This is an automated email from the git hooks/post-receive script.
meskio pushed a commit to branch main in repository bridgedb.
commit f0b0f71e5fa2b7d6048eb32ebd31f8d3a2fc4278 Author: meskio meskio@torproject.org AuthorDate: Tue Dec 13 14:58:07 2022 +0100
Don't look for X-DKIM-Authentication-Results headers
opendkim produces 'Authentication-Results' header to indicate if the dkim signature is valid, but nothing in our current infraestructure produces or reads X-DKIM-Authentication-Results. Check only for 'Authentication-Results' so an attacker will not be able to fake an email without really comming from an authorized provider. --- bridgedb/distributors/email/dkim.py | 1 - bridgedb/test/test_email_dkim.py | 8 -------- 2 files changed, 9 deletions(-)
diff --git a/bridgedb/distributors/email/dkim.py b/bridgedb/distributors/email/dkim.py index c8b3378..1ac6508 100644 --- a/bridgedb/distributors/email/dkim.py +++ b/bridgedb/distributors/email/dkim.py @@ -35,7 +35,6 @@ from __future__ import unicode_literals import logging
headers = { - "X-DKIM-Authentication-Results": lambda s: s.startswith('pass'), "Authentication-Results": lambda s: 'dkim=pass' in s }
diff --git a/bridgedb/test/test_email_dkim.py b/bridgedb/test/test_email_dkim.py index e36657f..7966bf4 100644 --- a/bridgedb/test/test_email_dkim.py +++ b/bridgedb/test/test_email_dkim.py @@ -28,14 +28,6 @@ class CheckDKIMTests(unittest.TestCase): self.goodMessage = ["""\ From: user@gmail.com To: bridges@localhost -X-DKIM-Authentication-Results: pass -Subject: testing - -get bridges -""", -"""\ -From: user@gmail.com -To: bridges@localhost Authentication-Results: gmail.com; dkim=pass (1024-bit key; secure) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=squak header.b=ZFZSqaMU; dkim-atps=neutral