diff --git a/src/authres_handling.rs b/src/authres_handling.rs index d3f11eea6..0ce88cb3e 100644 --- a/src/authres_handling.rs +++ b/src/authres_handling.rs @@ -380,79 +380,21 @@ Authentication-Results: gmx.net; dkim=pass header.i=@slack.com"; vec![("mx1.riseup.net".to_string(), DkimResult::Passed)] ); - // let bytes = b"Authentication-Results: mx1.messagingengine.com; - // x-csa=none; - // x-me-sender=none; - // x-ptr=pass smtp.helo=nx184.node01.secure-mailgate.com - // policy.ptr=nx184.node01.secure-mailgate.com - // Authentication-Results: mx1.messagingengine.com; - // bimi=skipped (DMARC did not pass) - // Authentication-Results: mx1.messagingengine.com; - // arc=none (no signatures found) - // Authentication-Results: mx1.messagingengine.com; - // dkim=none (no signatures found); - // dmarc=none policy.published-domain-policy=none - // policy.applied-disposition=none policy.evaluated-disposition=none - // (p=none,d=none,d.eval=none) policy.policy-from=p - // header.from=delta.blinzeln.de; - // iprev=pass smtp.remote-ip=89.22.108.184 - // (nx184.node01.secure-mailgate.com); - // spf=none smtp.mailfrom=nami.lefherz@delta.blinzeln.de - // smtp.helo=nx184.node01.secure-mailgate.com"; - // let mail = mailparse::parse_mail(bytes)?; - // let actual = parse_authres_headers(&mail.get_headers(), "delta.blinzeln.de"); - // assert_eq!(actual, vec![("mx1.messagingengine.com".to_string(), false)]); - - // check_parse_authentication_results_combination( - // "alice@testrun.org", - // // TODO actually the address is alice@gmx.de, but then it doesn't work because `header.d=gmx.net`: - // b"From: alice@gmx.net - // Authentication-Results: testrun.org; - // dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=Gug6p4zD; - // dmarc=pass (policy=none) header.from=gmx.de; - // spf=pass (testrun.org: domain of alice@gmx.de designates 212.227.17.21 as permitted sender) smtp.mailfrom=alice@gmx.de", - // AuthenticationResults::Passed, - // ) - // .await; - - // check_parse_authentication_results_combination( - // "alice@testrun.org", - // br#"From: hocuri@testrun.org - // Authentication-Results: box.hispanilandia.net; dmarc=none (p=none dis=none) header.from=nauta.cu - // Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@nauta.cu - // Authentication-Results: testrun.org; - // dkim=fail ("body hash did not verify") header.d=nauta.cu header.s=nauta header.b=YrWhU6qk; - // dmarc=none; - // spf=pass (testrun.org: domain of "test1-bounces+hocuri=testrun.org@hispanilandia.net" designates 51.15.127.36 as permitted sender) smtp.mailfrom="test1-bounces+hocuri=testrun.org@hispanilandia.net" - // "#, - // AuthenticationResults::Failed, - // ) - // .await; - - // check_parse_authentication_results_combination( - - // // TODO fails because mx.google.com, not google.com - // "alice@gmail.com", - // br#"From: not-so-fake@hispanilandia.net - // Authentication-Results: mx.google.com; - // dkim=pass header.i=@hispanilandia.net header.s=mail header.b="Ih5Sz2/P"; - // spf=pass (google.com: domain of not-so-fake@hispanilandia.net designates 51.15.127.36 as permitted sender) smtp.mailfrom=not-so-fake@hispanilandia.net; - // dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=hispanilandia.net"#, - // AuthenticationResults::Passed, - // ) - // .await; - - // check_parse_authentication_results_combination( - // "alice@nauta.cu", - // br#"From: adb - // Authentication-Results: box.hispanilandia.net; - // dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=disroot.org header.i=@disroot.org header.b="kqh3WUKq"; - // dkim-atps=neutral - // Authentication-Results: box.hispanilandia.net; dmarc=pass (p=quarantine dis=none) header.from=disroot.org - // Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@disroot.org"#, - // AuthenticationResults::Passed, - // ) - // .await; + let bytes = br#"Authentication-Results: box.hispanilandia.net; + dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=disroot.org header.i=@disroot.org header.b="kqh3WUKq"; + dkim-atps=neutral +Authentication-Results: box.hispanilandia.net; dmarc=pass (p=quarantine dis=none) header.from=disroot.org +Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@disroot.org"#; + let mail = mailparse::parse_mail(bytes)?; + let actual = parse_authres_headers(&mail.get_headers(), "disroot.org"); + assert_eq!( + actual, + vec![ + ("box.hispanilandia.net".to_string(), DkimResult::Failed), + ("box.hispanilandia.net".to_string(), DkimResult::Nothing), + ("box.hispanilandia.net".to_string(), DkimResult::Nothing), + ] + ); Ok(()) } @@ -524,6 +466,8 @@ Authentication-Results: gmx.net; dkim=pass header.i=@slack.com"; "fastmail.com", "mail.de", "outlook.com", + "gmx.de", + "testrun.org", ] .contains(&self_domain.as_str()); @@ -572,9 +516,13 @@ Authentication-Results: gmx.net; dkim=pass header.i=@slack.com"; let from_domain = EmailAddress::new(from).unwrap().domain; let dkim_result = dkim_works(&t, &from_domain).await.unwrap(); - // println!("From {from_domain}: passed {dkim_passed}, known to work {dkim_known_to_work}"); - let expected_result = from_domain != "delta.blinzeln.de" - && from != "authresadding-attacker@example.com" + // delta.blinzeln.de and gmx.de have invalid DKIM, so the DKIM check should fail + let expected_result = (from_domain != "delta.blinzeln.de") && (from_domain != "gmx.de") + // These are (fictional) forged emails where the attacker added a fake + // Authentication-Results before sending the email + && from != "forged-authres-added@example.com" + // Other forged emails + && !from.starts_with("forged") && !entry .path() .to_str() @@ -611,32 +559,4 @@ Authentication-Results: gmx.net; dkim=pass header.i=@slack.com"; let mail = mailparse::parse_mail(bytes).unwrap(); handle_authres(&t, &mail, "invalidfrom.com").await.unwrap(); } - - // async fn check_parse_authentication_results_combination( - // self_addr: &str, - // header_bytes: &[u8], - // expected_result: AuthenticationResults, - // ) { - // let t = TestContext::new().await; - // t.set_primary_self_addr(self_addr).await.unwrap(); - // let mail = mailparse::parse_mail(body)?; - - // let actual = parse_authentication_results(&t, &mail.get_headers(), &from)?; - // //assert_eq!(message.authentication_results, expected_result); - // if message.authentication_results != expected_result { - // eprintln!( - // "EXPECTED {expected_result:?}, GOT {:?}, SELF {}, FROM {:?}", - // message.authentication_results, - // self_addr, - // message.from.first().map(|i| &i.addr), - // ) - // } else { - // eprintln!( - // "CORRECT {:?}, SELF {}, FROM {:?}", - // message.authentication_results, - // self_addr, - // message.from.first().map(|i| &i.addr), - // ) - // } - // } } diff --git a/test-data/message/dkimchecks-2022-09-28/alice@aol.com/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@aol.com/forged-authres-added@example.com similarity index 84% rename from test-data/message/dkimchecks-2022-09-28/alice@aol.com/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@aol.com/forged-authres-added@example.com index af631d2b8..c4e7064a1 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@aol.com/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@aol.com/forged-authres-added@example.com @@ -2,5 +2,5 @@ Authentication-Results: atlas206.aol.mail.ne1.yahoo.com; dkim=unknown; spf=none smtp.mailfrom=delta.blinzeln.de; dmarc=unknown header.from=delta.blinzeln.de; -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@riseup.net/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@buzon.uy/forged-authres-added@example.com similarity index 76% rename from test-data/message/dkimchecks-2022-09-28/alice@riseup.net/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@buzon.uy/forged-authres-added@example.com index e9c825cf2..f6287c13f 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@riseup.net/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@buzon.uy/forged-authres-added@example.com @@ -1,3 +1,3 @@ -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@buzon.uy/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@disroot.org/forged-authres-added@example.com similarity index 76% rename from test-data/message/dkimchecks-2022-09-28/alice@buzon.uy/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@disroot.org/forged-authres-added@example.com index e9c825cf2..f6287c13f 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@buzon.uy/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@disroot.org/forged-authres-added@example.com @@ -1,3 +1,3 @@ -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@e.email/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@e.email/forged-authres-added@example.com similarity index 72% rename from test-data/message/dkimchecks-2022-09-28/alice@e.email/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@e.email/forged-authres-added@example.com index f3a408089..420806761 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@e.email/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@e.email/forged-authres-added@example.com @@ -1,3 +1,3 @@ -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: mail2.ecloud.global; Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@fastmail.com/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@fastmail.com/forged-authres-added@example.com similarity index 95% rename from test-data/message/dkimchecks-2022-09-28/alice@fastmail.com/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@fastmail.com/forged-authres-added@example.com index c9d6e6162..8f01fa300 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@fastmail.com/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@fastmail.com/forged-authres-added@example.com @@ -17,6 +17,6 @@ Authentication-Results: mx1.messagingengine.com; (nx184.node01.secure-mailgate.com); spf=none smtp.mailfrom=alice@delta.blinzeln.de smtp.helo=nx184.node01.secure-mailgate.com -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@gmail.com/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@gmail.com/forged-authres-added@example.com similarity index 89% rename from test-data/message/dkimchecks-2022-09-28/alice@gmail.com/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@gmail.com/forged-authres-added@example.com index ae689446a..706ac67c5 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@gmail.com/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@gmail.com/forged-authres-added@example.com @@ -1,5 +1,5 @@ Authentication-Results: mx.google.com; spf=neutral (google.com: 89.22.108.212 is neither permitted nor denied by best guess record for domain of alice@delta.blinzeln.de) smtp.mailfrom=alice@delta.blinzeln.de -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@gmx.de/alice@slack.com b/test-data/message/dkimchecks-2022-09-28/alice@gmx.de/alice@slack.com new file mode 100644 index 000000000..0427b1a49 --- /dev/null +++ b/test-data/message/dkimchecks-2022-09-28/alice@gmx.de/alice@slack.com @@ -0,0 +1,3 @@ +Authentication-Results: gmx.net; dkim=pass header.i=@slack.com +Authentication-Results: gmx.net; dkim=pass header.i=@amazonses.com +From: alice@slack.com \ No newline at end of file diff --git a/test-data/message/dkimchecks-2022-09-28/alice@icloud.com/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@icloud.com/forged-authres-added@example.com similarity index 92% rename from test-data/message/dkimchecks-2022-09-28/alice@icloud.com/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@icloud.com/forged-authres-added@example.com index f35815063..c354f2f09 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@icloud.com/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@icloud.com/forged-authres-added@example.com @@ -2,6 +2,6 @@ Authentication-Results: bimi.icloud.com; bimi=skipped reason="insufficient dmarc Authentication-Results: dmarc.icloud.com; dmarc=none header.from=delta.blinzeln.de Authentication-Results: dkim-verifier.icloud.com; dkim=none Authentication-Results: spf.icloud.com; spf=none (spf.icloud.com: alice@delta.blinzeln.de does not designate permitted sender hosts) smtp.mailfrom=alice@delta.blinzeln.de -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@ik.me/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@ik.me/forged-authres-added@example.com similarity index 88% rename from test-data/message/dkimchecks-2022-09-28/alice@ik.me/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@ik.me/forged-authres-added@example.com index 38103fbc0..790fd22ae 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@ik.me/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@ik.me/forged-authres-added@example.com @@ -1,5 +1,5 @@ Authentication-Results: mx.infomaniak.com; dmarc=none (p=none dis=none) header.from=delta.blinzeln.de -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: mx.infomaniak.com; spf=none smtp.mailfrom=delta.blinzeln.de Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@mail.de/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@mail.de/forged-authres-added@example.com similarity index 83% rename from test-data/message/dkimchecks-2022-09-28/alice@mail.de/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@mail.de/forged-authres-added@example.com index cc51f7ba2..bda164a9e 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@mail.de/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@mail.de/forged-authres-added@example.com @@ -1,4 +1,4 @@ Authentication-Results: mxpostfix01.mail.de; dkim=none; dkim-atps=neutral -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@mail.ru/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@mail.ru/forged-authres-added@example.com similarity index 82% rename from test-data/message/dkimchecks-2022-09-28/alice@mail.ru/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@mail.ru/forged-authres-added@example.com index 623bf225f..81d980e29 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@mail.ru/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@mail.ru/forged-authres-added@example.com @@ -1,3 +1,3 @@ Authentication-Results: mxs.mail.ru; spf=none () smtp.mailfrom=alice@delta.blinzeln.de smtp.helo=nx170.node02.secure-mailgate.com -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@disroot.org/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@mailo.com/forged-authres-added@example.com similarity index 76% rename from test-data/message/dkimchecks-2022-09-28/alice@disroot.org/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@mailo.com/forged-authres-added@example.com index e9c825cf2..f6287c13f 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@disroot.org/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@mailo.com/forged-authres-added@example.com @@ -1,3 +1,3 @@ -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@nauta.cu/forged@disroot.org b/test-data/message/dkimchecks-2022-09-28/alice@nauta.cu/forged@disroot.org new file mode 100644 index 000000000..f2ac78fa3 --- /dev/null +++ b/test-data/message/dkimchecks-2022-09-28/alice@nauta.cu/forged@disroot.org @@ -0,0 +1,8 @@ +Authentication-Results: box.hispanilandia.net; + dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=disroot.org header.i=@disroot.org header.b="kqh3WUKq"; + dkim-atps=neutral +Authentication-Results: box.hispanilandia.net; dmarc=pass (p=quarantine dis=none) header.from=disroot.org +Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@disroot.org +From: forged@disroot.org + +This is an email from adb's mailing list that pretends being sent by forged@disroot.org. \ No newline at end of file diff --git a/test-data/message/dkimchecks-2022-09-28/alice@posteo.de/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@posteo.de/forged-authres-added@example.com similarity index 88% rename from test-data/message/dkimchecks-2022-09-28/alice@posteo.de/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@posteo.de/forged-authres-added@example.com index d37ee8a74..3dacbe632 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@posteo.de/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@posteo.de/forged-authres-added@example.com @@ -1,5 +1,5 @@ Authentication-Results: posteo.de; dmarc=none (p=none dis=none) header.from=delta.blinzeln.de Authentication-Results: posteo.de; spf=tempfail smtp.mailfrom=delta.blinzeln.de -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@mailo.com/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@riseup.net/forged-authres-added@example.com similarity index 76% rename from test-data/message/dkimchecks-2022-09-28/alice@mailo.com/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@riseup.net/forged-authres-added@example.com index e9c825cf2..f6287c13f 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@mailo.com/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@riseup.net/forged-authres-added@example.com @@ -1,3 +1,3 @@ -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@testrun.org/alice@gmx.de b/test-data/message/dkimchecks-2022-09-28/alice@testrun.org/alice@gmx.de new file mode 100644 index 000000000..1a45a55bf --- /dev/null +++ b/test-data/message/dkimchecks-2022-09-28/alice@testrun.org/alice@gmx.de @@ -0,0 +1,10 @@ +ARC-Authentication-Results: i=1; + testrun.org; + dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=Gug6p4zD; + dmarc=pass (policy=none) header.from=gmx.de; + spf=pass (testrun.org: domain of alice@gmx.de designates 212.227.17.21 as permitted sender) smtp.mailfrom=alice@gmx.de +Authentication-Results: testrun.org; + dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=Gug6p4zD; + dmarc=pass (policy=none) header.from=gmx.de; + spf=pass (testrun.org: domain of alice@gmx.de designates 212.227.17.21 as permitted sender) smtp.mailfrom=alice@gmx.de +From: alice@gmx.de \ No newline at end of file diff --git a/test-data/message/dkimchecks-2022-09-28/alice@testrun.org/forged@nauta.cu b/test-data/message/dkimchecks-2022-09-28/alice@testrun.org/forged@nauta.cu new file mode 100644 index 000000000..a662f7fb4 --- /dev/null +++ b/test-data/message/dkimchecks-2022-09-28/alice@testrun.org/forged@nauta.cu @@ -0,0 +1,14 @@ +Authentication-Results: box.hispanilandia.net; dmarc=none (p=none dis=none) header.from=nauta.cu +Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@nauta.cu +ARC-Authentication-Results: i=1; + testrun.org; + dkim=fail ("body hash did not verify") header.d=nauta.cu header.s=nauta header.b=YrWhU6qk; + dmarc=none; + spf=pass (testrun.org: domain of "test1-bounces+hocuri=testrun.org@hispanilandia.net" designates 51.15.127.36 as permitted sender) smtp.mailfrom="test1-bounces+hocuri=testrun.org@hispanilandia.net" +Authentication-Results: testrun.org; + dkim=fail ("body hash did not verify") header.d=nauta.cu header.s=nauta header.b=YrWhU6qk; + dmarc=none; + spf=pass (testrun.org: domain of "test1-bounces+hocuri=testrun.org@hispanilandia.net" designates 51.15.127.36 as permitted sender) smtp.mailfrom="test1-bounces+hocuri=testrun.org@hispanilandia.net" +From: forged@nauta.cu + +This is an email from adb's mailing list that pretends being from forged@nauta.cu. \ No newline at end of file diff --git a/test-data/message/dkimchecks-2022-09-28/alice@yahoo.com/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@yahoo.com/forged-authres-added@example.com similarity index 84% rename from test-data/message/dkimchecks-2022-09-28/alice@yahoo.com/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@yahoo.com/forged-authres-added@example.com index fe9a8a8f1..6ca7761df 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@yahoo.com/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@yahoo.com/forged-authres-added@example.com @@ -2,5 +2,5 @@ Authentication-Results: atlas324.free.mail.ne1.yahoo.com; dkim=unknown; spf=none smtp.mailfrom=delta.blinzeln.de; dmarc=unknown header.from=delta.blinzeln.de; -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@yandex.ru/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@yandex.ru/forged-authres-added@example.com similarity index 61% rename from test-data/message/dkimchecks-2022-09-28/alice@yandex.ru/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@yandex.ru/forged-authres-added@example.com index 8d924343b..9c1b61ce0 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@yandex.ru/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@yandex.ru/forged-authres-added@example.com @@ -1,2 +1,2 @@ -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks-2022-09-28/alice@zohomail.eu/authresadding-attacker@example.com b/test-data/message/dkimchecks-2022-09-28/alice@zohomail.eu/forged-authres-added@example.com similarity index 80% rename from test-data/message/dkimchecks-2022-09-28/alice@zohomail.eu/authresadding-attacker@example.com rename to test-data/message/dkimchecks-2022-09-28/alice@zohomail.eu/forged-authres-added@example.com index 9b6f28304..4573d8ef1 100644 --- a/test-data/message/dkimchecks-2022-09-28/alice@zohomail.eu/authresadding-attacker@example.com +++ b/test-data/message/dkimchecks-2022-09-28/alice@zohomail.eu/forged-authres-added@example.com @@ -1,4 +1,4 @@ Authentication-Results: mx.zohomail.eu; -From: authresadding-attacker@example.com +From: forged-authres-added@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com Authentication-Results: aaa.com; dkim=pass header.i=@example.com diff --git a/test-data/message/dkimchecks_create-authresadding-attacker.py b/test-data/message/dkimchecks_create-authresadding-attacker.py index 08eb5d332..e5c7f2c75 100644 --- a/test-data/message/dkimchecks_create-authresadding-attacker.py +++ b/test-data/message/dkimchecks_create-authresadding-attacker.py @@ -1,6 +1,6 @@ # This is a small script which helped me write the atuhresadding-attacker@example.com emails # I still did quite some things manually. -# cd dkimchecks-2022-09-28; for d in *; do cd $d ; python3 ../../create-authresadding-attacker.py >authresadding-attacker@example.com; cd $HOME/deltachat-android/jni/deltachat-core-rust/test-data/message/dkimchecks-2022-09-28; done +# cd dkimchecks-2022-09-28; for d in *; do cd $d ; python3 ../../create-forged-authres-added.py >forged-authres-added@example.com; cd $HOME/deltachat-android/jni/deltachat-core-rust/test-data/message/dkimchecks-2022-09-28; done with open("nami.lefherz@delta.blinzeln.de", "r") as f: inheader = False @@ -16,7 +16,7 @@ with open("nami.lefherz@delta.blinzeln.de", "r") as f: print(l, end='') inheader=True if l.startswith("From:"): - print("From: authresadding-attacker@example.com"); + print("From: forged-authres-added@example.com"); if l.startswith("Authentication-Results-Original"): print("TO BE DELETED") print(f"Authentication-Results: aaa.com; dkim=pass header.i=@example.com")