filtermail: remove support for unencrypted MDNs

Delta Chat does not send them since 1.43. 1.44 has been released for a while already and 1.46 is in the process of being released.
2026-05-11 16:34:39 +00:00 · 2024-06-11 02:41:59 +00:00
parent 1ce0a2b0ba
commit 72f4e9edbf
3 changed files with 4 additions and 57 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@

 ## untagged

- improve filtermail checks for encrypted messages
+- improve filtermail checks for encrypted messages and drop support for unencrypted MDNs
  ([#320](https://github.com/deltachat/chatmail/pull/320))

 ## 1.3.0 - 2024-06-06
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -66,34 +66,6 @@ def check_encrypted(message):
    return True


-def check_mdn(message, envelope):
-    if len(envelope.rcpt_tos) != 1:
-        return False
-
-    for name in ["auto-submitted", "chat-version"]:
-        if not message.get(name):
-            return False
-
-    if message.get_content_type() != "multipart/report":
-        return False
-
-    body = message.get_body()
-    if body.get_content_type() != "text/plain":
-        return False
-
-    if list(body.iter_attachments()) or list(body.iter_parts()):
-        return False
-
-    # even with all mime-structural checks an attacker
-    # could try to abuse the subject or body to contain links or other
-    # annoyance -- we skip on checking subject/body for now as Delta Chat
-    # should evolve to create E2E-encrypted read receipts anyway.
-    # and then MDNs are just encrypted mail and can pass the border
-    # to other instances.
-
-    return True
-
-
 async def asyncmain_beforequeue(config):
    port = config.filtermail_smtp_port
    Controller(BeforeQueueHandler(config), hostname="127.0.0.1", port=port).start()
@@ -139,9 +111,6 @@ class BeforeQueueHandler:
        if envelope.mail_from.lower() != from_addr.lower():
            return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>"

-        if not mail_encrypted and check_mdn(message, envelope):
-            return
-
        if envelope.mail_from in self.config.passthrough_senders:
            return

--- a/chatmaild/src/chatmaild/tests/test_filtermail.py
+++ b/chatmaild/src/chatmaild/tests/test_filtermail.py
@@ -3,7 +3,6 @@ from chatmaild.filtermail import (
    BeforeQueueHandler,
    SendRateLimiter,
    check_encrypted,
-    check_mdn,
 )


@@ -62,34 +61,13 @@ def test_filtermail_encryption_detection(maildata):
    assert not check_encrypted(msg)


-def test_filtermail_is_mdn(maildata, gencreds, handler):
+def test_filtermail_unencrypted_mdn(maildata, gencreds):
+    """Unencrypted MDNs should not pass."""
    from_addr = gencreds()[0]
    to_addr = gencreds()[0] + ".other"
    msg = maildata("mdn.eml", from_addr, to_addr)

-    class env:
-        mail_from = from_addr
-        rcpt_tos = [to_addr]
-        content = msg.as_bytes()
-
-    assert check_mdn(msg, env)
-    print(msg.as_string())
-
-    assert not handler.check_DATA(env)
-
-
-def test_filtermail_to_multiple_recipients_no_mdn(maildata, gencreds):
-    from_addr = gencreds()[0]
-    to_addr = gencreds()[0] + ".other"
-    thirdaddr = gencreds()[0]
-    msg = maildata("mdn.eml", from_addr, to_addr)
-
-    class env:
-        mail_from = from_addr
-        rcpt_tos = [to_addr, thirdaddr]
-        content = msg.as_bytes()
-
-    assert not check_mdn(msg, env)
+    assert not check_encrypted(msg)


 def test_send_rate_limiter():