Skip to content

Commit

Permalink
v0.5.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@mdecimus
mdecimus committed Aug 9, 2024
1 parent 0996ded commit 5b57af6
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 14 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
mail-auth 0.5.0
================================
- Fix: Use public suffix list for DMARC relaxed alignment verification (#37)

mail-auth 0.4.3
================================
- Fix: Domain name length check in SPF verification (#34)
Expand Down
20 changes: 6 additions & 14 deletions src/dmarc/verify.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,14 +68,12 @@ impl Resolver {
let has_dkim_pass = dkim_output.iter().any(|o| o.result == DkimResult::Pass);
if spf_output.result == SpfResult::Pass || has_dkim_pass {
// Check SPF alignment
let from_subdomain = format!(".{}", domain_suffix_fn(rfc5322_from_domain));
let rfc5322_from_subdomain = domain_suffix_fn(rfc5322_from_domain);
if spf_output.result == SpfResult::Pass {
output.spf_result = if rfc5321_mail_from_domain == rfc5322_from_domain {
DmarcResult::Pass
} else if dmarc.aspf == Alignment::Relaxed
&& rfc5321_mail_from_domain.ends_with(&from_subdomain)
|| rfc5322_from_domain
.ends_with(&format!(".{}", domain_suffix_fn(rfc5321_mail_from_domain)))
&& domain_suffix_fn(rfc5321_mail_from_domain) == rfc5322_from_subdomain
{
output.policy = dmarc.sp;
DmarcResult::Pass
Expand All @@ -94,23 +92,17 @@ impl Resolver {
} else if dmarc.adkim == Alignment::Relaxed
&& dkim_output.iter().any(|o| {
o.result == DkimResult::Pass
&& (o.signature.as_ref().unwrap().d.ends_with(&from_subdomain)
|| rfc5322_from_domain.ends_with(&format!(
".{}",
domain_suffix_fn(&o.signature.as_ref().unwrap().d)
)))
&& domain_suffix_fn(&o.signature.as_ref().unwrap().d)
== rfc5322_from_subdomain
})
{
output.policy = dmarc.sp;
DmarcResult::Pass
} else {
if dkim_output.iter().any(|o| {
o.result == DkimResult::Pass
&& (o.signature.as_ref().unwrap().d.ends_with(&from_subdomain)
|| rfc5322_from_domain.ends_with(&format!(
".{}",
domain_suffix_fn(&o.signature.as_ref().unwrap().d)
)))
&& domain_suffix_fn(&o.signature.as_ref().unwrap().d)
== rfc5322_from_subdomain
}) {
output.policy = dmarc.sp;
}
Expand Down

0 comments on commit 5b57af6

Please sign in to comment.