date = time.asctime(time.gmtime
                                         (now + Util.seconds(Defaults.TIMEOUT)))
        dated_recipient_address = Cookie.make_dated_address(recipient_address)
    # Optional 'sender' address variables.
    if Defaults.SENDER_TEMPLATE_VARS:
        sender_recipient_address = Cookie.make_sender_address(recipient_address,
                                                              envelope_sender)
    if mode == 'accept':                # confirmation acceptance notices
        templatefile = 'confirm_accept.txt'
        confirm_accept_text = Util.wraptext(text)
    elif mode == 'bounce':              # failure notices
        if text is None:
            mta.stop()
        else:
            if template:
                templatefile = template
            else:
                templatefile = 'bounce.txt'
            bounce_text = Util.wraptext(text)
    elif mode == 'request':               # confirmation requests
        if template:
            templatefile = template
        else:
            templatefile = 'confirm_request.txt'
        timestamp = str('%d' %now)
        pid = Defaults.PID
        confirm_accept_address = Cookie.make_confirm_address(recipient_address,
                                                             timestamp,
                                                             pid,
                                                             'accept')
        if Defaults.CGI_URL:
            # create the url for tmda-cgi release.
            if Defaults.CGI_VIRTUALUSER:
                # include the current uid, recipient address, and release cookie.
                confirm_accept_url = '%s?%s&%s&%s' %(Defaults.CGI_URL,
                                                     os.geteuid(),
                                                     recipient_address,
                                                     Cookie.make_confirm_cookie(
                    timestamp,
                    pid,
                    'accept'
                    ))
            else:
                # include the current euid and release cookie.
                confirm_accept_url = '%s?%s.%s' %(Defaults.CGI_URL, os.geteuid(),
                                                  Cookie.make_confirm_cookie(timestamp,
                                                                             pid,
                                                                             'accept'))
        pending_message = create_pending_msg(timestamp, pid)
    elif mode == 'hold':
        pending_message = create_pending_msg(str('%d' % now), Defaults.PID)
        # Don't send anything for silently held messages
        if Defaults.CONFIRM_CC:
            send_cc(Defaults.CONFIRM_CC)
        logit("HOLD", "pending " + pending_message)
        mta.stop()
    # Create the confirm message and then send it.
    bounce_message = Util.maketext(templatefile, vars())
    if mode == 'accept':
        send_bounce(bounce_message, mode)
    elif mode == 'bounce':
        send_bounce(bounce_message, mode)
        mta.stop()
    elif mode == 'request':
        if Defaults.CONFIRM_CC:
            send_cc(Defaults.CONFIRM_CC)
        logit("CONFIRM", "pending " + pending_message)
        send_bounce(bounce_message, mode)
        mta.stop()     


######
# Main
######

def main():
    # Possibly clean the pending queue?
    if Defaults.PENDING_CLEANUP_ODDS <> 0 and \
           os.path.exists(Defaults.PENDING_DIR):
        from random import random
        if random() < float(Defaults.PENDING_CLEANUP_ODDS):
            from TMDA import Pending
            q = Pending.Queue()
            q.initQueue()
            q.cleanQueue()
    # Get the cookie type and value by parsing the extension address.
    ext = address_extension
    cookie_type = cookie_value = None
    if ext:
        ext = ext.lower()
        ext_split = ext.split(Defaults.RECIPIENT_DELIMITER)
        cookie_value = ext_split[-1]
        try:
            cookie_type = ext_split[-2]
        except IndexError:
            # not a tagged address
            pass
    # The list of sender e-mail addresses comes from the envelope
    # sender, the "From:" header, the "Reply-To:" header, and possibly
    # the "X-Primary-Address" header.
    sender_dict = { envelope_sender: None }
    confirm_append_address = Util.confirm_append_address(x_primary_address,
                                                         envelope_sender)
    if confirm_append_address and confirm_append_address != envelope_sender:
        sender_dict[confirm_append_address] = None
    from_list = getaddresses(msgin.get_all('from', []))
    replyto_list = getaddresses(msgin.get_all('reply-to', []))
    for list in from_list, replyto_list:
        for a in list:
            emaddy = a[1]
            sender_dict[emaddy] = None
    sender_list = [ addr.lower() for addr in sender_dict.keys() ]
    # Process confirmation messages first.
    confirm_done_hdr = msgin.get('x-tmda-confirm-done')
    if confirm_done_hdr:
        verify_confirm_cookie(confirm_done_hdr, 'done')
    if (cookie_type in Defaults.TAGS_CONFIRM) and cookie_value:
        verify_confirm_cookie(cookie_value, 'accept')
    # Parse the incoming filter file.
    infilter = FilterParser.FilterParser(Defaults.DB_CONNECTION)
    infilter.read(Defaults.FILTER_INCOMING)
    (actions, matching_line) = infilter.firstmatch(recipient_address,
                                                   sender_list,
                                                   orig_msgin_body_as_raw_string,
                                                   orig_msgin_headers_as_raw_string,
                                                   orig_msgin_size)
    (action, option) = actions.get('incoming', (None, None))
    # Dispose of the message now if there was a filter file match.
    # Log the action along with and the matching line in the filter
    # file that caused it.
    if action in ('bounce','reject'):
        if Defaults.FILTER_BOUNCE_CC:
            send_cc(Defaults.FILTER_BOUNCE_CC)
        if option:
            logit('BOUNCE', '(%s)' % (matching_line + '=' + option))
            bouncegen('bounce', Defaults.BOUNCE_TEXT_FILTER_INCOMING,
                      template=option)
        else:
            logit('BOUNCE', '(%s)' % matching_line)
            bouncegen('bounce', Defaults.BOUNCE_TEXT_FILTER_INCOMING)
    elif action in ('drop','exit','stop'):
        if Defaults.FILTER_DROP_CC:
            send_cc(Defaults.FILTER_DROP_CC)
        logit('DROP', '(%s)' % matching_line)
        mta.stop()
    elif action in ('accept','deliver','ok'):
        if option:
            logit('DELIVER', '(%s)' % (matching_line + '=' + option))
            mta.deliver(msgin, option)
        else:
            logit('OK', '(%s)' % matching_line)
            mta.deliver(msgin)
    elif action == 'confirm':
        if option:
            logit('CONFIRM', '(%s)' % (matching_line + '=' + option))
            bouncegen('request', template=option)
        else:
            logit('CONFIRM', '(%s)' % matching_line)
            bouncegen('request')
    elif action == 'hold':
        logit('HOLD', '(%s)' % matching_line)
        bouncegen('hold')
    # The message didn't match the filter file, so check if it was
    # sent to a 'tagged' address.
    # Dated tag?
    if (cookie_type in map(lambda s: s.lower(), Defaults.TAGS_DATED)) \
           and cookie_value:
        verify_dated_cookie(cookie_value)
    # Sender tag?
    elif (cookie_type in map(lambda s: s.lower(), Defaults.TAGS_SENDER)) \
             and cookie_value:
        sender_address = globals().get('envelope_sender')
        verify_sender_cookie(sender_address, cookie_value)
    # Keyword tag?
    elif (cookie_type in map(lambda s: s.lower(), Defaults.TAGS_KEYWORD)) \
             and cookie_value:
        verify_keyword_cookie(cookie_value)
    # If the message gets this far (i.e, was not sent to a tagged
    # address and it didn't match the filter file), then we consult
    # Defaults.ACTION_INCOMING.
    default_action = Defaults.ACTION_INCOMING.lower()
    bouncetext = Defaults.BOUNCE_TEXT_FILTER_INCOMING
    do_default_action(default_action, 'action_incoming', bouncetext)

# This is the end my friend.
if __name__ == '__main__':
    main()
