Verified Commit f0b0f71e authored by meskio's avatar meskio 🏔️
Browse files

Don't look for X-DKIM-Authentication-Results headers 

opendkim produces 'Authentication-Results' header to indicate if the
dkim signature is valid, but nothing in our current infraestructure
produces or reads X-DKIM-Authentication-Results. Check only for
'Authentication-Results' so an attacker will not be able to fake an
email without really comming from an authorized provider.
parent ba694e10

bridgedb/distributors/email/dkim.py

+0 −1
Original line number Diff line number Diff line
@@ -35,7 +35,6 @@ from __future__ import unicode_literals 
import logging



headers = {

    "X-DKIM-Authentication-Results": lambda s: s.startswith('pass'),

    "Authentication-Results": lambda s: 'dkim=pass' in s

}

bridgedb/test/test_email_dkim.py

+0 −8
Original line number Diff line number Diff line
@@ -28,14 +28,6 @@ class CheckDKIMTests(unittest.TestCase): 
        self.goodMessage = ["""\

From: user@gmail.com

To: bridges@localhost

X-DKIM-Authentication-Results: pass

Subject: testing



get bridges

""",

"""\

From: user@gmail.com

To: bridges@localhost

Authentication-Results: gmail.com;

	dkim=pass (1024-bit key; secure) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=squak header.b=ZFZSqaMU;

	dkim-atps=neutral