cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-19 04:18:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

filtermail: remove support for unencrypted MDNs

Browse Source 
Delta Chat does not send them since 1.43.
1.44 has been released for a while already
and 1.46 is in the process of being released.
This commit is contained in:
link2xt
2024-06-11 02:41:59 +00:00
parent 1ce0a2b0ba
commit 72f4e9edbf
3 changed files with 4 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -2,7 +2,7 @@
## untagged ## untagged
- improve filtermail checks for encrypted messages - improve filtermail checks for encrypted messages and drop support for unencrypted MDNs
([#320](https://github.com/deltachat/chatmail/pull/320)) ([#320](https://github.com/deltachat/chatmail/pull/320))
## 1.3.0 - 2024-06-06 ## 1.3.0 - 2024-06-06

31
chatmaild/src/chatmaild/filtermail.py
View File

@@ -66,34 +66,6 @@ def check_encrypted(message):
return True return True
def check_mdn(message, envelope):
if len(envelope.rcpt_tos) != 1:
return False
for name in ["auto-submitted", "chat-version"]:
if not message.get(name):
return False
if message.get_content_type() != "multipart/report":
return False
body = message.get_body()
if body.get_content_type() != "text/plain":
return False
if list(body.iter_attachments()) or list(body.iter_parts()):
return False
# even with all mime-structural checks an attacker
# could try to abuse the subject or body to contain links or other
# annoyance -- we skip on checking subject/body for now as Delta Chat
# should evolve to create E2E-encrypted read receipts anyway.
# and then MDNs are just encrypted mail and can pass the border
# to other instances.
return True
async def asyncmain_beforequeue(config): async def asyncmain_beforequeue(config):
port = config.filtermail_smtp_port port = config.filtermail_smtp_port
Controller(BeforeQueueHandler(config), hostname="127.0.0.1", port=port).start() Controller(BeforeQueueHandler(config), hostname="127.0.0.1", port=port).start()
@@ -139,9 +111,6 @@ class BeforeQueueHandler:
if envelope.mail_from.lower() != from_addr.lower(): if envelope.mail_from.lower() != from_addr.lower():
return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>" return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>"
if not mail_encrypted and check_mdn(message, envelope):
return
if envelope.mail_from in self.config.passthrough_senders: if envelope.mail_from in self.config.passthrough_senders:
return return

28
chatmaild/src/chatmaild/tests/test_filtermail.py
View File

@@ -3,7 +3,6 @@ from chatmaild.filtermail import (
BeforeQueueHandler, BeforeQueueHandler,
SendRateLimiter, SendRateLimiter,
check_encrypted, check_encrypted,
check_mdn,
) )
@@ -62,34 +61,13 @@ def test_filtermail_encryption_detection(maildata):
assert not check_encrypted(msg) assert not check_encrypted(msg)
def test_filtermail_is_mdn(maildata, gencreds, handler): def test_filtermail_unencrypted_mdn(maildata, gencreds):
"""Unencrypted MDNs should not pass."""
from_addr = gencreds()[0] from_addr = gencreds()[0]
to_addr = gencreds()[0] + ".other" to_addr = gencreds()[0] + ".other"
msg = maildata("mdn.eml", from_addr, to_addr) msg = maildata("mdn.eml", from_addr, to_addr)
class env: assert not check_encrypted(msg)
mail_from = from_addr
rcpt_tos = [to_addr]
content = msg.as_bytes()
assert check_mdn(msg, env)
print(msg.as_string())
assert not handler.check_DATA(env)
def test_filtermail_to_multiple_recipients_no_mdn(maildata, gencreds):
from_addr = gencreds()[0]
to_addr = gencreds()[0] + ".other"
thirdaddr = gencreds()[0]
msg = maildata("mdn.eml", from_addr, to_addr)
class env:
mail_from = from_addr
rcpt_tos = [to_addr, thirdaddr]
content = msg.as_bytes()
assert not check_mdn(msg, env)
def test_send_rate_limiter(): def test_send_rate_limiter():