Skip to content

Commit

Permalink
fix: do not modify DKIM signature header keys such as X-Report-Abuse-…
Browse files Browse the repository at this point in the history 
…To if signed in DKIM signature header value
  • Loading branch information
@titanism
titanism committed Dec 18, 2024
1 parent 27eb81d commit 41048f6
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 12 deletions.
2 changes: 1 addition & 1 deletion helpers/on-data-mx.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1427,7 +1427,7 @@ async function onDataMX(raw, session, headers, body) {
//

// add X-* headers (e.g. version + report-to)
await updateHeaders(headers);
await updateHeaders(headers, session);

// additional headers to add specifically for MX
// (this also does a friendly-from rewrite if necessary)
Expand Down
39 changes: 28 additions & 11 deletions helpers/update-headers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,36 @@

const config = require('#config');

function updateHeaders(headers) {
for (const key of [
'x-report-abuse-to',
'x-report-abuse',
'x-complaints-to',
'x-forwardemail-version'
]) {
headers.remove(key);
//
// NOTE: we pass `headers` here because we don't want to update header values
// for those that were signed with someone's DKIM signature
// (e.g. algolia.com signs via mailjet with X-Report-Abuse-To as a key)
// and if we modify it then the header chain will break of course
//
function updateHeaders(headers, session) {
const keys = new Set();

if (
Array.isArray(session?.dkim?.results) &&
session.dkim.results.length > 0
) {
for (const result of session.dkim.results) {
if (typeof result?.signingHeaders?.keys !== 'string') continue;
for (const key of result.signingHeaders.keys.split(':')) {
keys.add(key.toLowerCase().trim());
}
}
}

headers.add('X-Report-Abuse-To', config.abuseEmail, headers.lines.length);
headers.add('X-Report-Abuse', config.abuseEmail, headers.lines.length);
headers.add('X-Complaints-To', config.abuseEmail, headers.lines.length);
if (!keys.has('x-report-abuse-to'))
headers.add('X-Report-Abuse-To', config.abuseEmail, headers.lines.length);

if (!keys.has('x-report-abuse'))
headers.add('X-Report-Abuse', config.abuseEmail, headers.lines.length);

if (!keys.has('x-complaints-to'))
headers.add('X-Complaints-To', config.abuseEmail, headers.lines.length);

headers.add(
'X-ForwardEmail-Version',
config.pkg.version,
Expand Down

0 comments on commit 41048f6

Please sign in to comment.