Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/roles/mailman3/files/enable_dmarc_mitigation.py
Michal Konecny a5ed1c6a2a [mailman] Add script to enable DMARC mitigation 
This script is added to implement
https://pagure.io/fedora-infrastructure/issue/11427

The script was already executed on staging environment and finished without
issue. It could be executed multiple times and only affects list that don't have
the settings set yet. I will document this as another step to take when creating
a new list.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2024-09-27 08:35:11 +00:00

73 lines
2.4 KiB
Python
Raw Blame History

#!/usr/bin/python3
"""
This script is for enabling DMARC mitigation in mailman3 for
any list that doesn't have the policy enabled.
For more info about DMARC mitigation in mailman3 see
https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/docs/dmarc-mitigations.html
For more info why Fedora is doing this see
https://pagure.io/fedora-infrastructure/issue/11427
The script will set dmarc_mitigate related columns
in `mailman` table to preferred values.
"""
import configparser
import psycopg2
MAILINGLIST_TABLE = "mailinglist"
DMARC_MITIGATE_ACTIONS = {
"no_mitigation": 0,
"munge_from": 1,
"wrap_message": 2,
"reject": 3,
"discard": 4
}
# Default DMARC values we want to set
DEFAULT_DMARC_MITIGATE_ACTION = 1 # munge_from option
DEFAULT_DMARC_MITIGATE_UNCONDITIONALLY = True # Apply to everything
# Read the database information from mailman config
config = configparser.ConfigParser()
config.read('/etc/mailman.cfg')
db_connect_url = config["database"]["url"]
conn = psycopg2.connect(db_connect_url)
try:
with conn.cursor() as cursor:
# Obtain all mailing lists that don't have DMARC mitigation enabled
cursor.execute(
"SELECT id FROM {} WHERE dmarc_mitigate_action={}".format(
MAILINGLIST_TABLE, DMARC_MITIGATE_ACTIONS["no_mitigation"]
)
)
rows = cursor.fetchall()
update_data = []
for row in rows:
update_data.append(row[0])
print("Will update {0} rows".format(len(update_data)))
# Update DMARC mitigation action
for row_id in update_data:
# print(
# "UPDATE {0} SET dmarc_mitigate_action = {1}, dmarc_mitigate_unconditionally = {2} WHERE id = {3}".format(
# MAILINGLIST_TABLE,
# DEFAULT_DMARC_MITIGATE_ACTION,
# DEFAULT_DMARC_MITIGATE_UNCONDITIONALLY,
# row_id
# )
# )
cursor.execute(
"UPDATE {0} SET dmarc_mitigate_action = {1}, dmarc_mitigate_unconditionally = {2} WHERE id = {3}".format(
MAILINGLIST_TABLE,
DEFAULT_DMARC_MITIGATE_ACTION,
DEFAULT_DMARC_MITIGATE_UNCONDITIONALLY,
row_id
)
)
conn.commit()
print("Updated rows: {}".format(len(update_data)))
except (Exception, psycopg2.DatabaseError) as error:
print(error)
Reference in a new issue View git blame Copy permalink