Replace subject with [...] for outgoing mail

`authclean` cleanup server is used by reinjecting smtpd running on localhost:10025 by default. It runs after filtermail and currently removes `Received` header to avoid leaking IP address. Can as well be used to replace `Subject` lines with `Subject: [...]`. If there are multiple `Subject` lines, all of them should be replaced. This allows us to avoid dealing with localized subjects, including SecureJoin messages `vc-request` and `vg-request` which can have Subject lines like Subject: =?utf-8?q?Nachricht_von_nrn178fi4=40nine=2Etestrun=2Eorg?=
2026-05-10 16:04:37 +00:00 · 2025-01-29 00:01:51 +00:00
parent 5633582d31
commit 2daac76574
7 changed files with 33 additions and 76 deletions
--- a/chatmaild/src/chatmaild/common_encrypted_subjects.py
+++ b/chatmaild/src/chatmaild/common_encrypted_subjects.py
@@ -1,59 +0,0 @@
-"""Generated from deltachat, draft-ietf-lamps-header-protection, and
-encrypted_subject localizations in
-https://github.com/thunderbird/thunderbird-android/
-
-"""
-
-common_encrypted_subjects = {
-    "...",
-    "[...]",
-    "암호화된 메시지",
-    "Ĉifrita mesaĝo",
-    "Courriel chiffré",
-    "Dulrituð skilaboð",
-    "Encrypted Message",
-    "Fersifere berjocht",
-    "Kemennadenn enrineget",
-    "Krüptitud kiri",
-    "Krypterat meddelande",
-    "Krypteret besked",
-    "Kryptert melding",
-    "Mensagem criptografada",
-    "Mensagem encriptada",
-    "Mensaje cifrado",
-    "Mensaxe cifrada",
-    "Mesaj Criptat",
-    "Mesazh i Fshehtëzuar",
-    "Messaggio criptato",
-    "Messaghju cifratu",
-    "Missatge encriptat",
-    "Neges wedi'i Hamgryptio",
-    "Pesan terenkripsi",
-    "Salattu viesti",
-    "Şifreli İleti",
-    "Šifrēta ziņa",
-    "Šifrirana poruka",
-    "Šifrirano sporočilo",
-    "Šifruotas laiškas",
-    "Tin nhắn được mã hóa",
-    "Titkosított üzenet",
-    "Verschlüsselte Nachricht",
-    "Versleuteld bericht",
-    "Zašifrovaná zpráva",
-    "Zaszyfrowana wiadomość",
-    "Zifratu mezua",
-    "Κρυπτογραφημένο μήνυμα",
-    "Зашифроване повідомлення",
-    "Зашифрованное сообщение",
-    "Зашыфраваны ліст",
-    "Криптирано съобщение",
-    "Шифрована порука",
-    "დაშიფრული წერილი",
-    "הודעה מוצפנת",
-    "پیام رمزنگاری‌شده",
-    "رسالة مشفّرة",
-    "എൻക്രിപ്റ്റുചെയ്‌ത സന്ദേശം",
-    "加密邮件",
-    "已加密的訊息",
-    "暗号化されたメッセージ",
-}
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -12,7 +12,6 @@ from smtplib import SMTP as SMTPClient

 from aiosmtpd.controller import Controller

-from .common_encrypted_subjects import common_encrypted_subjects
 from .config import read_config


@@ -128,8 +127,6 @@ def check_encrypted(message):
    """
    if not message.is_multipart():
        return False
-    if message.get("subject") not in common_encrypted_subjects:
-        return False
    if message.get_content_type() != "multipart/encrypted":
        return False
    parts_count = 0
--- a/chatmaild/src/chatmaild/tests/plugin.py
+++ b/chatmaild/src/chatmaild/tests/plugin.py
@@ -69,7 +69,7 @@ def maildata(request):

    assert datadir.exists(), datadir

-    def maildata(name, from_addr, to_addr, subject="..."):
+    def maildata(name, from_addr, to_addr, subject="[...]"):
        # Using `.read_bytes().decode()` instead of `.read_text()` to preserve newlines.
        data = datadir.joinpath(name).read_bytes().decode()

--- a/chatmaild/src/chatmaild/tests/test_filtermail.py
+++ b/chatmaild/src/chatmaild/tests/test_filtermail.py
@@ -5,7 +5,6 @@ from chatmaild.filtermail import (
    SendRateLimiter,
    check_armored_payload,
    check_encrypted,
-    common_encrypted_subjects,
    is_securejoin,
 )

@@ -71,18 +70,13 @@ def test_filtermail_securejoin_detection(maildata):


 def test_filtermail_encryption_detection(maildata):
-    for subject in common_encrypted_subjects:
-        msg = maildata(
-            "encrypted.eml",
-            from_addr="1@example.org",
-            to_addr="2@example.org",
-            subject=subject,
-        )
-        assert check_encrypted(msg)
-
-    # if the subject is not a known encrypted subject value, it is not considered ac-encrypted
-    msg.replace_header("Subject", "Click this link")
-    assert not check_encrypted(msg)
+    msg = maildata(
+        "encrypted.eml",
+        from_addr="1@example.org",
+        to_addr="2@example.org",
+        subject="Subject does not matter, will be replaced anyway",
+    )
+    assert check_encrypted(msg)


 def test_filtermail_no_literal_packets(maildata):