From bf4630c098ad7159ba36dea6cfe77c4cf6806ffe Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Fri, 10 Jan 2014 23:50:16 +0000
Subject: reject messages if ORIGINAL_RECIPIENT is not specified

SpamAssassin doesn't seem to have this heuristic, but the lack of
the intended email address in To:/Cc: headers cannot be a good
sign (especially when this is a _public_ inbox).
---
 lib/PublicInbox.pm | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 lib/PublicInbox.pm

(limited to 'lib')

diff --git a/lib/PublicInbox.pm b/lib/PublicInbox.pm
new file mode 100644
index 00000000..b51c000f
--- /dev/null
+++ b/lib/PublicInbox.pm
@@ -0,0 +1,33 @@
+# Copyright (C) 2013, Eric Wong <normalperson@yhbt.net> and all contributors
+# License: AGPLv3 or later (https://www.gnu.org/licenses/agpl-3.0.txt)
+package PublicInbox;
+use strict;
+use warnings;
+use Email::Address;
+
+# drop plus addressing for matching
+sub __drop_plus {
+	my ($str_addr) = @_;
+	$str_addr =~ s/\+.*\@/\@/;
+	$str_addr;
+}
+
+# do not allow Bcc, only Cc and To if ORIGINAL_RECIPIENT (postfix) env is set
+sub recipient_specified {
+	my ($klass, $filter) = @_;
+	my $or = $ENV{ORIGINAL_RECIPIENT};
+	defined($or) or return 1; # for imports
+	my @or = Email::Address->parse($or);
+	my $oaddr = __drop_plus($or[0]->address);
+	$oaddr = qr/\b\Q$oaddr\E\b/i;
+	my @to = Email::Address->parse($filter->to);
+	my @cc = Email::Address->parse($filter->cc);
+	foreach my $addr (@to, @cc) {
+		if (__drop_plus($addr->address) =~ $oaddr) {
+			return 1;
+		}
+	}
+	return 0;
+}
+
+1;
-- 
cgit v1.2.3-24-ge0c7