Check DKIM Authentication-Results (#3583)

Fix #3507 Note that this is not intended for a release at this point! We first have to test whether it runs stable enough. If we want to make a release while we are not confident enough in authres-checking, then we have to disable it. BTW, most of the 3000 new lines are in `test_data/messages/dkimchecks...`, not the actual code da3a4b94 adds the results to the Message info. It currently does this by adding them to `hop_info`. Maybe we should rename `hop_info` to `extra_info` or something; this has the disadvantage that we can't rename the sql column name though. Follow-ups for this could be: - In `update_authservid_candidates()`: Implement the rest of the algorithm @hpk42 and me thought about. What's missing is remembering how sure we are that these are the right authserv-ids. Esp., when receiving a message sent from another account at the same domain, we can be quite sure that the authserv-ids in there are the ones of our email server. This will make authres-checking work with buzon.uy, disroot.org, yandex.ru, mailo.com, and riseup.net. - Think about how we present this to the user - e.g. currently the only change is that we don't accept key changes, which will mean that the small lock on the message is not shown. - And it will mean that we can fully enable AEAP, after revisiting the security implications of this, and assuming everyone (esp. @link2xt who pointed out the problems in the first place) feels comfortable with it.
2026-04-22 16:06:30 +03:00 · 2022-10-28 12:15:37 +02:00
parent d8bc3769a5
commit b1c6c40fa7
326 changed files with 3304 additions and 42 deletions
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@aol.com
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@aol.com
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 77.238.178.97)
+ smtp.mailfrom=aol.com; dkim=pass (signature was verified)
+ header.d=aol.com;dmarc=pass action=none header.from=aol.com;compauth=pass
+ reason=100
+From: <alice@aol.com>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@delta.blinzeln.de
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@delta.blinzeln.de
@@ -0,0 +1,6 @@
+Authentication-Results: spf=none (sender IP is 192.162.87.121)
+ smtp.mailfrom=delta.blinzeln.de; dkim=none (message not signed)
+ header.d=none;dmarc=none action=none
+ header.from=delta.blinzeln.de;compauth=fail reason=001
+From: <alice@delta.blinzeln.de>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@disroot.org
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@disroot.org
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 178.21.23.139)
+ smtp.mailfrom=disroot.org; dkim=pass (signature was verified)
+ header.d=disroot.org;dmarc=pass action=none
+ header.from=disroot.org;compauth=pass reason=100
+From: <alice@disroot.org>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@fastmail.com
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@fastmail.com
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 66.111.4.28)
+ smtp.mailfrom=fastmail.com; dkim=pass (signature was verified)
+ header.d=fastmail.com;dmarc=pass action=none
+ header.from=fastmail.com;compauth=pass reason=100
+From: <alice@fastmail.com>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@gmail.com
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@gmail.com
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 209.85.221.68)
+ smtp.mailfrom=gmail.com; dkim=pass (signature was verified)
+ header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass
+ reason=100
+From: <alice@gmail.com>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@icloud.com
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@icloud.com
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 17.57.155.16)
+ smtp.mailfrom=icloud.com; dkim=pass (signature was verified)
+ header.d=icloud.com;dmarc=pass action=none
+ header.from=icloud.com;compauth=pass reason=100
+From: <alice@icloud.com>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@ik.me
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@ik.me
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 83.166.143.174)
+ smtp.mailfrom=ik.me; dkim=pass (signature was verified)
+ header.d=ik.me;dmarc=pass action=none header.from=ik.me;compauth=pass
+ reason=100
+From: <alice@ik.me>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@mail.de
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@mail.de
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 62.201.172.25)
+ smtp.mailfrom=mail.de; dkim=pass (signature was verified)
+ header.d=mail.de;dmarc=pass action=none header.from=mail.de;compauth=pass
+ reason=100
+From: <alice@mail.de>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@mail.ru
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@mail.ru
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 94.100.181.251)
+ smtp.mailfrom=mail.ru; dkim=pass (signature was verified)
+ header.d=mail.ru;dmarc=pass action=none header.from=mail.ru;compauth=pass
+ reason=100
+From: <alice@mail.ru>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@mailo.com
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@mailo.com
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 213.182.54.11)
+ smtp.mailfrom=mailo.com; dkim=pass (signature was verified)
+ header.d=mailo.com;dmarc=pass action=none header.from=mailo.com;compauth=pass
+ reason=100
+From: <alice@mailo.com>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@posteo.de
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@posteo.de
@@ -0,0 +1,6 @@
+Authentication-Results: spf=temperror (sender IP is 185.67.36.66)
+ smtp.mailfrom=posteo.de; dkim=pass (signature was verified)
+ header.d=posteo.de;dmarc=pass action=none header.from=posteo.de;compauth=pass
+ reason=100
+From: <alice@posteo.de>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@riseup.net
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@riseup.net
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 198.252.153.129)
+ smtp.mailfrom=riseup.net; dkim=pass (signature was verified)
+ header.d=riseup.net;dmarc=pass action=none
+ header.from=riseup.net;compauth=pass reason=100
+From: <alice@riseup.net>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@yahoo.com
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@yahoo.com
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 77.238.176.99)
+ smtp.mailfrom=yahoo.com; dkim=pass (signature was verified)
+ header.d=yahoo.com;dmarc=pass action=none header.from=yahoo.com;compauth=pass
+ reason=100
+From: <alice@yahoo.com>
+To: <alice@hotmail.com>
--- a/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@yandex.ru
+++ b/test-data/message/dkimchecks-2022-09-28/alice@hotmail.com/alice@yandex.ru
@@ -0,0 +1,6 @@
+Authentication-Results: spf=pass (sender IP is 77.88.28.108)
+ smtp.mailfrom=yandex.ru; dkim=pass (signature was verified)
+ header.d=yandex.ru;dmarc=pass action=none header.from=yandex.ru;compauth=pass
+ reason=100
+From: <alice@yandex.ru>
+To: <alice@hotmail.com>