mirror of
https://github.com/chatmail/core.git
synced 2026-05-22 16:26:31 +03:00
Check DKIM Authentication-Results (#3583)
Fix #3507 Note that this is not intended for a release at this point! We first have to test whether it runs stable enough. If we want to make a release while we are not confident enough in authres-checking, then we have to disable it. BTW, most of the 3000 new lines are in `test_data/messages/dkimchecks...`, not the actual code da3a4b94 adds the results to the Message info. It currently does this by adding them to `hop_info`. Maybe we should rename `hop_info` to `extra_info` or something; this has the disadvantage that we can't rename the sql column name though. Follow-ups for this could be: - In `update_authservid_candidates()`: Implement the rest of the algorithm @hpk42 and me thought about. What's missing is remembering how sure we are that these are the right authserv-ids. Esp., when receiving a message sent from another account at the same domain, we can be quite sure that the authserv-ids in there are the ones of our email server. This will make authres-checking work with buzon.uy, disroot.org, yandex.ru, mailo.com, and riseup.net. - Think about how we present this to the user - e.g. currently the only change is that we don't accept key changes, which will mean that the small lock on the message is not shown. - And it will mean that we can fully enable AEAP, after revisiting the security implications of this, and assuming everyone (esp. @link2xt who pointed out the problems in the first place) feels comfortable with it.
This commit is contained in:
Hocuri
GitHub
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: vla5-30ef2e2d46cd.qloud-c.yandex.net; spf=pass (vla5-30ef2e2d46cd.qloud-c.yandex.net: domain of aol.com designates 77.238.176.206 as permitted sender, rule=[ip4:77.238.176.0/22]) smtp.mail=alice@aol.com; dkim=pass header.i=@aol.com
|
||||
From: <alice@aol.com>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: vla3-66f60228e45a.qloud-c.yandex.net; spf=pass (vla3-66f60228e45a.qloud-c.yandex.net: domain of buzon.uy designates 185.101.93.79 as permitted sender, rule=[mx]) smtp.mail=alice@buzon.uy; dkim=pass header.i=@buzon.uy
|
||||
From: <alice@buzon.uy>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,2 @@
|
||||
From: <alice@delta.blinzeln.de>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: sas1-9c1a55d84a51.qloud-c.yandex.net; spf=pass (sas1-9c1a55d84a51.qloud-c.yandex.net: domain of disroot.org designates 178.21.23.139 as permitted sender, rule=[a]) smtp.mail=alice@disroot.org; dkim=pass header.i=@disroot.org
|
||||
From: <alice@disroot.org>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: myt6-c6cdcba1eefd.qloud-c.yandex.net; spf=pass (myt6-c6cdcba1eefd.qloud-c.yandex.net: domain of fastmail.com designates 66.111.4.28 as permitted sender, rule=[ip4:66.111.4.28]) smtp.mail=alice@fastmail.com; dkim=pass header.i=@fastmail.com
|
||||
From: <alice@fastmail.com>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: vla1-f55d97afef99.qloud-c.yandex.net; spf=pass (vla1-f55d97afef99.qloud-c.yandex.net: domain of gmail.com designates 2a00:1450:4864:20::443 as permitted sender, rule=[ip6:2a00:1450:4000::/36]) smtp.mail=alice@gmail.com; dkim=pass header.i=@gmail.com
|
||||
From: <alice@gmail.com>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,5 @@
|
||||
Authentication-Results: myt6-95f0aaf173a0.qloud-c.yandex.net; spf=pass (myt6-95f0aaf173a0.qloud-c.yandex.net: domain of hotmail.com designates 40.92.89.36 as permitted sender, rule=[ip4:40.92.0.0/15]) smtp.mail=alice@hotmail.com; dkim=pass header.i=@hotmail.com
|
||||
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
|
||||
dkim=none; arc=none
|
||||
From: <alice@hotmail.com>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: sas1-fadc704f0d28.qloud-c.yandex.net; spf=pass (sas1-fadc704f0d28.qloud-c.yandex.net: domain of icloud.com designates 17.57.155.16 as permitted sender, rule=[ip4:17.57.155.0/24]) smtp.mail=alice@icloud.com; dkim=pass header.i=@icloud.com
|
||||
From: <alice@icloud.com>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: sas2-8adc7f9fdb94.qloud-c.yandex.net; spf=pass (sas2-8adc7f9fdb94.qloud-c.yandex.net: domain of ik.me designates 185.125.25.12 as permitted sender, rule=[ip4:185.125.25.8/29]) smtp.mail=alice@ik.me; dkim=pass header.i=@ik.me
|
||||
From: <alice@ik.me>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: sas1-5ea632933308.qloud-c.yandex.net; spf=pass (sas1-5ea632933308.qloud-c.yandex.net: domain of mail.de designates 2001:868:100:600::217 as permitted sender, rule=[ip6:2001:868:100:600::/64]) smtp.mail=alice@mail.de; dkim=pass header.i=@mail.de
|
||||
From: <alice@mail.de>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: myt6-50f129ea7c6f.qloud-c.yandex.net; spf=pass (myt6-50f129ea7c6f.qloud-c.yandex.net: domain of mail.ru designates 94.100.181.251 as permitted sender, rule=[ip4:94.100.176.0/20]) smtp.mail=alice@mail.ru; dkim=pass header.i=@mail.ru
|
||||
From: <alice@mail.ru>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: vla5-bc29b3935b72.qloud-c.yandex.net; spf=pass (vla5-bc29b3935b72.qloud-c.yandex.net: domain of mailo.com designates 213.182.54.15 as permitted sender, rule=[ip4:213.182.54.0/24]) smtp.mail=alice@mailo.com; dkim=pass header.i=@mailo.com
|
||||
From: <alice@mailo.com>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,5 @@
|
||||
Authentication-Results: myt6-0c6ff95e6b5b.qloud-c.yandex.net; spf=pass (myt6-0c6ff95e6b5b.qloud-c.yandex.net: domain of outlook.com designates 40.92.58.101 as permitted sender, rule=[ip4:40.92.0.0/15]) smtp.mail=alice@outlook.com; dkim=pass header.i=@outlook.com
|
||||
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
|
||||
dkim=none; arc=none
|
||||
From: <alice@outlook.com>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: iva2-9b85764c69b5.qloud-c.yandex.net; spf=pass (iva2-9b85764c69b5.qloud-c.yandex.net: domain of posteo.de designates 185.67.36.66 as permitted sender, rule=[ip4:185.67.36.0/23]) smtp.mail=alice@posteo.de; dkim=pass header.i=@posteo.de
|
||||
From: <alice@posteo.de>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: iva4-be43fd783926.qloud-c.yandex.net; spf=pass (iva4-be43fd783926.qloud-c.yandex.net: domain of riseup.net designates 198.252.153.6 as permitted sender, rule=[a:mx0.riseup.net]) smtp.mail=alice@riseup.net; dkim=pass header.i=@riseup.net
|
||||
From: <alice@riseup.net>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: vla5-77e4a2c621ec.qloud-c.yandex.net; spf=pass (vla5-77e4a2c621ec.qloud-c.yandex.net: domain of yahoo.com designates 77.238.179.83 as permitted sender, rule=[ptr:yahoo.com]) smtp.mail=alice@yahoo.com; dkim=pass header.i=@yahoo.com
|
||||
From: <alice@yahoo.com>
|
||||
To: <alice@yandex.ru>
|
||||
@@ -0,0 +1,2 @@
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Reference in New Issue
Block a user