From a0c49d54bd57756388e03e5dd378853c1aadef93 Mon Sep 17 00:00:00 2001
From: holger krekel <holger@merlinux.eu>
Date: Sun, 22 Oct 2023 14:52:54 +0200
Subject: [PATCH] follow link2xt advise and don't check subject/body at all --
 turns out there were no tests anyway.

---
 chatmaild/src/chatmaild/filtermail.py | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/chatmaild/src/chatmaild/filtermail.py b/chatmaild/src/chatmaild/filtermail.py
index 0d6638ba..66562569 100644
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -54,17 +54,10 @@ def check_mdn(message, envelope):
 
     # even with all mime-structural checks an attacker
     # could try to abuse the subject or body to contain links or other
-    # annoyance -- we only check for http links for now
-    # and reasonable sizes
-
-    subject = message.get("subject")
-    if "http" in subject or len(subject) > 50:
-        return False  # actually could serve as a flag for malicious attempt
-
-    text = body.get_payload()
-    # how long the read-receipt can become?
-    if len(text) > 500 or "http" in text:
-        return False
+    # annoyance -- we skip on checking subject/body for now as Delta Chat
+    # should evolve to create E2E-encrypted read receipts anyway.
+    # and then MDNs are just encrypted mail and can pass the border
+    # to other instances.
 
     return True