#!/usr/bin/env python
#
# Copyright (C) 2001,2002 Jason R. Mastaler <jason@mastaler.com>
#
# This file is part of TMDA.
#
# TMDA is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.  A copy of this license should
# be included in the file COPYING.
#
# TMDA is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# You should have received a copy of the GNU General Public License
# along with TMDA; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

"""Filter incoming messages on standard input.

Usage:  %(program)s [OPTIONS]

OPTIONS:
	-h
 	--help
	   Print this help message and exit.

        -V
        --version
           Print TMDA version information and exit.
           
	-c <file>
	--config-file <file>
	   Specify a different configuration file other than ~/.tmda/config.

        -d
	--discard
	   Discard message if address is invalid instead of bouncing it.

        -t <dir>
        --template-dir <dir>
	   Full pathname to a directory containing custom TMDA templates.

        -I <file>
        --filter-incoming-file <file>
           Full pathname to your incoming filter file.  Overrides FILTER_INCOMING
           in ~/.tmda/config.
           
        -M <recipient> <sender>
        --filter-match <recipient> <sender>
           Check whether the given e-mail addresses match a line in your incoming
           filter and then exit.  The first address given should be the message
           recipient (you), and the second is the sender.  This option will also
           check for parsing errors in the filter file.
"""

import getopt
import os
import sys

try:
    import paths
except ImportError:
    # Prepend /usr/lib/python2.x/site-packages/TMDA/pythonlib
    sitedir = os.path.join(sys.prefix, 'lib', 'python'+sys.version[:3],
                           'site-packages', 'TMDA', 'pythonlib')
    sys.path.insert(0, sitedir)

from TMDA import Version


filter_match = None
discard = None
program = sys.argv[0]

def usage(code, msg=''):
    print __doc__ % globals()
    if msg:
        print msg
    sys.exit(code)
    
try:
    opts, args = getopt.getopt(sys.argv[1:],
                               'c:dt:I:M:Vh', ['config-file=',
                                               'discard',
                                               'template-dir=',
                                               'filter-incoming-file=',
                                               'filter-match=',
                                               'version',
                                               'help'])
except getopt.error, msg:
    usage(1, msg)

for opt, arg in opts:
    if opt in ('-h', '--help'):
        usage(0)
    if opt == '-V':
        print Version.ALL
        sys.exit()
    if opt == '--version':
        print Version.TMDA
        sys.exit()
    elif opt in ('-M', '--filter-match'):
	filter_match = 1
    elif opt in ('-I', '--filter-incoming-file'):
	os.environ['TMDA_FILTER_INCOMING'] = arg
    elif opt in ('-t', '--template-dir'):
        os.environ['TMDA_TEMPLATE_DIR'] = arg
    elif opt in ('-d', '--discard'):
	discard = 1
    elif opt in ('-c', '--config-file'):
        os.environ['TMDARC'] = arg


from TMDA import Defaults
from TMDA import Cookie
from TMDA import Errors
from TMDA import FilterParser
from TMDA import MTA
from TMDA import Util


from cStringIO import StringIO
from email.Utils import parseaddr, getaddresses
import email
import fileinput
import string
import time


# Just check Defaults.FILTER_INCOMING for syntax errors and possible
# matches, and then exit.
if filter_match:
    sender = sys.argv[-1]
    recip = sys.argv[-2]
    Util.filter_match(Defaults.FILTER_INCOMING, recip, sender)
    sys.exit()
    
# We use this MTA instance to control the fate of the message.
mta = MTA.init()

# Read sys.stdin into a temporary variable for later access.
stdin = StringIO(sys.stdin.read())

# The incoming message as an email.Message object.
msgin = email.message_from_file(stdin)

# Original message contents as a string.
orig_msgin_as_string = msgin.as_string()

# Original message headers as a string.
orig_msgin_headers_as_string = Util.headers_as_string(msgin)

# Original message headers as a raw string.
orig_msgin_headers_as_raw_string = Util.headers_as_raw_string(msgin)

# Original message body.
orig_msgin_body = msgin.get_payload()

# Original message body as a raw string.
orig_msgin_body_as_raw_string = Util.body_as_raw_string(msgin)

# Calculate the incoming message size.
orig_msgin_size = len(orig_msgin_as_string)

# Collect the three essential environment variables, and defer if they
# are missing.

# SENDER is the envelope sender address.
envelope_sender = os.environ.get('SENDER')
if envelope_sender == None:
    raise Errors.MissingEnvironmentVariable('SENDER')
# RECIPIENT is the envelope recipient address.
# Use Defaults.RECIPIENT_HEADER instead if set.
recipient_header = None
if Defaults.RECIPIENT_HEADER:
    recipient_header = parseaddr(msgin.get(Defaults.RECIPIENT_HEADER))[1]
envelope_recipient = (recipient_header or os.environ.get('RECIPIENT'))
if envelope_recipient == None:
    raise Errors.MissingEnvironmentVariable('RECIPIENT')
# EXT is the recipient address extension.
address_extension = (os.environ.get('EXT')           # qmail
                     or os.environ.get('EXTENSION')) # Postfix

# If SENDER exists but its value is empty, the message has an empty
# envelope sender.  Set it to the string '<>' so it can be matched as
# such in the filter files.
if envelope_sender == '':
    envelope_sender = '<>'
# If running Sendmail, make sure envelope_sender contains a fully
# qualified address by appending the local hostname if necessary.
# This is often the case when the message is sent between local users
# on a Sendmail system.
elif (Defaults.MAIL_TRANSFER_AGENT == 'sendmail' and
      len(string.split(envelope_sender,'@')) == 1):
    envelope_sender = envelope_sender + '@' + Util.gethostname()
# Ditto for envelope_recipient
if (Defaults.MAIL_TRANSFER_AGENT == 'sendmail' and
    len(string.split(envelope_recipient,'@')) == 1):
    envelope_recipient = envelope_recipient + '@' + Util.gethostname()

# recipient_address is the original address the message was sent to,
# not qmail-send's rewritten interpretation.  This will be the same as
# envelope_recipient if we are not running under a qmail virtualdomain.
recipient_address = envelope_recipient
if (Defaults.MAIL_TRANSFER_AGENT == 'qmail' and
    Defaults.USEVIRTUALDOMAINS and
    os.path.exists(Defaults.VIRTUALDOMAINS)):
    # Parse the virtualdomains control file; see qmail-send(8) for
    # syntax rules.  All this because qmail doesn't store the original
    # envelope recipient in the environment.
    ousername, odomain = envelope_recipient.split('@', 1)
    for line in fileinput.input(Defaults.VIRTUALDOMAINS):
        vdomain_match = 0
        line = line.strip().lower()
        # Comment or blank line?
        if line == '' or line[0] in '#':
            continue
        else:
            vdomain, prepend = line.split(':', 1)
            # domain:prepend
            if vdomain == odomain.lower():
                vdomain_match = 1
            # .domain:prepend (wildcard)
            elif not vdomain.split('.', 1)[0]:
                if odomain.lower().find(vdomain) != 1:
                    vdomain_match = 1
            # user@domain:prepend
            else:
                try:
                    if vdomain.split('@', 1)[1] == odomain.lower():
                        vdomain_match = 1
                except IndexError:
                    pass
            if vdomain_match:
                # strip off the prepend
                if prepend:
                    nusername = ousername.replace(prepend + '-', '', 1)
                    recipient_address = nusername + '@' + odomain
                    # also strip off the prepend and the virtual
                    # username from address_extension
                    address_extension = (Defaults.RECIPIENT_DELIMITER.join
                                         (nusername.split
                                          (Defaults.RECIPIENT_DELIMITER, 1)[1:]))
                    fileinput.close()
                    break

# Collect some header values for later use.
subject = msgin.get('subject')
x_primary_address = parseaddr(msgin.get('x-primary-address'))[1]

# The directory of pending messages.
pendingdir = os.path.join(Defaults.DATADIR, 'pending')

# Catchall variable to enable/disable auto-responses.
auto_reply = 1


###########
# Functions
###########

def logit(action_msg):
    """Write delivery statistics to the logfile if it's enabled."""
    if Defaults.LOGFILE_INCOMING and recipient_address:
        if not globals().get('auto_reply'):
            action_msg = '%s (no reply)' % action_msg
        from TMDA import MessageLogger
        logger = MessageLogger.MessageLogger(Defaults.LOGFILE_INCOMING,
                                             msgin,
                                             envsender = envelope_sender,
                                             envrecip = recipient_address,
                                             msg_size = orig_msgin_size,
                                             action_msg = action_msg)
        logger.write()


def autorespond_to_sender(sender):
    """Return true if TMDA should auto-respond to this sender."""
    # Try and detect a bounce message.
    if envelope_sender == '<>' or \
           envelope_sender == '#@[]' or \
           envelope_sender.lower().startswith('mailer-daemon'):
        logit ('NOREPLY (envelope sender = %s)' % envelope_sender)
        return 0
    # Try and detect an auto-response.
    guilty_header = None
    auto_submitted = msgin.get('auto-submitted')
    if auto_submitted:
        if auto_submitted.lower().strip().startswith('auto-generated') or \
               auto_submitted.lower().strip().startswith('auto-replied'):
            guilty_header = 'Auto-Submitted: %s' % auto_submitted
    # Try and detect a mailing list message.
    #   - header "List-ID:" (as per RFC 2919)
    #   - header "Mailing-List:"
    #   - header "X-Mailing-List:"
    #   - header "X-ML-Name:"
    #   - header "List-(Help|Unsubscribe|Subscribe|Post|Owner|Archive):"
    #     (as per RFC 2369)
    if guilty_header is None:
        list_headers = ['List-Id', 'List-Help', 'List-Subscribe',
                        'List-Unsubscribe', 'List-Post', 'List-Owner',
                        'List-Archive', 'Mailing-List', 'X-Mailing-List',
                        'X-Ml-Name']
        for hdr in list_headers:
            if msgin.has_key(hdr):
                guilty_header = '%s: %s' % (hdr, msgin.get(hdr))
                break
    #   - header "Precedence:" value junk, bulk, or list
    if guilty_header is None:
        precedence = msgin.get('precedence')
        if precedence and precedence.lower() in ('bulk', 'junk', 'list'):
            guilty_header = 'Precedence: %s' % precedence
    if guilty_header:
        logit ('NOREPLY (%s)' % guilty_header)
        return 0
    # Auto-response rate limiting.  Algorithm based on Bruce Guenter's
    # qmail-autoresponder (http://untroubled.org/qmail-autoresponder/).
    # See qmail-autoresponder(1) for more details.
    if Defaults.MAX_AUTORESPONSES_PER_DAY == 0:
        return 1
    if os.path.isdir(Defaults.RESPONSE_DIR):
        os.chdir(Defaults.RESPONSE_DIR)
        files = os.listdir('.')
        sndrlist = []
        for file in files:
            # Ignore foreign files.
            try:
                timestamp, pid, address = file.split('.', 2)
            except ValueError:
                continue
            # If file is more than one day old, delete it and continue.
            now = int(time.time())
            if now > (int(timestamp) + Util.seconds('1d')):
                try:
                    os.unlink(file)
                except OSError:
                    # ignore errors on unlink
                    pass
                continue
            else:
                sndrlist.append(address)
        # Count remaining occurrences of this sender, and don't
        # respond if that number it exceeds our threshold.
        if sndrlist.count(Util.normalize_sender(sender)) >= \
               Defaults.MAX_AUTORESPONSES_PER_DAY:
            logit('NOREPLY (%s = %s)' % ('MAX_AUTORESPONSES_PER_DAY',
                                         Defaults.MAX_AUTORESPONSES_PER_DAY))
            return 0
    return 1


def send_bounce(bounce_message, type):
    """Send a auto-response back to the envelope sender address."""
    if autorespond_to_sender(envelope_sender) and auto_reply:
        from TMDA import AutoResponse
        ar = AutoResponse.AutoResponse(msgin, bounce_message,
                                       type, envelope_sender)
        ar.create()
        ar.send()
        # Optionally, record this auto-response.
        if Defaults.MAX_AUTORESPONSES_PER_DAY != 0:
            ar.record()


def send_cc(address):
    """Send a 'carbon copy' of the message to address."""
    Util.sendmail(msgin.as_string(), address, envelope_sender)
    logit('CC ' + address)


def do_default_action(action, logname, bouncetext):
    """Handle ACTION_* actions"""
    disposal_time = time.time()
    if action in ('bounce', 'reject'):
        logit('%s %s' % ('BOUNCE', logname))
        bouncegen('bounce', bouncetext)
    elif action in ('drop', 'exit', 'stop'):
        logit('%s %s' % ('DROP', logname))
        mta.stop()
    elif action in ('accept', 'deliver', 'ok'):
        logit('%s %s' % ('OK', logname))
        mta.deliver(msgin)
    elif action == 'hold':
        logit('%s %s' % ('HOLD', logname))
        bouncegen('hold')
    else:
        logit('%s %s' % ('CONFIRM', logname))
        bouncegen('request')


def release_pending(timestamp, pid, msg):
    """Release a confirmed message from the pending queue."""
    # Remove Return-Path: to avoid duplicates.
    return_path = return_path = parseaddr(msg.get('return-path'))[1]
    del msg['return-path']
    # Remove X-TMDA-Recipient:
    recipient = msg.get('x-tmda-recipient')
    del msg['x-tmda-recipient']
    # To avoid a mail loop on re-injection, prepend an ``Old-'' prefix
    # to all existing Delivered-To lines.
    Util.rename_headers(msg, 'Delivered-To', 'Old-Delivered-To')
    # Add an X-TMDA-Confirm-Done: field to the top of the header for
    # later verification.  This includes a timestamp, pid, and HMAC.
    del msg['X-TMDA-Confirm-Done']
    msg['X-TMDA-Confirm-Done'] = Cookie.make_confirm_cookie(timestamp,
                                                            pid, 'done')
    # Add the date when confirmed in a header.
    del msg['X-TMDA-Confirmed']
    msg['X-TMDA-Confirmed'] = Util.unixdate()
    # Reinject the message to the original envelope recipient.
    Util.sendmail(msg.as_string(), recipient, return_path)
    mta.stop()


def verify_confirm_cookie(confirm_cookie, confirm_action):
    """Verify a confirmation cookie."""
    # Save some time if the cookie is bogus.
    try:
        confirm_timestamp, confirm_pid, confirm_hmac = \
                           confirm_cookie.split('.')
    except ValueError:
        logit("BOUNCE invalid_confirmation_address")
        bouncegen('bounce', Defaults.BOUNCE_TEXT_INVALID_CONFIRMATION)
    confirmed_filename = '%s.%s.msg' % (confirm_timestamp, confirm_pid)
    confirmed_filepath = os.path.join(pendingdir, confirmed_filename)
    if confirm_action == 'accept':
        # Determine whether this message has already been delivered, and
        # if by manual release (:3,R), or confirmation (:3,C).
        if os.path.exists(confirmed_filepath + ':3,R'):
            delivery_status = 'r'
        elif os.path.exists(confirmed_filepath + ':3,C'):
            delivery_status = 'c'
        else:
            delivery_status = None
        new_confirm_hmac = Cookie.confirmationmac(confirm_timestamp,
                                                  confirm_pid, confirm_action)
        # Accept the message only if the HMAC can be verified.
        if not (confirm_hmac == new_confirm_hmac):
            logit("BOUNCE invalid_confirmation_address")
            bouncegen('bounce', Defaults.BOUNCE_TEXT_INVALID_CONFIRMATION)
        # If the message isn't recorded as delivered and doesn't exist,
        # alert sender that their original is missing.
        if not delivery_status and not (os.path.exists(confirmed_filepath)):
            logit("BOUNCE nonexistent_pending_message")
            bouncegen('bounce', Defaults.BOUNCE_TEXT_NONEXISTENT_PENDING)
        logit("CONFIRM accept " + confirmed_filename)
        # Optionally carbon copy the confirmation to another address.
        if Defaults.CONFIRM_ACCEPT_CC:
            send_cc(Defaults.CONFIRM_ACCEPT_CC)
        if os.path.exists(confirmed_filepath):
            msg = email.message_from_file(open(confirmed_filepath, 'r'))
            # Optionally append the sender's address to a file.
            if Defaults.CONFIRM_APPEND:
                confirm_append_addr = Util.confirm_append_address(
                    parseaddr(msg.get('x-primary-address'))[1],
                    parseaddr(msg.get('return-path'))[1])
                if not confirm_append_addr:
                    raise IOError, \
                          confirmed_filepath + ' has no Return-Path header!'
                if Util.append_to_file(confirm_append_addr,
                                       Defaults.CONFIRM_APPEND) != 0:
                    logit('CONFIRM_APPEND ' + Defaults.CONFIRM_APPEND)
        # Optionally generate a confirmation acceptance notice.
        if Defaults.CONFIRM_ACCEPT_NOTIFY:
            if (delivery_status == 'c' and
                Defaults.CONFIRM_ACCEPT_TEXT_ALREADY_CONFIRMED):
                bouncegen('accept',
                          Defaults.CONFIRM_ACCEPT_TEXT_ALREADY_CONFIRMED)
            elif (delivery_status == 'r' and
                  Defaults.CONFIRM_ACCEPT_TEXT_ALREADY_RELEASED):
                bouncegen('accept',
                          Defaults.CONFIRM_ACCEPT_TEXT_ALREADY_RELEASED)
            elif not delivery_status:
                bouncegen('accept', Defaults.CONFIRM_ACCEPT_TEXT_INITIAL)
        # Just stop if the message has already been delivered.  Also,
        # change the release mark from 'R' to 'C' to note that this
        # message has had a confirmation attempt.
        if delivery_status:
            if delivery_status == 'r':
                os.rename(confirmed_filepath + ':3,R',
                          confirmed_filepath + ':3,C')
            mta.stop()
        # Release the message for delivery if we get this far.
        release_pending(confirm_timestamp, confirm_pid, msg)
    # post-confirmation
    elif confirm_action == 'done':
        # Regenerate the HMAC for comparison.
        new_confirm_hmac = Cookie.confirmationmac(confirm_timestamp,
                                                  confirm_pid, 'done')
        # Accept the message only if the HMAC can be verified.
        if not (confirm_hmac == new_confirm_hmac):
            logit("CONFIRM bad_confirm_done_cookie")
            # Ask for confirmation instead of bouncing or dropping the
            # message in case the sender inadvertently had an
            # X-TMDA-Confirm-Done field in this message, such as when
            # redirecting a previously confirmed message.
            bouncegen('request')
        else:
            # Update the delivery status flag and deliver the message.
            if msgin.has_key('x-tmda-confirmed'):
                status_flag = ':3,C'
            elif msgin.has_key('x-tmda-released'):
                status_flag = ':3,R'
            if os.path.exists(confirmed_filepath):
                os.rename(confirmed_filepath, confirmed_filepath + status_flag)
            logit("OK good_confirm_done_cookie")
            # Remove X-TMDA-Confirm-Done: since it's only used
            # internally.  This won't work when delivering '_qok_',
            # since another program (qmail-local) is doing the actual
            # writing of the message.
            del msgin['x-tmda-confirm-done']
            mta.deliver(msgin)


def verify_dated_cookie(dated_cookie):
    """Verify a dated cookie."""
    # Save some time if the cookie is bogus.
    try:
        cookie_date, datemac = dated_cookie.split('.')
    except ValueError:
        do_default_action(Defaults.ACTION_FAIL_DATED.lower(),
                          'action_fail_dated',
                          Defaults.BOUNCE_TEXT_FAIL_DATED)
    # Accept the message only if the address has not expired, and the
    # HMAC is valid.
    if datemac != Cookie.datemac(cookie_date): 
        do_default_action(Defaults.ACTION_FAIL_DATED.lower(),
                          'action_fail_dated',
                          Defaults.BOUNCE_TEXT_FAIL_DATED)
    else:
        if int(cookie_date) >= int('%d' % time.time()):
            logit("OK good_dated_cookie (%s)" % \
                  Util.unixdate(int(cookie_date)))
            mta.deliver(msgin)
        else:
            logmsg = "action_expired_dated (%s)" % \
                     Util.unixdate(int(cookie_date))
            do_default_action(Defaults.ACTION_EXPIRED_DATED.lower(),
                              logmsg, Defaults.BOUNCE_TEXT_EXPIRED_DATED)


def verify_sender_cookie(sender_address,sender_cookie):
    """Verify a sender cookie."""
    sender_address_cookie = Cookie.make_sender_cookie(sender_address)
    # Accept the message only if the HMAC can be verified.
    if (sender_cookie == sender_address_cookie):
        logit("OK good_sender_cookie")
        mta.deliver(msgin)
    else:
        defact = Defaults.ACTION_FAIL_SENDER.lower()
        bouncetext = Defaults.BOUNCE_TEXT_FAIL_SENDER
        do_default_action(defact, 'action_fail_sender', bouncetext)


def verify_keyword_cookie(keyword_cookie):
    """Verify a keyword cookie."""
    parts = string.split(keyword_cookie, '.')
    keyword = string.join(parts[:-1], '.')
    mac = parts[-1:][0]
    newmac = Cookie.make_keywordmac(keyword)
    # Accept the message only if the HMAC can be verified.
    if mac == newmac:
        logit("OK good_keyword_cookie \"" + keyword + "\"")
        mta.deliver(msgin)
    else:
        defact = Defaults.ACTION_FAIL_KEYWORD.lower()
        bouncetext = Defaults.BOUNCE_TEXT_FAIL_KEYWORD
        do_default_action(defact, 'action_fail_keyword', bouncetext)


def create_pending_msg(timestamp, pid):
    pending_message = "%s.%s.msg" % (timestamp, pid)
    # Create ~/.tmda/ and friends if necessary.
    if not os.path.exists(pendingdir):
        os.makedirs(pendingdir, 0700) # stores the unconfirmed messages
    # X-TMDA-Recipient is used by release_pending().
    del msgin['X-TMDA-Recipient']
    msgin['X-TMDA-Recipient'] = recipient_address
    # Write ~/.tmda/pending/TIMESTAMP.PID.msg
    pending_contents = msgin.as_string()
    fn = os.path.join(pendingdir, pending_message)
    Util.writefile(pending_contents, fn)
    del msgin['X-TMDA-Recipient']
    return pending_message


def bouncegen(mode, text=None):
    """Bounce a message back to sender."""
    # Stop right away if --discard was specified.
    if discard:
        mta.stop()
    # Common variables.
    now = time.time()
    recipient_address = globals().get('recipient_address')
    recipient_local, recipient_domain = recipient_address.split('@', 1)
    envelope_sender = globals().get('envelope_sender')
    x_primary_address = globals().get('x_primary_address')
    confirm_append_address = Util.confirm_append_address(x_primary_address,
                                                         envelope_sender)
    subject = globals().get('subject')
    original_message_body = globals().get('orig_msgin_body_as_raw_string')
    original_message_headers = globals().get('orig_msgin_headers_as_raw_string')
    original_message_size = globals().get('orig_msgin_size')
    original_message = globals().get('orig_msgin_as_string')
    # Optional 'dated' address variables.
    if Defaults.DATED_TEMPLATE_VARS:
        dated_timeout = Util.format_timeout(Defaults.TIMEOUT)
        dated_expire_date = time.asctime(time.gmtime
                                         (now + Util.seconds(Defaults.TIMEOUT)))
        dated_recipient_address = Cookie.make_dated_address(recipient_address)
    # Optional 'sender' address variables.
    if Defaults.SENDER_TEMPLATE_VARS:
        sender_recipient_address = Cookie.make_sender_address(recipient_address,
                                                              envelope_sender)
    if mode == 'accept':                # confirmation acceptance notices
        templatefile = 'confirm_accept.txt'
        confirm_accept_text = Util.wraptext(text)
    elif mode == 'bounce':              # failure notices
        if text is None:
            mta.stop()
        else:
            templatefile = 'bounce.txt'
            bounce_text = Util.wraptext(text)
    elif mode == 'request':               # confirmation requests
        templatefile = 'confirm_request.txt'
        timestamp = str('%d' %now)
        pid = Defaults.PID
        confirm_accept_address = Cookie.make_confirm_address(recipient_address,
                                                             timestamp,
                                                             pid,
                                                             'accept')
        if Defaults.CGI_ACTIVE and Defaults.CGI_URL:
            # e.g, http://www.domain.tld/tmda.cgi?684.1038959858.48460.c7a2e8
            confirm_accept_url = '%s?%s.%s' %(Defaults.CGI_URL, os.geteuid(),
                                              Cookie.make_confirm_cookie(timestamp,
                                                                         pid,
                                                                         'accept'))
        pending_message = create_pending_msg(timestamp, pid)
    elif mode == 'hold':
        pending_message = create_pending_msg(str('%d' % now), Defaults.PID)
        # Don't send anything for silently held messages
        if Defaults.CONFIRM_CC:
            send_cc(Defaults.CONFIRM_CC)
        logit("HOLD pending " + pending_message)
        mta.stop()
    # Create the confirm message and then send it.
    bounce_message = Util.maketext(templatefile, vars())
    if mode == 'accept':
        send_bounce(bounce_message, mode)
    elif mode == 'bounce':
        send_bounce(bounce_message, mode)
        mta.stop()
    elif mode == 'request':
        if Defaults.CONFIRM_CC:
            send_cc(Defaults.CONFIRM_CC)
        logit("CONFIRM pending " + pending_message)
        send_bounce(bounce_message, mode)
        mta.stop()     


######
# Main
######

def main():

    # Get the cookie type and value by parsing the extension address.
    ext = address_extension
    cookie_type = cookie_value = None
    if ext:
        ext = ext.lower()
        ext_split = ext.split(Defaults.RECIPIENT_DELIMITER)
        cookie_value = ext_split[-1]
        try:
            cookie_type = ext_split[-2]
        except IndexError:
            # not a tagged address
            pass
    # The list of sender e-mail addresses comes from the envelope
    # sender, the "From:" header, the "Reply-To:" header, and possibly
    # the "X-Primary-Address" header.
    sender_list = [envelope_sender]
    confirm_append_address = Util.confirm_append_address(x_primary_address,
                                                         envelope_sender)
    if confirm_append_address and confirm_append_address != envelope_sender:
        sender_list.append(confirm_append_address)
    from_list = getaddresses(msgin.get_all('from', []))
    replyto_list = getaddresses(msgin.get_all('reply-to', []))
    for list in from_list, replyto_list:
        for a in list:
            emaddy = a[1]
            sender_list.append(emaddy)
    # Process confirmation messages first.
    confirm_done_hdr = msgin.get('x-tmda-confirm-done')
    if confirm_done_hdr:
        verify_confirm_cookie(confirm_done_hdr, 'done')
    if (cookie_type in Defaults.TAGS_CONFIRM) and cookie_value:
        verify_confirm_cookie(cookie_value, 'accept')
    # Parse the incoming filter file.
    infilter = FilterParser.FilterParser()
    infilter.read(Defaults.FILTER_INCOMING)
    (actions, matching_line) = infilter.firstmatch(recipient_address,
                                                   sender_list,
                                                   orig_msgin_body_as_raw_string,
                                                   orig_msgin_headers_as_raw_string,
                                                   orig_msgin_size)
    (action, option) = actions.get('incoming', (None, None))
    # Dispose of the message now if there was a filter file match.
    # Log the action along with and the matching line in the filter
    # file that caused it.
    if action in ('bounce','reject'):
        if Defaults.FILTER_BOUNCE_CC:
            send_cc(Defaults.FILTER_BOUNCE_CC)
        logit('%s (%s)' % ('BOUNCE', matching_line))
        bouncegen('bounce', Defaults.BOUNCE_TEXT_FILTER_INCOMING)
    elif action in ('drop','exit','stop'):
        if Defaults.FILTER_DROP_CC:
            send_cc(Defaults.FILTER_DROP_CC)
        logit('%s (%s)' % ('DROP', matching_line))
        mta.stop()
    elif action in ('accept','deliver','ok'):
        if option:
            logit('%s (%s)' % ('DELIVER', matching_line + '=' + option))
            mta.deliver(msgin, option)
        else:
            logit('%s (%s)' % ('OK', matching_line))
            mta.deliver(msgin)
    elif action == 'confirm':
        logit('%s (%s)' % ('CONFIRM', matching_line))
        bouncegen('request')
    elif action == 'hold':
        logit('%s (%s)' % ('HOLD', matching_line))
        bouncegen('hold')
    # The message didn't match the filter file, so check if it was
    # sent to a 'tagged' address.
    # Dated tag?
    if (cookie_type in map(lambda s: s.lower(), Defaults.TAGS_DATED)) \
           and cookie_value:
        verify_dated_cookie(cookie_value)
    # Sender tag?
    elif (cookie_type in map(lambda s: s.lower(), Defaults.TAGS_SENDER)) \
             and cookie_value:
        sender_address = globals().get('envelope_sender')
        verify_sender_cookie(sender_address, cookie_value)
    # Keyword tag?
    elif (cookie_type in map(lambda s: s.lower(), Defaults.TAGS_KEYWORD)) \
             and cookie_value:
        verify_keyword_cookie(cookie_value)
    # If the message gets this far (i.e, was not sent to a tagged
    # address and it didn't match the filter file), then we consult
    # Defaults.ACTION_INCOMING.
    default_action = Defaults.ACTION_INCOMING.lower()
    bouncetext = Defaults.BOUNCE_TEXT_FILTER_INCOMING
    do_default_action(default_action, 'action_incoming', bouncetext)


# This is the end my friend.
if __name__ == '__main__':
    main()
