diff --git a/CHANGELOG.md b/CHANGELOG.md index 180ed752..f38c8992 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,9 @@ - remove MTA-STS daemon ([#488](https://github.com/deltachat/chatmail/pull/488)) +- replace `Subject` with `[...]` for all outgoing mails. + ([#481](https://github.com/deltachat/chatmail/pull/481)) + ## 1.5.0 2024-12-20 - cmdeploy dns: always show recommended DNS records diff --git a/chatmaild/src/chatmaild/common_encrypted_subjects.py b/chatmaild/src/chatmaild/common_encrypted_subjects.py deleted file mode 100644 index b693a522..00000000 --- a/chatmaild/src/chatmaild/common_encrypted_subjects.py +++ /dev/null @@ -1,59 +0,0 @@ -"""Generated from deltachat, draft-ietf-lamps-header-protection, and -encrypted_subject localizations in -https://github.com/thunderbird/thunderbird-android/ - -""" - -common_encrypted_subjects = { - "...", - "[...]", - "암호화된 메시지", - "Ĉifrita mesaĝo", - "Courriel chiffré", - "Dulrituð skilaboð", - "Encrypted Message", - "Fersifere berjocht", - "Kemennadenn enrineget", - "Krüptitud kiri", - "Krypterat meddelande", - "Krypteret besked", - "Kryptert melding", - "Mensagem criptografada", - "Mensagem encriptada", - "Mensaje cifrado", - "Mensaxe cifrada", - "Mesaj Criptat", - "Mesazh i Fshehtëzuar", - "Messaggio criptato", - "Messaghju cifratu", - "Missatge encriptat", - "Neges wedi'i Hamgryptio", - "Pesan terenkripsi", - "Salattu viesti", - "Şifreli İleti", - "Šifrēta ziņa", - "Šifrirana poruka", - "Šifrirano sporočilo", - "Šifruotas laiškas", - "Tin nhắn được mã hóa", - "Titkosított üzenet", - "Verschlüsselte Nachricht", - "Versleuteld bericht", - "Zašifrovaná zpráva", - "Zaszyfrowana wiadomość", - "Zifratu mezua", - "Κρυπτογραφημένο μήνυμα", - "Зашифроване повідомлення", - "Зашифрованное сообщение", - "Зашыфраваны ліст", - "Криптирано съобщение", - "Шифрована порука", - "დაშიფრული წერილი", - "הודעה מוצפנת", - "پیام رمزنگاری‌شده", - "رسالة مشفّرة", - "എൻക്രിപ്റ്റുചെയ്‌ത സന്ദേശം", - "加密邮件", - "已加密的訊息", - "暗号化されたメッセージ", -} diff --git a/chatmaild/src/chatmaild/filtermail.py b/chatmaild/src/chatmaild/filtermail.py index fcbb9c0b..38cfb578 100644 --- a/chatmaild/src/chatmaild/filtermail.py +++ b/chatmaild/src/chatmaild/filtermail.py @@ -12,7 +12,6 @@ from smtplib import SMTP as SMTPClient from aiosmtpd.controller import Controller -from .common_encrypted_subjects import common_encrypted_subjects from .config import read_config @@ -128,8 +127,6 @@ def check_encrypted(message): """ if not message.is_multipart(): return False - if message.get("subject") not in common_encrypted_subjects: - return False if message.get_content_type() != "multipart/encrypted": return False parts_count = 0 diff --git a/chatmaild/src/chatmaild/tests/plugin.py b/chatmaild/src/chatmaild/tests/plugin.py index 00b4c34a..e3938d04 100644 --- a/chatmaild/src/chatmaild/tests/plugin.py +++ b/chatmaild/src/chatmaild/tests/plugin.py @@ -69,7 +69,7 @@ def maildata(request): assert datadir.exists(), datadir - def maildata(name, from_addr, to_addr, subject="..."): + def maildata(name, from_addr, to_addr, subject="[...]"): # Using `.read_bytes().decode()` instead of `.read_text()` to preserve newlines. data = datadir.joinpath(name).read_bytes().decode() diff --git a/chatmaild/src/chatmaild/tests/test_filtermail.py b/chatmaild/src/chatmaild/tests/test_filtermail.py index 989378c4..24d5cad7 100644 --- a/chatmaild/src/chatmaild/tests/test_filtermail.py +++ b/chatmaild/src/chatmaild/tests/test_filtermail.py @@ -5,7 +5,6 @@ from chatmaild.filtermail import ( SendRateLimiter, check_armored_payload, check_encrypted, - common_encrypted_subjects, is_securejoin, ) @@ -71,18 +70,13 @@ def test_filtermail_securejoin_detection(maildata): def test_filtermail_encryption_detection(maildata): - for subject in common_encrypted_subjects: - msg = maildata( - "encrypted.eml", - from_addr="1@example.org", - to_addr="2@example.org", - subject=subject, - ) - assert check_encrypted(msg) - - # if the subject is not a known encrypted subject value, it is not considered ac-encrypted - msg.replace_header("Subject", "Click this link") - assert not check_encrypted(msg) + msg = maildata( + "encrypted.eml", + from_addr="1@example.org", + to_addr="2@example.org", + subject="Subject does not matter, will be replaced anyway", + ) + assert check_encrypted(msg) def test_filtermail_no_literal_packets(maildata): diff --git a/cmdeploy/src/cmdeploy/postfix/submission_header_cleanup b/cmdeploy/src/cmdeploy/postfix/submission_header_cleanup index 6439329f..0eedad9d 100644 --- a/cmdeploy/src/cmdeploy/postfix/submission_header_cleanup +++ b/cmdeploy/src/cmdeploy/postfix/submission_header_cleanup @@ -2,3 +2,4 @@ /^X-Originating-IP:/ IGNORE /^X-Mailer:/ IGNORE /^User-Agent:/ IGNORE +/^Subject:/ REPLACE Subject: [...] diff --git a/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py b/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py index f5f2c023..93e05846 100644 --- a/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py +++ b/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py @@ -115,6 +115,27 @@ def test_reject_missing_dkim(cmsetup, maildata, from_addr): s.sendmail(from_addr=from_addr, to_addrs=recipient.addr, msg=msg) +def test_rewrite_subject(cmsetup, maildata): + """Test that subject gets replaced with [...].""" + user1, user2 = cmsetup.gen_users(2) + + sent_msg = maildata( + "encrypted.eml", + from_addr=user1.addr, + to_addr=user2.addr, + subject="Unencrypted subject", + ).as_string() + user1.smtp.sendmail(from_addr=user1.addr, to_addrs=[user2.addr], msg=sent_msg) + + messages = user2.imap.fetch_all_messages() + assert len(messages) == 1 + rcvd_msg = messages[0] + assert "Subject: [...]" not in sent_msg + assert "Subject: [...]" in rcvd_msg + assert "Subject: Unencrypted subject" in sent_msg + assert "Subject: Unencrypted subject" not in rcvd_msg + + @pytest.mark.slow def test_exceed_rate_limit(cmsetup, gencreds, maildata, chatmail_config): """Test that the per-account send-mail limit is exceeded."""