Check DKIM Authentication-Results (#3583)

Fix #3507

Note that this is not intended for a release at this point! We first have to test whether it runs stable enough. If we want to make a release while we are not confident enough in authres-checking, then we have to disable it.

BTW, most of the 3000 new lines are in `test_data/messages/dkimchecks...`, not the actual code

da3a4b94 adds the results to the Message info. It currently does this by adding them to `hop_info`. Maybe we should rename `hop_info` to `extra_info` or something; this has the disadvantage that we can't rename the sql column name though.

Follow-ups for this could be:
- In `update_authservid_candidates()`: Implement the rest of the algorithm @hpk42 and me thought about. What's missing is remembering how sure we are that these are the right authserv-ids. Esp., when receiving a message sent from another account at the same domain, we can be quite sure that the authserv-ids in there are the ones of our email server. This will make authres-checking work with buzon.uy, disroot.org, yandex.ru, mailo.com, and riseup.net.
- Think about how we present this to the user - e.g. currently the only change is that we don't accept key changes, which will mean that the small lock on the message is not shown.
- And it will mean that we can fully enable AEAP, after revisiting the security implications of this, and assuming everyone (esp. @link2xt who pointed out the problems in the first place) feels comfortable with it.

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@aol.com

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@aol.com header.s=a2048 header.b=aox1b6+y;
+       spf=pass (google.com: domain of alice@aol.com designates 87.248.110.84 as permitted sender) smtp.mailfrom=alice@aol.com;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@aol.com header.s=a2048 header.b=aox1b6+y;
+       spf=pass (google.com: domain of alice@aol.com designates 87.248.110.84 as permitted sender) smtp.mailfrom=alice@aol.com;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com
+From: <alice@aol.com>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@buzon.uy

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@buzon.uy header.s=2019 header.b=GjVe3q13;
+       spf=pass (google.com: domain of alice@buzon.uy designates 185.101.93.79 as permitted sender) smtp.mailfrom=alice@buzon.uy;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=buzon.uy
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@buzon.uy header.s=2019 header.b=GjVe3q13;
+       spf=pass (google.com: domain of alice@buzon.uy designates 185.101.93.79 as permitted sender) smtp.mailfrom=alice@buzon.uy;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=buzon.uy
+From: <alice@buzon.uy>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@delta.blinzeln.de

@@ -0,0 +1,7 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       spf=neutral (google.com: 89.22.108.212 is neither permitted nor denied by best guess record for domain of alice@delta.blinzeln.de) smtp.mailfrom=alice@delta.blinzeln.de
+Authentication-Results: mx.google.com;
+       spf=neutral (google.com: 89.22.108.212 is neither permitted nor denied by best guess record for domain of alice@delta.blinzeln.de) smtp.mailfrom=alice@delta.blinzeln.de
+From: <alice@delta.blinzeln.de>
+To: <alice@gmail.com>
+Authentication-Results: secure-mailgate.com; auth=pass smtp.auth=91.203.111.88@webbox222.server-home.org

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@disroot.org

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@disroot.org header.s=mail header.b=agINRXYl;
+       spf=pass (google.com: domain of alice@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=alice@disroot.org;
+       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=disroot.org
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@disroot.org header.s=mail header.b=agINRXYl;
+       spf=pass (google.com: domain of alice@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=alice@disroot.org;
+       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=disroot.org
+From: <alice@disroot.org>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@fastmail.com

@@ -0,0 +1,12 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@fastmail.com header.s=fm2 header.b=9iLihtf9;
+       dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=vFQyciDG;
+       spf=pass (google.com: domain of alice@fastmail.com designates 66.111.4.28 as permitted sender) smtp.mailfrom=alice@fastmail.com;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fastmail.com
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@fastmail.com header.s=fm2 header.b=9iLihtf9;
+       dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=vFQyciDG;
+       spf=pass (google.com: domain of alice@fastmail.com designates 66.111.4.28 as permitted sender) smtp.mailfrom=alice@fastmail.com;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fastmail.com
+From: <alice@fastmail.com>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@hotmail.com

@@ -0,0 +1,14 @@
+ARC-Authentication-Results: i=2; mx.google.com;
+       dkim=pass header.i=@hotmail.com header.s=selector1 header.b=cXkaZaq1;
+       arc=pass (i=1);
+       spf=pass (google.com: domain of alice@hotmail.com designates 40.92.73.35 as permitted sender) smtp.mailfrom=alice@hotmail.com;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hotmail.com
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@hotmail.com header.s=selector1 header.b=cXkaZaq1;
+       arc=pass (i=1);
+       spf=pass (google.com: domain of alice@hotmail.com designates 40.92.73.35 as permitted sender) smtp.mailfrom=alice@hotmail.com;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hotmail.com
+ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
+ dkim=none; arc=none
+From: <alice@hotmail.com>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@icloud.com

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@icloud.com header.s=1a1hai header.b=l1YS4V6g;
+       spf=pass (google.com: domain of alice@icloud.com designates 17.57.155.16 as permitted sender) smtp.mailfrom=alice@icloud.com;
+       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=icloud.com
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@icloud.com header.s=1a1hai header.b=l1YS4V6g;
+       spf=pass (google.com: domain of alice@icloud.com designates 17.57.155.16 as permitted sender) smtp.mailfrom=alice@icloud.com;
+       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=icloud.com
+From: <alice@icloud.com>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@ik.me

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@ik.me header.s=20200325 header.b=k4mDkE5i;
+       spf=pass (google.com: domain of alice@ik.me designates 2001:1600:4:17::8fae as permitted sender) smtp.mailfrom=alice@ik.me;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=ik.me
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@ik.me header.s=20200325 header.b=k4mDkE5i;
+       spf=pass (google.com: domain of alice@ik.me designates 2001:1600:4:17::8fae as permitted sender) smtp.mailfrom=alice@ik.me;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=ik.me
+From: <alice@ik.me>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@mail.de

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@mail.de header.s=mailde202009 header.b=PVEru5f0;
+       spf=pass (google.com: domain of alice@mail.de designates 2001:868:100:600::216 as permitted sender) smtp.mailfrom=alice@mail.de;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mail.de
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@mail.de header.s=mailde202009 header.b=PVEru5f0;
+       spf=pass (google.com: domain of alice@mail.de designates 2001:868:100:600::216 as permitted sender) smtp.mailfrom=alice@mail.de;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mail.de
+From: <alice@mail.de>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@mail.ru

@@ -0,0 +1,11 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@mail.ru header.s=mail4 header.b=K86lQ0h9;
+       spf=pass (google.com: domain of alice@mail.ru designates 94.100.181.251 as permitted sender) smtp.mailfrom=alice@mail.ru;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=mail.ru
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@mail.ru header.s=mail4 header.b=K86lQ0h9;
+       spf=pass (google.com: domain of alice@mail.ru designates 94.100.181.251 as permitted sender) smtp.mailfrom=alice@mail.ru;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=mail.ru
+From: <alice@mail.ru>
+To: <alice@gmail.com>
+Authentication-Results: smtpng1.m.smailru.net; auth=pass smtp.auth=alice@mail.ru smtp.mailfrom=alice@mail.ru

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@mailo.com

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@mailo.com header.s=mailo header.b="PoGUlxd/";
+       spf=pass (google.com: domain of alice@mailo.com designates 213.182.54.11 as permitted sender) smtp.mailfrom=alice@mailo.com;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mailo.com
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@mailo.com header.s=mailo header.b="PoGUlxd/";
+       spf=pass (google.com: domain of alice@mailo.com designates 213.182.54.11 as permitted sender) smtp.mailfrom=alice@mailo.com;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mailo.com
+From: <alice@mailo.com>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@outlook.com

@@ -0,0 +1,14 @@
+ARC-Authentication-Results: i=2; mx.google.com;
+       dkim=pass header.i=@outlook.com header.s=selector1 header.b=CHJ1fVli;
+       arc=pass (i=1);
+       spf=pass (google.com: domain of alice@outlook.com designates 40.92.66.108 as permitted sender) smtp.mailfrom=alice@outlook.com;
+       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@outlook.com header.s=selector1 header.b=CHJ1fVli;
+       arc=pass (i=1);
+       spf=pass (google.com: domain of alice@outlook.com designates 40.92.66.108 as permitted sender) smtp.mailfrom=alice@outlook.com;
+       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com
+ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
+ dkim=none; arc=none
+From: <alice@outlook.com>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@posteo.de

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@posteo.de header.s=2017 header.b=PJxg1eJM;
+       spf=pass (google.com: domain of alice@posteo.de designates 185.67.36.65 as permitted sender) smtp.mailfrom=alice@posteo.de;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.de
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@posteo.de header.s=2017 header.b=PJxg1eJM;
+       spf=pass (google.com: domain of alice@posteo.de designates 185.67.36.65 as permitted sender) smtp.mailfrom=alice@posteo.de;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.de
+From: <alice@posteo.de>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@riseup.net

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@riseup.net header.s=squak header.b="W/pP/71g";
+       spf=pass (google.com: domain of alice@riseup.net designates 198.252.153.6 as permitted sender) smtp.mailfrom=alice@riseup.net;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=riseup.net
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@riseup.net header.s=squak header.b="W/pP/71g";
+       spf=pass (google.com: domain of alice@riseup.net designates 198.252.153.6 as permitted sender) smtp.mailfrom=alice@riseup.net;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=riseup.net
+From: <alice@riseup.net>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@yahoo.com

@@ -0,0 +1,10 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=KF9PvN1o;
+       spf=pass (google.com: domain of alice@yahoo.com designates 87.248.110.84 as permitted sender) smtp.mailfrom=alice@yahoo.com;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=yahoo.com
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=KF9PvN1o;
+       spf=pass (google.com: domain of alice@yahoo.com designates 87.248.110.84 as permitted sender) smtp.mailfrom=alice@yahoo.com;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=yahoo.com
+From: <alice@yahoo.com>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/alice@yandex.ru

@@ -0,0 +1,11 @@
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@yandex.ru header.s=mail header.b="k4k4P0Z/";
+       spf=pass (google.com: domain of alice@yandex.ru designates 77.88.28.108 as permitted sender) smtp.mailfrom=alice@yandex.ru;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@yandex.ru header.s=mail header.b="k4k4P0Z/";
+       spf=pass (google.com: domain of alice@yandex.ru designates 77.88.28.108 as permitted sender) smtp.mailfrom=alice@yandex.ru;
+       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
+Authentication-Results: iva4-143b1447cf50.qloud-c.yandex.net; dkim=pass header.i=@yandex.ru
+From: <alice@yandex.ru>
+To: <alice@gmail.com>

test-data/message/dkimchecks-2022-09-28/alice@gmail.com/forged-authres-added@example.com

@@ -0,0 +1,5 @@
+Authentication-Results: mx.google.com;
+       spf=neutral (google.com: 89.22.108.212 is neither permitted nor denied by best guess record for domain of alice@delta.blinzeln.de) smtp.mailfrom=alice@delta.blinzeln.de
+From: forged-authres-added@example.com
+Authentication-Results: aaa.com; dkim=pass header.i=@example.com
+Authentication-Results: aaa.com; dkim=pass header.i=@example.com