mirror of
https://github.com/chatmail/core.git
synced 2026-05-03 21:36:29 +03:00
Check DKIM Authentication-Results (#3583)
Fix #3507 Note that this is not intended for a release at this point! We first have to test whether it runs stable enough. If we want to make a release while we are not confident enough in authres-checking, then we have to disable it. BTW, most of the 3000 new lines are in `test_data/messages/dkimchecks...`, not the actual code da3a4b94 adds the results to the Message info. It currently does this by adding them to `hop_info`. Maybe we should rename `hop_info` to `extra_info` or something; this has the disadvantage that we can't rename the sql column name though. Follow-ups for this could be: - In `update_authservid_candidates()`: Implement the rest of the algorithm @hpk42 and me thought about. What's missing is remembering how sure we are that these are the right authserv-ids. Esp., when receiving a message sent from another account at the same domain, we can be quite sure that the authserv-ids in there are the ones of our email server. This will make authres-checking work with buzon.uy, disroot.org, yandex.ru, mailo.com, and riseup.net. - Think about how we present this to the user - e.g. currently the only change is that we don't accept key changes, which will mean that the small lock on the message is not shown. - And it will mean that we can fully enable AEAP, after revisiting the security implications of this, and assuming everyone (esp. @link2xt who pointed out the problems in the first place) feels comfortable with it.
This commit is contained in:
Hocuri
GitHub
@@ -0,0 +1,4 @@
|
||||
From: <alice@aol.com>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx216.i.mail.ru: domain of aol.com designates 77.238.176.99 as permitted sender) smtp.mailfrom=alice@aol.com smtp.helo=sonic301-22.consmr.mail.ir2.yahoo.com;
|
||||
dkim=pass header.d=aol.com; dmarc=pass header.from=alice@aol.com
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@buzon.uy>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx311.i.mail.ru: domain of buzon.uy designates 185.101.93.79 as permitted sender) smtp.mailfrom=alice@buzon.uy smtp.helo=mail.buzon.uy;
|
||||
dkim=pass header.d=buzon.uy; dmarc=pass header.from=alice@buzon.uy
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: mxs.mail.ru; spf=none () smtp.mailfrom=alice@delta.blinzeln.de smtp.helo=nx170.node02.secure-mailgate.com
|
||||
From: <alice@delta.blinzeln.de>
|
||||
To: <alice@mail.ru>
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@disroot.org>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx227.i.mail.ru: domain of disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=alice@disroot.org smtp.helo=knopi.disroot.org;
|
||||
dkim=pass header.d=disroot.org; dmarc=pass header.from=alice@disroot.org
|
||||
@@ -0,0 +1,5 @@
|
||||
From: <alice@fastmail.com>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx285.i.mail.ru: domain of fastmail.com designates 66.111.4.28 as permitted sender) smtp.mailfrom=alice@fastmail.com smtp.helo=out4-smtp.messagingengine.com;
|
||||
dkim=pass header.d=fastmail.com;
|
||||
dkim=pass header.d=messagingengine.com; dmarc=pass header.from=alice@fastmail.com
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@gmail.com>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx273.i.mail.ru: domain of gmail.com designates 209.85.221.66 as permitted sender) smtp.mailfrom=alice@gmail.com smtp.helo=mail-wr1-f66.google.com;
|
||||
dkim=pass header.d=gmail.com; dmarc=pass header.from=alice@gmail.com
|
||||
@@ -0,0 +1,6 @@
|
||||
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
|
||||
dkim=none; arc=none
|
||||
From: <alice@hotmail.com>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx200.i.mail.ru: domain of hotmail.com designates 40.92.73.37 as permitted sender) smtp.mailfrom=alice@hotmail.com smtp.helo=EUR04-HE1-obe.outbound.protection.outlook.com;
|
||||
dkim=pass header.d=hotmail.com; dmarc=pass header.from=alice@hotmail.com
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@icloud.com>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx326.i.mail.ru: domain of icloud.com designates 17.57.155.16 as permitted sender) smtp.mailfrom=alice@icloud.com smtp.helo=qs51p00im-qukt01072701.me.com;
|
||||
dkim=pass header.d=icloud.com; dmarc=pass header.from=alice@icloud.com
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@ik.me>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx197.i.mail.ru: domain of ik.me designates 185.125.25.10 as permitted sender) smtp.mailfrom=alice@ik.me smtp.helo=smtp-190a.mail.infomaniak.ch;
|
||||
dkim=pass header.d=ik.me; dmarc=pass header.from=alice@ik.me
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@mail.de>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx285.i.mail.ru: domain of mail.de designates 62.201.172.25 as permitted sender) smtp.mailfrom=alice@mail.de smtp.helo=shout02.mail.de;
|
||||
dkim=pass header.d=mail.de; dmarc=pass header.from=alice@mail.de
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@mailo.com>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx289.i.mail.ru: domain of mailo.com designates 213.182.54.15 as permitted sender) smtp.mailfrom=alice@mailo.com smtp.helo=msg-4.mailo.com;
|
||||
dkim=pass header.d=mailo.com; dmarc=pass header.from=alice@mailo.com
|
||||
@@ -0,0 +1,6 @@
|
||||
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
|
||||
dkim=none; arc=none
|
||||
From: <alice@outlook.com>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx222.i.mail.ru: domain of outlook.com designates 40.92.66.68 as permitted sender) smtp.mailfrom=alice@outlook.com smtp.helo=EUR01-VE1-obe.outbound.protection.outlook.com;
|
||||
dkim=pass header.d=outlook.com; dmarc=pass header.from=alice@outlook.com
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@posteo.de>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx288.i.mail.ru: domain of posteo.de designates 185.67.36.66 as permitted sender) smtp.mailfrom=alice@posteo.de smtp.helo=mout02.posteo.de;
|
||||
dkim=pass header.d=posteo.de; dmarc=pass header.from=alice@posteo.de
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@riseup.net>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx282.i.mail.ru: domain of riseup.net designates 198.252.153.6 as permitted sender) smtp.mailfrom=alice@riseup.net smtp.helo=mx0.riseup.net;
|
||||
dkim=pass header.d=riseup.net; dmarc=pass header.from=alice@riseup.net
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@yahoo.com>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx252.i.mail.ru: domain of yahoo.com designates 77.238.179.188 as permitted sender) smtp.mailfrom=alice@yahoo.com smtp.helo=sonic313-21.consmr.mail.ir2.yahoo.com;
|
||||
dkim=pass header.d=yahoo.com; dmarc=pass header.from=alice@yahoo.com
|
||||
@@ -0,0 +1,4 @@
|
||||
From: <alice@yandex.ru>
|
||||
To: <alice@mail.ru>
|
||||
Authentication-Results: mxs.mail.ru; spf=pass (mx109.mail.ru: domain of yandex.ru designates 77.88.28.112 as permitted sender) smtp.mailfrom=alice@yandex.ru smtp.helo=forward502p.mail.yandex.net;
|
||||
dkim=pass header.d=yandex.ru; dmarc=pass header.from=alice@yandex.ru
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: mxs.mail.ru; spf=none () smtp.mailfrom=alice@delta.blinzeln.de smtp.helo=nx170.node02.secure-mailgate.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Reference in New Issue
Block a user