simple-login/app
1
1
Fork 0
mirror of https://github.com/simple-login/app.git synced 2024-11-17 22:21:38 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #865 from simple-login/dmarc-soft-fail

Browse source 
Add a warning message to the email when it dmarc softfail
This commit is contained in:
Son Nguyen Kim 2022-03-30 21:08:36 +07:00 committed by GitHub
commit 358d777b9e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/errors.py
View file

@ -56,3 +56,8 @@ class MailSentFromReverseAlias(SLException):
"""raised when receiving an email sent from a reverse alias""" """raised when receiving an email sent from a reverse alias"""
pass pass
class DmarcSoftFail(SLException):
pass

20
email_handler.py
View file

@ -138,6 +138,7 @@ from app.errors import (
VERPForward, VERPForward,
VERPReply, VERPReply,
CannotCreateContactForReverseAlias, CannotCreateContactForReverseAlias,
DmarcSoftFail,
) )
from app.log import LOG, set_message_id from app.log import LOG, set_message_id
from app.models import ( from app.models import (
@ -549,18 +550,17 @@ def apply_dmarc_policy(
return None return None
from_header = get_header_unicode(msg[headers.FROM]) from_header = get_header_unicode(msg[headers.FROM])
# todo: remove when soft_fail email is put into quarantine
if spam_result.dmarc == DmarcCheckResult.soft_fail: if spam_result.dmarc == DmarcCheckResult.soft_fail:
LOG.w( LOG.w(
f"dmarc soft_fail from contact {contact.email} to alias {alias.email}." f"dmarc soft_fail from contact {contact.email} to alias {alias.email}."
f"mail_from:{envelope.mail_from}, from_header: {from_header}" f"mail_from:{envelope.mail_from}, from_header: {from_header}"
) )
return None raise DmarcSoftFail
if spam_result.dmarc in ( if spam_result.dmarc in (
DmarcCheckResult.quarantine, DmarcCheckResult.quarantine,
DmarcCheckResult.reject, DmarcCheckResult.reject,
# todo: disable soft_fail for now
# DmarcCheckResult.soft_fail,
): ):
LOG.w( LOG.w(
f"put email from {contact} to {alias} to quarantine. {spam_result.event_data()}, " f"put email from {contact} to {alias} to quarantine. {spam_result.event_data()}, "
@ -597,6 +597,7 @@ def apply_dmarc_policy(
ignore_smtp_error=True, ignore_smtp_error=True,
) )
return status.E215 return status.E215
return None return None
@ -715,9 +716,20 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
return [(True, res_status)] return [(True, res_status)]
# Check if we need to reject or quarantine based on dmarc # Check if we need to reject or quarantine based on dmarc
try:
dmarc_delivery_status = apply_dmarc_policy(alias, contact, envelope, msg) dmarc_delivery_status = apply_dmarc_policy(alias, contact, envelope, msg)
if dmarc_delivery_status is not None: if dmarc_delivery_status is not None:
return [(False, dmarc_delivery_status)] return [(False, dmarc_delivery_status)]
except DmarcSoftFail:
msg = add_header(
msg,
f"""This email failed anti-phishing checks when its received by SimpleLogin, be careful with its content.""",
f"""
<p style="color:red">
This email failed anti-phishing checks when its received by SimpleLogin, be careful with its content.
</p>
""",
)
ret = [] ret = []
mailboxes = alias.mailboxes mailboxes = alias.mailboxes