Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-08 17:36:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: Don't send unencrypted Auto-Submitted header (#7938)

Browse Source 
Cherry-picked 8c09ca3

Follow-up to https://github.com/chatmail/core/pull/7935
This commit is contained in:
Hocuri
2026-03-06 10:29:17 +01:00
committed by GitHub
parent abb93cd79d
commit 1e20055523
3 changed files with 9 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/imap/session.rs
View File

@@ -23,7 +23,6 @@ const PREFETCH_FLAGS: &str = "(UID INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIE
FROM \ FROM \
CHAT-VERSION \ CHAT-VERSION \
CHAT-IS-POST-MESSAGE \ CHAT-IS-POST-MESSAGE \
AUTO-SUBMITTED \
AUTOCRYPT-SETUP-MESSAGE\ AUTOCRYPT-SETUP-MESSAGE\
)])"; )])";

12
src/mimefactory.rs
View File

@@ -1553,13 +1553,10 @@ impl MimeFactory {
| SystemMessage::MultiDeviceSync | SystemMessage::MultiDeviceSync
| SystemMessage::WebxdcStatusUpdate => { | SystemMessage::WebxdcStatusUpdate => {
// This should prevent automatic replies, // This should prevent automatic replies,
// such as non-delivery reports. // such as non-delivery reports,
// if the message is unencrypted.
// //
// See <https://tools.ietf.org/html/rfc3834> // See <https://tools.ietf.org/html/rfc3834>
//
// Adding this header without encryption leaks some
// information about the message contents, but it can
// already be easily guessed from message timing and size.
headers.push(( headers.push((
"Auto-Submitted", "Auto-Submitted",
mail_builder::headers::raw::Raw::new("auto-generated").into(), mail_builder::headers::raw::Raw::new("auto-generated").into(),
@@ -2190,10 +2187,7 @@ fn group_headers_by_confidentiality(
mail_builder::headers::raw::Raw::new("[...]").into(), mail_builder::headers::raw::Raw::new("[...]").into(),
)); ));
} }
"auto-submitted" "chat-version" | "autocrypt-setup-message" | "chat-is-post-message" => {
| "chat-version"
| "autocrypt-setup-message"
| "chat-is-post-message" => {
unprotected_headers.push(header.clone()); unprotected_headers.push(header.clone());
} }
_ => { _ => {

11
src/securejoin/securejoin_tests.rs
View File

@@ -138,14 +138,15 @@ async fn test_setup_contact_ex(case: SetupContactCase) {
); );
let sent = alice.pop_sent_msg().await; let sent = alice.pop_sent_msg().await;
assert_eq!( assert_eq!(sent.payload.contains("Auto-Submitted:"), false);
sent.payload.contains("Auto-Submitted: auto-generated"),
alice_auto_submitted_hdr
);
assert!(!sent.payload.contains("Alice Exampleorg")); assert!(!sent.payload.contains("Alice Exampleorg"));
let msg = bob.parse_msg(&sent).await; let msg = bob.parse_msg(&sent).await;
assert!(msg.was_encrypted()); assert!(msg.was_encrypted());
assert_eq!(msg.get_header(HeaderDef::SecureJoin).unwrap(), "vc-pubkey"); assert_eq!(msg.get_header(HeaderDef::SecureJoin).unwrap(), "vc-pubkey");
assert_eq!(
msg.get_header(HeaderDef::AutoSubmitted),
alice_auto_submitted_hdr.then_some("auto-generated")
);
let bob_chat = bob.get_chat(&alice).await; let bob_chat = bob.get_chat(&alice).await;
assert_eq!(bob_chat.can_send(&bob).await.unwrap(), true); assert_eq!(bob_chat.can_send(&bob).await.unwrap(), true);
@@ -266,7 +267,7 @@ async fn test_setup_contact_ex(case: SetupContactCase) {
let sent = alice.pop_sent_msg().await; let sent = alice.pop_sent_msg().await;
assert_eq!( assert_eq!(
sent.payload.contains("Auto-Submitted: auto-generated"), sent.payload.contains("Auto-Submitted: auto-generated"),
alice_auto_submitted_hdr false
); );
assert!(!sent.payload.contains("Alice Exampleorg")); assert!(!sent.payload.contains("Alice Exampleorg"));
let msg = bob.parse_msg(&sent).await; let msg = bob.parse_msg(&sent).await;