cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-22 05:48:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Reject DKIM signatures that do not cover the whole message body

Browse Source
This commit is contained in:
link2xt
2024-06-11 21:57:58 +00:00
parent 2b5d903cc5
commit 57c29c14a4
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -2,6 +2,9 @@
## untagged ## untagged
- Reject DKIM signatures that do not cover the whole message body.
([#321](https://github.com/deltachat/chatmail/pull/321))
- check that OpenPGP has only PKESK, SKESK and SEIPD packets - check that OpenPGP has only PKESK, SKESK and SEIPD packets
([#323](https://github.com/deltachat/chatmail/pull/323), ([#323](https://github.com/deltachat/chatmail/pull/323),
[#324](https://github.com/deltachat/chatmail/pull/324)) [#324](https://github.com/deltachat/chatmail/pull/324))

4
cmdeploy/src/cmdeploy/opendkim/final.lua
View File

@@ -19,9 +19,13 @@ for i = 1, nsigs do
-- Any valid signature that was not ignored like this -- Any valid signature that was not ignored like this
-- means the message is acceptable. -- means the message is acceptable.
if sigres == 0 then if sigres == 0 then
-- Do not accept the signature if it does not cover the whole body
-- of the message by using `l=` tag.
if odkim.sig_canonlength(ctx, sig) < odkim.sig_bodylength(ctx, sig) then
return nil return nil
end end
end end
end
odkim.set_reply(ctx, "554", "5.7.1", "No valid DKIM signature found") odkim.set_reply(ctx, "554", "5.7.1", "No valid DKIM signature found")
odkim.set_result(ctx, SMFIS_REJECT) odkim.set_result(ctx, SMFIS_REJECT)