Allow to send securejoin

2026-05-10 16:04:37 +00:00 · 2023-10-16 20:38:28 +00:00
4 changed files with 37 additions and 19 deletions
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -9,9 +9,8 @@ from aiosmtpd.controller import UnixSocketController
 from smtplib import SMTP as SMTPClient


-def check_encrypted(content):
+def check_encrypted(message):
    """Check that the message is an OpenPGP-encrypted message."""
-    message = BytesParser(policy=policy.default).parsebytes(content)
    if not message.is_multipart():
        return False
    if message.get("subject") != "...":
@@ -47,7 +46,8 @@ class ExampleHandler:

        valid_recipients = []

-        mail_encrypted = check_encrypted(envelope.content)
+        message = BytesParser(policy=policy.default).parsebytes(envelope.content)
+        mail_encrypted = check_encrypted(message)

        res = []
        for recipient in envelope.rcpt_tos:
@@ -68,7 +68,13 @@ class ExampleHandler:
                continue

            is_outgoing = recipient_local_domain[1] != my_local_domain[1]
-            if is_outgoing and not mail_encrypted:
+
+            if (
+                is_outgoing
+                and not mail_encrypted
+                and message.get("secure-join") != "vc-request"
+                and message.get("secure-join") != "vg-request"
+            ):
                res += ["500 Outgoing mail must be encrypted"]
                continue

--- a/chatmaild/src/chatmaild/test_filtermail.py
+++ b/chatmaild/src/chatmaild/test_filtermail.py
@@ -1,12 +1,16 @@
-import pytest
-
 from .filtermail import check_encrypted
+from email.parser import BytesParser
+from email import policy


 def test_filtermail():
-    assert not check_encrypted(b"foo")
+    def check_encrypted_bstr(content):
+        message = BytesParser(policy=policy.default).parsebytes(content)
+        return check_encrypted(message)

-    assert not check_encrypted(
+    assert not check_encrypted_bstr(b"foo")
+
+    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
@@ -36,7 +40,7 @@ def test_filtermail():
        ).encode()
    )

-    assert not check_encrypted(
+    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
@@ -67,7 +71,7 @@ def test_filtermail():
    )

    # https://xkcd.com/1181/
-    assert not check_encrypted(
+    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
@@ -99,7 +103,7 @@ def test_filtermail():
        ).encode()
    )

-    assert check_encrypted(
+    assert check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: ...",
@@ -172,7 +176,7 @@ def test_filtermail():
        ).encode()
    )

-    assert not check_encrypted(
+    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: Buy Penis Enlargement at www.malicious-domain.com",
@@ -245,7 +249,7 @@ def test_filtermail():
        ).encode()
    )

-    assert not check_encrypted(
+    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: Message opened",
--- a/online-tests/test_1_deltachat.py
+++ b/online-tests/test_1_deltachat.py
@@ -67,3 +67,17 @@ class TestEndToEndDeltaChat:
                    break

        pytest.fail("sending succeeded although messages should exceed quota")
+
+    def test_securejoin(self, cmfactory, lp, maildomain2):
+        ac1 = cmfactory.new_online_configuring_account(cache=False)
+        cmfactory.switch_maildomain(maildomain2)
+        ac2 = cmfactory.new_online_configuring_account(cache=False)
+        cmfactory.bring_accounts_online()
+
+        lp.sec("ac1: create QR code and let ac2 scan it, starting the securejoin")
+        qr = ac1.get_setup_contact_qr()
+
+        lp.sec("ac2: start QR-code based setup contact protocol")
+        ch = ac2.qr_setup_contact(qr)
+        assert ch.id >= 10
+        ac1._evtracker.wait_securejoin_inviter_progress(1000)
--- a/plan.txt
+++ b/plan.txt
@@ -8,12 +8,6 @@
 - limit: configure max-connections per account


-## Filtermail
-
- (alex, Only allow (outgoing) mails if secure-join or autocrypt-pgp-encrypted format.
-  TODO: mime-parse mails and check/add tests
-
-
 ## nami: send out rate limit / rspamd

 - basic outgoing send rate/limits (depending on "account-rating")