mox/smtpserver/alignment.go

package smtpserver

import (
	"context"

	"github.com/mjl-/mox/dkim"
	"github.com/mjl-/mox/dns"
	"github.com/mjl-/mox/mlog"
	"github.com/mjl-/mox/publicsuffix"
	"github.com/mjl-/mox/spf"
	"github.com/mjl-/mox/store"
)

// Alignment compares the msgFromDomain with the dkim and spf results, and returns
// a validation, one of: Strict, Relaxed, None.
func alignment(ctx context.Context, log mlog.Log, msgFromDomain dns.Domain, dkimResults []dkim.Result, spfStatus spf.Status, spfIdentity *dns.Domain) store.Validation {
	var strict, relaxed bool
	msgFromOrgDomain := publicsuffix.Lookup(ctx, log.Logger, msgFromDomain)

	// todo: should take temperror and permerror into account.
	for _, dr := range dkimResults {
		if dr.Status != dkim.StatusPass || dr.Sig == nil {
			continue
		}
		if dr.Sig.Domain == msgFromDomain {
			strict = true
			break
		} else {
			relaxed = relaxed || msgFromOrgDomain == publicsuffix.Lookup(ctx, log.Logger, dr.Sig.Domain)
		}
	}
	if !strict && spfStatus == spf.StatusPass {
		strict = msgFromDomain == *spfIdentity
		relaxed = relaxed || msgFromOrgDomain == publicsuffix.Lookup(ctx, log.Logger, *spfIdentity)
	}
	if strict {
		return store.ValidationStrict
	}
	if relaxed {
		return store.ValidationRelaxed
	}
	return store.ValidationNone
}
mox! 2023-01-30 16:27:06 +03:00			`package smtpserver`

			`import (`
			`"context"`

			`"github.com/mjl-/mox/dkim"`
			`"github.com/mjl-/mox/dns"`
switch to slog.Logger for logging, for easier reuse of packages by external software we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog. 2023-12-05 15:35:58 +03:00			`"github.com/mjl-/mox/mlog"`
mox! 2023-01-30 16:27:06 +03:00			`"github.com/mjl-/mox/publicsuffix"`
			`"github.com/mjl-/mox/spf"`
			`"github.com/mjl-/mox/store"`
			`)`

			`// Alignment compares the msgFromDomain with the dkim and spf results, and returns`
			`// a validation, one of: Strict, Relaxed, None.`
switch to slog.Logger for logging, for easier reuse of packages by external software we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog. 2023-12-05 15:35:58 +03:00			`func alignment(ctx context.Context, log mlog.Log, msgFromDomain dns.Domain, dkimResults []dkim.Result, spfStatus spf.Status, spfIdentity *dns.Domain) store.Validation {`
mox! 2023-01-30 16:27:06 +03:00			`var strict, relaxed bool`
switch to slog.Logger for logging, for easier reuse of packages by external software we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog. 2023-12-05 15:35:58 +03:00			`msgFromOrgDomain := publicsuffix.Lookup(ctx, log.Logger, msgFromDomain)`
mox! 2023-01-30 16:27:06 +03:00
			`// todo: should take temperror and permerror into account.`
			`for _, dr := range dkimResults {`
			`if dr.Status != dkim.StatusPass \|\| dr.Sig == nil {`
			`continue`
			`}`
			`if dr.Sig.Domain == msgFromDomain {`
			`strict = true`
			`break`
			`} else {`
switch to slog.Logger for logging, for easier reuse of packages by external software we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog. 2023-12-05 15:35:58 +03:00			`relaxed = relaxed \|\| msgFromOrgDomain == publicsuffix.Lookup(ctx, log.Logger, dr.Sig.Domain)`
mox! 2023-01-30 16:27:06 +03:00			`}`
			`}`
			`if !strict && spfStatus == spf.StatusPass {`
			`strict = msgFromDomain == *spfIdentity`
switch to slog.Logger for logging, for easier reuse of packages by external software we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog. 2023-12-05 15:35:58 +03:00			`relaxed = relaxed \|\| msgFromOrgDomain == publicsuffix.Lookup(ctx, log.Logger, *spfIdentity)`
mox! 2023-01-30 16:27:06 +03:00			`}`
			`if strict {`
			`return store.ValidationStrict`
			`}`
			`if relaxed {`
			`return store.ValidationRelaxed`
			`}`
			`return store.ValidationNone`
			`}`