Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-29 11:26:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

DKIM-Checking: Don't disallow keychanges for now (#3728)

Browse Source
This commit is contained in:
link2xt
2022-11-06 16:18:21 +00:00
parent ecab62a56b e21ea739d9
commit e648e4fb29
4 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -35,6 +35,8 @@
### Changes ### Changes
- allow sender timestamp to be in the future, but not too much - allow sender timestamp to be in the future, but not too much
- Disable the new "Authentication-Results/DKIM checking" security feature
until we have tested it a bit #3728
- refactorings #3706 - refactorings #3706
### Fixes ### Fixes

1
src/authres.rs
View File

@@ -644,6 +644,7 @@ Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@
.unwrap(); .unwrap();
} }
#[ignore = "Disallowing keychanges is disabled for now"]
#[tokio::test(flavor = "multi_thread", worker_threads = 2)] #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
async fn test_handle_authres_fails() -> Result<()> { async fn test_handle_authres_fails() -> Result<()> {
let mut tcm = TestContextManager::new(); let mut tcm = TestContextManager::new();

3
src/decrypt.rs
View File

@@ -79,7 +79,8 @@ pub async fn prepare_decryption(
from, from,
autocrypt_header.as_ref(), autocrypt_header.as_ref(),
message_time, message_time,
dkim_results.allow_keychange, // Disallowing keychanges is disabled for now:
true, // dkim_results.allow_keychange,
) )
.await?; .await?;

14
src/mimeparser.rs
View File

@@ -298,7 +298,8 @@ impl MimeMessage {
if let Some(peerstate) = &mut decryption_info.peerstate { if let Some(peerstate) = &mut decryption_info.peerstate {
if message_time > peerstate.last_seen_autocrypt if message_time > peerstate.last_seen_autocrypt
&& mail.ctype.mimetype != "multipart/report" && mail.ctype.mimetype != "multipart/report"
&& decryption_info.dkim_results.allow_keychange // Disallowing keychanges is disabled for now:
// && decryption_info.dkim_results.allow_keychange
{ {
peerstate.degrade_encryption(message_time); peerstate.degrade_encryption(message_time);
peerstate.save_to_db(&context.sql, false).await?; peerstate.save_to_db(&context.sql, false).await?;
@@ -372,11 +373,12 @@ impl MimeMessage {
parser.heuristically_parse_ndn(context).await; parser.heuristically_parse_ndn(context).await;
parser.parse_headers(context).await?; parser.parse_headers(context).await?;
if !decryption_info.dkim_results.allow_keychange { // Disallowing keychanges is disabled for now
for part in parser.parts.iter_mut() { // if !decryption_info.dkim_results.allow_keychange {
part.error = Some("Seems like DKIM failed, this either is an attack or (more likely) a bug in Authentication-Results checking. Please tell us about this at https://support.delta.chat.".to_string()); // for part in parser.parts.iter_mut() {
} // part.error = Some("Seems like DKIM failed, this either is an attack or (more likely) a bug in Authentication-Results checking. Please tell us about this at https://support.delta.chat.".to_string());
} // }
// }
if warn_empty_signature && parser.signatures.is_empty() { if warn_empty_signature && parser.signatures.is_empty() {
for part in parser.parts.iter_mut() { for part in parser.parts.iter_mut() {
part.error = Some("No valid signature".to_string()); part.error = Some("No valid signature".to_string());