Commit a65a9dbc authored by sikeda's avatar sikeda
Browse files

[bug] [Reported by R. Klorese, QueerNet] Despite that posts to the list are...

[bug] [Reported by R. Klorese, QueerNet] Despite that posts to the list are protected against DMARC aggressive policy, messages sent to owners or editors of the list are not.  Now such messages will also be protected.
More known bug: Messages sent to listmaster would also be protected.

ToDo: Test.


git-svn-id: https://subversion.renater.fr/sympa/branches/sympa-6.2-branch@12170 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce
parent cb6588f1
......@@ -2087,7 +2087,7 @@ sub _mail_message {
my $list = $message->{context};
# Shelve DMARC protection.
# Shelve DMARC protection, unless anonymization feature is enabled.
$message->{shelved}{dmarc_protect} = 1
if $list->{'admin'}{'dmarc_protection'}
and $list->{'admin'}{'dmarc_protection'}{'mode'}
......
......@@ -3308,8 +3308,8 @@ sub dmarc_protect {
my $dkimdomain = $list->{'admin'}{'dmarc_protection'}{'domain_regex'};
my $originalFromHeader = $self->get_header('From');
my $anonaddr;
my @addresses = Mail::Address->parse($originalFromHeader);
my @anonFrom;
my $anonphrase;
my @addresses = Mail::Address->parse($originalFromHeader);
my $dkimSignature = $self->get_header('DKIM-Signature');
my $origFrom = '';
my $mungeFrom = 0;
......@@ -3420,6 +3420,9 @@ sub dmarc_protect {
if ($mungeFrom) {
$log->syslog('debug', 'Will munge From field');
my $listtype = $self->{listtype} || '';
# Remove any DKIM signatures we find
if ($dkimSignature) {
$self->add_header('X-Original-DKIM-Signature', $dkimSignature);
......@@ -3435,10 +3438,19 @@ sub dmarc_protect {
my $newAddr;
my $displayName;
my $newComment;
$anonaddr = $list->{'admin'}{'dmarc_protection'}{'other_email'};
$anonaddr = $list->get_list_address()
unless $anonaddr and $anonaddr =~ /\@/;
@anonFrom = Mail::Address->parse($anonaddr);
if ($listtype eq 'owner' or $listtype eq 'editor') {
# -request or -editor address
$anonaddr = $list->get_list_address($listtype);
} else {
$anonaddr = $list->{'admin'}{'dmarc_protection'}{'other_email'};
$anonaddr = $list->get_list_address()
unless $anonaddr and $anonaddr =~ /\@/;
my @anonFrom = Mail::Address->parse($anonaddr);
if (@anonFrom) {
$anonaddr = $anonFrom[0]->address;
$anonphrase = $anonFrom[0]->phrase;
}
}
$log->syslog('debug', 'Anonymous From: %s', $anonaddr);
if (@addresses) {
......@@ -3459,14 +3471,34 @@ sub dmarc_protect {
$displayName =~ s/\@.*// unless $phraseMode =~ /email/;
}
if ($phraseMode =~ /list/) {
if ($newComment and $newComment =~ /\S/) {
$newComment =
$language->gettext_sprintf('%s via %s Mailing List',
$newComment, $list->{'name'});
if (defined $newComment and $newComment =~ /\S/) {
if ($listtype eq 'owner') {
$newComment = $language->gettext_sprintf(
'%s via Owner Address of %s Mailing List',
$newComment, $list->{'name'});
} elsif ($listtype eq 'editor') {
$newComment = $language->gettext_sprintf(
'%s via Editor Address of %s Mailing List',
$newComment, $list->{'name'});
} else {
$newComment = $language->gettext_sprintf(
'%s via %s Mailing List',
$newComment, $list->{'name'});
}
} else {
$newComment =
$language->gettext_sprintf('via %s Mailing List',
$list->{'name'});
if ($listtype eq 'owner') {
$newComment = $language->gettext_sprintf(
'via Owner Address of %s Mailing List',
$list->{'name'});
} elsif ($listtype eq 'editor') {
$newComment = $language->gettext_sprintf(
'via Editor Address of %s Mailing List',
$list->{'name'});
} else {
$newComment =
$language->gettext_sprintf('via %s Mailing List',
$list->{'name'});
}
}
}
$self->add_header('Reply-To', $addresses[0]->address)
......@@ -3474,20 +3506,19 @@ sub dmarc_protect {
}
# If the new From email address has a Phrase component, then
# append it
if (@anonFrom and $anonFrom[0]->phrase) {
if ($displayName and $displayName =~ /\S/) {
$displayName .= ' ' . $anonFrom[0]->phrase;
if (defined $anonphrase and length $anonphrase) {
if (defined $displayName and $displayName =~ /\S/) {
$displayName .= ' ' . $anonphrase;
} else {
$displayName = $anonFrom[0]->phrase;
$displayName = $anonphrase;
}
}
$displayName = $language->gettext('Anonymous')
unless $displayName and $displayName =~ /\S/;
unless defined $displayName and $displayName =~ /\S/;
$newAddr = tools::addrencode(
(@anonFrom ? $anonFrom[0]->address : $anonaddr), $displayName,
tools::lang2charset($language->get_lang), $newComment
);
$newAddr =
tools::addrencode($anonaddr, $displayName,
tools::lang2charset($language->get_lang), $newComment);
$self->add_header('X-Original-From', "$originalFromHeader");
$self->replace_header('From', $newAddr);
......
......@@ -1119,14 +1119,22 @@ sub DoForward {
}
# Add or remove several headers to forward message safely.
# The Sender: field should be added (overwritten) at least for Sender ID
# (a.k.a. SPF 2.0) compatibility. Note that Resent-Sender: field will be
# removed.
# - Add X-Loop: field to mitigate mail looping.
# - The Sender: field should be added (overwritten) at least for Sender ID
# (a.k.a. SPF 2.0) compatibility. Note that Resent-Sender: field will
# be removed.
# - Apply DMARC protection if needed.
#FIXME: Existing DKIM signature depends on these headers will be broken.
#FIXME: Currently messages via -request and -editor addresses will be
# protected against DMARC if neccessary. The listmaster address
# would be protected, too.
$message->add_header('X-Loop', $recipient);
$message->replace_header('Sender',
Conf::get_robot_conf($robot, 'request'));
$message->delete_header('Resent-Sender');
if ($function eq 'owner' or $function eq 'editor') {
$message->dmarc_protect if $list;
}
# Overwrite envelope sender. It is REQUIRED for delivery.
$message->{envelope_sender} = Conf::get_robot_conf($robot, 'request');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment