Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CNB] DKIMHook should also validate mail from #5265

Open
chibenwa opened this issue Sep 6, 2024 · 0 comments
Open

[CNB] DKIMHook should also validate mail from #5265

chibenwa opened this issue Sep 6, 2024 · 0 comments
Labels
customer enhancement

Comments

@chibenwa
Copy link
Member

chibenwa commented Sep 6, 2024

On port 25 we wishes that only mails originating from the platform (either authenticated OR DKIM signed) uses FROM local address in their mail headers.

GIVEN [email protected]
WHEN [email protected] sends a mail to a local user
AND uses `MAIL FROM: <[email protected]>` in the envelope
AND sets `From: [email protected]`
THEN the SMTP transaction on port 25 gets rejected as the mail is not DKIM signed

Note: legitimate use of local from from external sender is:

GIVEN [email protected] redirects mails to [email protected]
WHEN [email protected] sends a mail to [email protected]
THEN orange.fr will send us a mail using a local From but we shall accept it as the DKIM is valid...

What to do

Modify DKIMHook.DKIMCheckNeeded.onlyForSenderDomain in order to apply if the from of the envelope is matching the domain OR the *header from is matching the specified domain.

Special care needs to be taken in order to handle invalid header from (second clause is skept in case of error).

We need both unit and integration tests for this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
customer enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chibenwa