mailauth 4.6.1 → 4.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/lib/bimi/index.js +7 -0
- package/lib/dkim/dkim-verifier.js +10 -1
- package/lib/dmarc/verify.js +2 -2
- package/lib/mailauth.js +8 -1
- package/lib/tools.js +20 -7
- package/man/mailauth.1 +1 -1
- package/package.json +2 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [4.6.2](https://github.com/postalsys/mailauth/compare/v4.6.1...v4.6.2) (2024-01-25)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Bug Fixes
|
|
7
|
+
|
|
8
|
+
* **bimi:** skip bimi with oversized DKIM signatures ([d666d74](https://github.com/postalsys/mailauth/commit/d666d7476cbcae8b3161c78a7e737559ad112fd9))
|
|
9
|
+
|
|
3
10
|
## [4.6.1](https://github.com/postalsys/mailauth/compare/v4.6.0...v4.6.1) (2024-01-24)
|
|
4
11
|
|
|
5
12
|
|
package/lib/bimi/index.js
CHANGED
|
@@ -51,6 +51,13 @@ const lookup = async data => {
|
|
|
51
51
|
return response;
|
|
52
52
|
}
|
|
53
53
|
|
|
54
|
+
if (dmarc.alignment?.dkim?.overSized) {
|
|
55
|
+
response.status.result = 'skipped';
|
|
56
|
+
response.status.comment = 'Oversized DKIM signature';
|
|
57
|
+
response.info = formatAuthHeaderRow('bimi', response.status);
|
|
58
|
+
return response;
|
|
59
|
+
}
|
|
60
|
+
|
|
54
61
|
const authorDomain = dmarc.status?.header?.from;
|
|
55
62
|
const orgDomain = dmarc.domain;
|
|
56
63
|
|
|
@@ -7,6 +7,7 @@ const { generateCanonicalizedHeader } = require('./header');
|
|
|
7
7
|
const { getARChain } = require('../arc');
|
|
8
8
|
const addressparser = require('nodemailer/lib/addressparser');
|
|
9
9
|
const crypto = require('crypto');
|
|
10
|
+
const { v4: uuidv4 } = require('uuid');
|
|
10
11
|
|
|
11
12
|
class DkimVerifier extends MessageParser {
|
|
12
13
|
constructor(options) {
|
|
@@ -204,7 +205,9 @@ class DkimVerifier extends MessageParser {
|
|
|
204
205
|
};
|
|
205
206
|
|
|
206
207
|
if (signatureHeader.type === 'DKIM' && this.headerFrom?.length) {
|
|
207
|
-
status.aligned = this.headerFrom?.length
|
|
208
|
+
status.aligned = this.headerFrom?.length
|
|
209
|
+
? getAlignment(this.headerFrom[0].split('@').pop(), [signatureHeader.signingDomain])?.domain || false
|
|
210
|
+
: false;
|
|
208
211
|
}
|
|
209
212
|
|
|
210
213
|
let bodyHash = this.bodyHashes.get(signatureHeader.bodyHashKey)?.hash;
|
|
@@ -305,6 +308,9 @@ class DkimVerifier extends MessageParser {
|
|
|
305
308
|
}
|
|
306
309
|
|
|
307
310
|
let result = {
|
|
311
|
+
id: signatureHeader.parsed?.b?.value
|
|
312
|
+
? crypto.createHash('sha256').update(Buffer.from(signatureHeader.parsed?.b?.value, 'base64')).digest('hex')
|
|
313
|
+
: uuidv4(),
|
|
308
314
|
signingDomain: signatureHeader.signingDomain,
|
|
309
315
|
selector: signatureHeader.selector,
|
|
310
316
|
signature: signatureHeader.parsed?.b?.value,
|
|
@@ -331,6 +337,9 @@ class DkimVerifier extends MessageParser {
|
|
|
331
337
|
if (typeof signatureHeader.maxBodyLength === 'number') {
|
|
332
338
|
result.canonBodyLengthLimited = true;
|
|
333
339
|
result.canonBodyLengthLimit = signatureHeader.maxBodyLength;
|
|
340
|
+
if (result.canonBodyLengthTotal > result.canonBodyLength) {
|
|
341
|
+
status.overSized = result.canonBodyLengthTotal - result.canonBodyLength;
|
|
342
|
+
}
|
|
334
343
|
} else {
|
|
335
344
|
result.canonBodyLengthLimited = false;
|
|
336
345
|
}
|
package/lib/dmarc/verify.js
CHANGED
|
@@ -101,8 +101,8 @@ const verifyDmarc = async opts => {
|
|
|
101
101
|
rr: dmarcRecord.rr,
|
|
102
102
|
|
|
103
103
|
alignment: {
|
|
104
|
-
spf: { result: spfAlignment, strict: dmarcRecord.aspf === 's' },
|
|
105
|
-
dkim: { result: dkimAlignment, strict: dmarcRecord.adkim === 's' }
|
|
104
|
+
spf: { result: spfAlignment?.domain, strict: dmarcRecord.aspf === 's' },
|
|
105
|
+
dkim: { result: dkimAlignment?.domain, strict: dmarcRecord.adkim === 's', overSized: dkimAlignment?.overSized }
|
|
106
106
|
}
|
|
107
107
|
});
|
|
108
108
|
};
|
package/lib/mailauth.js
CHANGED
|
@@ -119,7 +119,14 @@ const authenticate = async (input, opts) => {
|
|
|
119
119
|
dmarcResult = await dmarc({
|
|
120
120
|
headerFrom: dkimResult.headerFrom,
|
|
121
121
|
spfDomains: [].concat((spfResult && spfResult.status.result === 'pass' && spfResult.domain) || []),
|
|
122
|
-
dkimDomains: (dkimResult.results || [])
|
|
122
|
+
dkimDomains: (dkimResult.results || [])
|
|
123
|
+
.filter(r => r.status.result === 'pass')
|
|
124
|
+
.map(r => ({
|
|
125
|
+
id: r.id,
|
|
126
|
+
domain: r.signingDomain,
|
|
127
|
+
aligned: r.status.aligned,
|
|
128
|
+
overSized: r.status.overSized
|
|
129
|
+
})),
|
|
123
130
|
arcResult,
|
|
124
131
|
resolver: opts.resolver
|
|
125
132
|
});
|
package/lib/tools.js
CHANGED
|
@@ -398,6 +398,10 @@ const formatAuthHeaderRow = (method, status) => {
|
|
|
398
398
|
|
|
399
399
|
parts.push(`${method}=${status.result || 'none'}`);
|
|
400
400
|
|
|
401
|
+
if (status.overSized) {
|
|
402
|
+
parts.push(`(${escapeCommentValue(`oversized signature ${status.overSized}B`)})`);
|
|
403
|
+
}
|
|
404
|
+
|
|
401
405
|
if (status.comment) {
|
|
402
406
|
parts.push(`(${escapeCommentValue(status.comment)})`);
|
|
403
407
|
}
|
|
@@ -443,23 +447,32 @@ const formatDomain = domain => {
|
|
|
443
447
|
};
|
|
444
448
|
|
|
445
449
|
const getAlignment = (fromDomain, domainList, strict) => {
|
|
446
|
-
domainList = []
|
|
450
|
+
domainList = []
|
|
451
|
+
.concat(domainList || [])
|
|
452
|
+
.map(entry => {
|
|
453
|
+
if (typeof entry === 'string') {
|
|
454
|
+
return { domain: entry };
|
|
455
|
+
}
|
|
456
|
+
return entry;
|
|
457
|
+
})
|
|
458
|
+
.sort((a, b) => (a.overSized || 0) - (b.overSized || 0));
|
|
459
|
+
|
|
447
460
|
if (strict) {
|
|
448
461
|
fromDomain = formatDomain(fromDomain);
|
|
449
|
-
for (let
|
|
450
|
-
domain = formatDomain(psl.get(domain) || domain);
|
|
462
|
+
for (let entry of domainList) {
|
|
463
|
+
let domain = formatDomain(psl.get(entry.domain) || entry.domain);
|
|
451
464
|
if (formatDomain(domain) === fromDomain) {
|
|
452
|
-
return
|
|
465
|
+
return entry;
|
|
453
466
|
}
|
|
454
467
|
}
|
|
455
468
|
}
|
|
456
469
|
|
|
457
470
|
// match org domains
|
|
458
471
|
fromDomain = formatDomain(psl.get(fromDomain) || fromDomain);
|
|
459
|
-
for (let
|
|
460
|
-
domain = formatDomain(psl.get(domain) || domain);
|
|
472
|
+
for (let entry of domainList) {
|
|
473
|
+
let domain = formatDomain(psl.get(entry.domain) || entry.domain);
|
|
461
474
|
if (domain === fromDomain) {
|
|
462
|
-
return
|
|
475
|
+
return entry;
|
|
463
476
|
}
|
|
464
477
|
}
|
|
465
478
|
|
package/man/mailauth.1
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mailauth",
|
|
3
|
-
"version": "4.6.
|
|
3
|
+
"version": "4.6.2",
|
|
4
4
|
"description": "Email authentication library for Node.js",
|
|
5
5
|
"main": "lib/mailauth.js",
|
|
6
6
|
"scripts": {
|
|
@@ -56,6 +56,7 @@
|
|
|
56
56
|
"psl": "1.9.0",
|
|
57
57
|
"punycode": "2.3.1",
|
|
58
58
|
"undici": "5.28.2",
|
|
59
|
+
"uuid": "9.0.1",
|
|
59
60
|
"yargs": "17.7.2"
|
|
60
61
|
},
|
|
61
62
|
"engines": {
|