cqrenet/relay
3
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-10 16:04:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow to send securejoin

Browse Source
This commit is contained in:
link2xt
2023-10-16 01:16:17 +00:00
parent 408da296f1
commit 20d9947573
4 changed files with 37 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
chatmaild/src/chatmaild/filtermail.py
View File

@@ -9,9 +9,8 @@ from aiosmtpd.controller import UnixSocketController
from smtplib import SMTP as SMTPClient from smtplib import SMTP as SMTPClient
def check_encrypted(content): def check_encrypted(message):
"""Check that the message is an OpenPGP-encrypted message.""" """Check that the message is an OpenPGP-encrypted message."""
message = BytesParser(policy=policy.default).parsebytes(content)
if not message.is_multipart(): if not message.is_multipart():
return False return False
if message.get("subject") != "...": if message.get("subject") != "...":
@@ -47,7 +46,8 @@ class ExampleHandler:
valid_recipients = [] valid_recipients = []
mail_encrypted = check_encrypted(envelope.content) message = BytesParser(policy=policy.default).parsebytes(envelope.content)
mail_encrypted = check_encrypted(message)
res = [] res = []
for recipient in envelope.rcpt_tos: for recipient in envelope.rcpt_tos:
@@ -68,7 +68,13 @@ class ExampleHandler:
continue continue
is_outgoing = recipient_local_domain[1] != my_local_domain[1] is_outgoing = recipient_local_domain[1] != my_local_domain[1]
if is_outgoing and not mail_encrypted:
if (
is_outgoing
and not mail_encrypted
and message.get("secure-join") != "vc-request"
and message.get("secure-join") != "vg-request"
):
res += ["500 Outgoing mail must be encrypted"] res += ["500 Outgoing mail must be encrypted"]
continue continue

22
chatmaild/src/chatmaild/test_filtermail.py
View File

@@ -1,12 +1,16 @@
import pytest
from .filtermail import check_encrypted from .filtermail import check_encrypted
from email.parser import BytesParser
from email import policy
def test_filtermail(): def test_filtermail():
assert not check_encrypted(b"foo") def check_encrypted_bstr(content):
message = BytesParser(policy=policy.default).parsebytes(content)
return check_encrypted(message)
assert not check_encrypted( assert not check_encrypted_bstr(b"foo")
assert not check_encrypted_bstr(
"\r\n".join( "\r\n".join(
[ [
"Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=", "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
@@ -36,7 +40,7 @@ def test_filtermail():
).encode() ).encode()
) )
assert not check_encrypted( assert not check_encrypted_bstr(
"\r\n".join( "\r\n".join(
[ [
"Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=", "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
@@ -67,7 +71,7 @@ def test_filtermail():
) )
# https://xkcd.com/1181/ # https://xkcd.com/1181/
assert not check_encrypted( assert not check_encrypted_bstr(
"\r\n".join( "\r\n".join(
[ [
"Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=", "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
@@ -99,7 +103,7 @@ def test_filtermail():
).encode() ).encode()
) )
assert check_encrypted( assert check_encrypted_bstr(
"\r\n".join( "\r\n".join(
[ [
"Subject: ...", "Subject: ...",
@@ -172,7 +176,7 @@ def test_filtermail():
).encode() ).encode()
) )
assert not check_encrypted( assert not check_encrypted_bstr(
"\r\n".join( "\r\n".join(
[ [
"Subject: Buy Penis Enlargement at www.malicious-domain.com", "Subject: Buy Penis Enlargement at www.malicious-domain.com",
@@ -245,7 +249,7 @@ def test_filtermail():
).encode() ).encode()
) )
assert not check_encrypted( assert not check_encrypted_bstr(
"\r\n".join( "\r\n".join(
[ [
"Subject: Message opened", "Subject: Message opened",

14
online-tests/test_1_deltachat.py
View File

@@ -67,3 +67,17 @@ class TestEndToEndDeltaChat:
break break
pytest.fail("sending succeeded although messages should exceed quota") pytest.fail("sending succeeded although messages should exceed quota")
def test_securejoin(self, cmfactory, lp, maildomain2):
ac1 = cmfactory.new_online_configuring_account(cache=False)
cmfactory.switch_maildomain(maildomain2)
ac2 = cmfactory.new_online_configuring_account(cache=False)
cmfactory.bring_accounts_online()
lp.sec("ac1: create QR code and let ac2 scan it, starting the securejoin")
qr = ac1.get_setup_contact_qr()
lp.sec("ac2: start QR-code based setup contact protocol")
ch = ac2.qr_setup_contact(qr)
assert ch.id >= 10
ac1._evtracker.wait_securejoin_inviter_progress(1000)

6
plan.txt
View File

@@ -8,12 +8,6 @@
- limit: configure max-connections per account - limit: configure max-connections per account
## Filtermail
- (alex, Only allow (outgoing) mails if secure-join or autocrypt-pgp-encrypted format.
TODO: mime-parse mails and check/add tests
## nami: send out rate limit / rspamd ## nami: send out rate limit / rspamd
- basic outgoing send rate/limits (depending on "account-rating") - basic outgoing send rate/limits (depending on "account-rating")