mirror of
https://github.com/mjl-/mox.git
synced 2024-12-25 16:03:48 +03:00
49 lines
1.5 KiB
Go
49 lines
1.5 KiB
Go
package dkim
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
// DefaultPolicy is the default DKIM policy.
|
|
//
|
|
// Signatures with a length restriction are rejected because it is hard to decide
|
|
// how many signed bytes should be required (none? at least half? all except
|
|
// max N bytes?). Also, it isn't likely email applications (MUAs) will be
|
|
// displaying the signed vs unsigned (partial) content differently, mostly
|
|
// because the encoded data is signed. E.g. half a base64 image could be
|
|
// signed, and the rest unsigned.
|
|
//
|
|
// Signatures without Subject field are rejected. The From header field is
|
|
// always required and does not need to be checked in the policy.
|
|
// Other signatures are accepted.
|
|
func DefaultPolicy(sig *Sig) error {
|
|
// ../rfc/6376:2088
|
|
// ../rfc/6376:2307
|
|
// ../rfc/6376:2706
|
|
// ../rfc/6376:1558
|
|
if sig.Length >= 0 {
|
|
return fmt.Errorf("l= for length not acceptable")
|
|
}
|
|
|
|
// ../rfc/6376:2139
|
|
// We require at least the following headers: From, Subject.
|
|
// You would expect To, Cc and Message-ID to also always be present.
|
|
// Microsoft appears to leave out To.
|
|
// Yahoo appears to leave out Message-ID.
|
|
// Multiple leave out Cc and other address headers.
|
|
// At least one newsletter did not sign Date.
|
|
var subject bool
|
|
for _, h := range sig.SignedHeaders {
|
|
subject = subject || strings.EqualFold(h, "subject")
|
|
}
|
|
var missing []string
|
|
if !subject {
|
|
missing = append(missing, "subject")
|
|
}
|
|
if len(missing) > 0 {
|
|
return fmt.Errorf("required header fields missing from signature: %s", strings.Join(missing, ", "))
|
|
}
|
|
|
|
return nil
|
|
}
|