mirror of
https://github.com/chatmail/core.git
synced 2026-04-27 18:36:30 +03:00
Check DKIM Authentication-Results (#3583)
Fix #3507 Note that this is not intended for a release at this point! We first have to test whether it runs stable enough. If we want to make a release while we are not confident enough in authres-checking, then we have to disable it. BTW, most of the 3000 new lines are in `test_data/messages/dkimchecks...`, not the actual code da3a4b94 adds the results to the Message info. It currently does this by adding them to `hop_info`. Maybe we should rename `hop_info` to `extra_info` or something; this has the disadvantage that we can't rename the sql column name though. Follow-ups for this could be: - In `update_authservid_candidates()`: Implement the rest of the algorithm @hpk42 and me thought about. What's missing is remembering how sure we are that these are the right authserv-ids. Esp., when receiving a message sent from another account at the same domain, we can be quite sure that the authserv-ids in there are the ones of our email server. This will make authres-checking work with buzon.uy, disroot.org, yandex.ru, mailo.com, and riseup.net. - Think about how we present this to the user - e.g. currently the only change is that we don't accept key changes, which will mean that the small lock on the message is not shown. - And it will mean that we can fully enable AEAP, after revisiting the security implications of this, and assuming everyone (esp. @link2xt who pointed out the problems in the first place) feels comfortable with it.
This commit is contained in:
Hocuri
GitHub
23
test-data/message/dkimchecks_strip.sh
Normal file
23
test-data/message/dkimchecks_strip.sh
Normal file
@@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
# This is a small script I used to strip all the unnecessary information from the realworldemails before committing them, to avoid blowing up the repo size.
|
||||
# Also, I deleted deltachattest@outlook.com/deltachat-dev@posteo.de.
|
||||
# Also, I anonymized them using
|
||||
# for n in ...; do rename $n alice *; done
|
||||
# for n in ...; do rename $n alice */*; done
|
||||
# for n in ...; do find ./ -type f -exec sed -i -e "s/${n}/alice/g" {} \; ;done
|
||||
# (replace ... with the list of localparts in the email addresses)
|
||||
set -euxo pipefail
|
||||
cd dkimchecks-2022-09-28
|
||||
parent_dir=$PWD
|
||||
for d in *; do
|
||||
cd $d
|
||||
for file in *; do
|
||||
if ! [[ -s $file ]]; then
|
||||
rm $file || true
|
||||
else
|
||||
python3 $parent_dir/../dkimchecks_strip.py < $file > ${file}-new
|
||||
mv -f ${file}-new $file
|
||||
fi
|
||||
done
|
||||
cd $parent_dir
|
||||
done
|
||||
Reference in New Issue
Block a user