mailauth 4.6.1 → 4.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/CHANGELOG.md +15 -4
  2. package/LICENSE.txt +1 -1
  3. package/README.md +1 -1
  4. package/lib/bimi/index.js +7 -0
  5. package/lib/dkim/dkim-verifier.js +10 -1
  6. package/lib/dmarc/verify.js +2 -2
  7. package/lib/mailauth.js +8 -1
  8. package/lib/tools.js +20 -7
  9. package/man/mailauth.1 +2 -2
  10. package/man/man.md +1 -1
  11. package/package.json +3 -2
package/CHANGELOG.md CHANGED
@@ -1,15 +1,26 @@
1
1
  # Changelog
2
2
 
3
- ## [4.6.1](https://github.com/postalsys/mailauth/compare/v4.6.0...v4.6.1) (2024-01-24)
3
+ ## [4.6.3](https://github.com/postalsys/mailauth/compare/v4.6.2...v4.6.3) (2024-01-26)
4
4
 
5
5
 
6
6
  ### Bug Fixes
7
7
 
8
- * **dkim-verify:** Show the length of the source body in DKIM results ([d28663b](https://github.com/postalsys/mailauth/commit/d28663b30b0bfaf07d395e9d3eaea044c9085657))
8
+ * bumped 2022 in copyright notices to 2024 ([cc89823](https://github.com/postalsys/mailauth/commit/cc8982349d14b42a28581ebc52aa6de2e11b5be8))
9
9
 
10
- ## [4.6.0](https://github.com/postalsys/mailauth/compare/v4.5.2...v4.6.0) (2023-11-02)
10
+ ## [4.6.2](https://github.com/postalsys/mailauth/compare/v4.6.1...v4.6.2) (2024-01-25)
11
+
12
+ ### Bug Fixes
13
+
14
+ - **bimi:** skip bimi with undersized DKIM signatures ([d666d74](https://github.com/postalsys/mailauth/commit/d666d7476cbcae8b3161c78a7e737559ad112fd9))
11
15
 
16
+ ## [4.6.1](https://github.com/postalsys/mailauth/compare/v4.6.0...v4.6.1) (2024-01-24)
17
+
18
+ ### Bug Fixes
19
+
20
+ - **dkim-verify:** Show the length of the source body in DKIM results ([d28663b](https://github.com/postalsys/mailauth/commit/d28663b30b0bfaf07d395e9d3eaea044c9085657))
21
+
22
+ ## [4.6.0](https://github.com/postalsys/mailauth/compare/v4.5.2...v4.6.0) (2023-11-02)
12
23
 
13
24
  ### Features
14
25
 
15
- * **deploy:** Set up automatic publishing ([f9b9c32](https://github.com/postalsys/mailauth/commit/f9b9c325e4dbac060114aa12c5887ea8c92c0bf8))
26
+ - **deploy:** Set up automatic publishing ([f9b9c32](https://github.com/postalsys/mailauth/commit/f9b9c325e4dbac060114aa12c5887ea8c92c0bf8))
package/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2020-2022 Postal Systems OÜ
1
+ Copyright (c) 2020-2024 Postal Systems OÜ
2
2
 
3
3
  Permission is hereby granted, free of charge, to any person obtaining a copy
4
4
  of this software and associated documentation files (the "Software"), to deal
package/README.md CHANGED
@@ -470,6 +470,6 @@ const { authenticate } = require('mailauth');
470
470
 
471
471
  ## License
472
472
 
473
- © 2020-2022 Postal Systems OÜ
473
+ © 2020-2024 Postal Systems OÜ
474
474
 
475
475
  Licensed under MIT license
package/lib/bimi/index.js CHANGED
@@ -51,6 +51,13 @@ const lookup = async data => {
51
51
  return response;
52
52
  }
53
53
 
54
+ if (dmarc.alignment?.dkim?.underSized) {
55
+ response.status.result = 'skipped';
56
+ response.status.comment = 'undersized DKIM signature';
57
+ response.info = formatAuthHeaderRow('bimi', response.status);
58
+ return response;
59
+ }
60
+
54
61
  const authorDomain = dmarc.status?.header?.from;
55
62
  const orgDomain = dmarc.domain;
56
63
 
package/lib/dkim/dkim-verifier.js CHANGED
@@ -7,6 +7,7 @@ const { generateCanonicalizedHeader } = require('./header');
7
7
  const { getARChain } = require('../arc');
8
8
  const addressparser = require('nodemailer/lib/addressparser');
9
9
  const crypto = require('crypto');
10
+ const { v4: uuidv4 } = require('uuid');
10
11
 
11
12
  class DkimVerifier extends MessageParser {
12
13
  constructor(options) {
@@ -204,7 +205,9 @@ class DkimVerifier extends MessageParser {
204
205
  };
205
206
 
206
207
  if (signatureHeader.type === 'DKIM' && this.headerFrom?.length) {
207
- status.aligned = this.headerFrom?.length ? getAlignment(this.headerFrom[0].split('@').pop(), [signatureHeader.signingDomain]) : false;
208
+ status.aligned = this.headerFrom?.length
209
+ ? getAlignment(this.headerFrom[0].split('@').pop(), [signatureHeader.signingDomain])?.domain || false
210
+ : false;
208
211
  }
209
212
 
210
213
  let bodyHash = this.bodyHashes.get(signatureHeader.bodyHashKey)?.hash;
@@ -305,6 +308,9 @@ class DkimVerifier extends MessageParser {
305
308
  }
306
309
 
307
310
  let result = {
311
+ id: signatureHeader.parsed?.b?.value
312
+ ? crypto.createHash('sha256').update(Buffer.from(signatureHeader.parsed?.b?.value, 'base64')).digest('hex')
313
+ : uuidv4(),
308
314
  signingDomain: signatureHeader.signingDomain,
309
315
  selector: signatureHeader.selector,
310
316
  signature: signatureHeader.parsed?.b?.value,
@@ -331,6 +337,9 @@ class DkimVerifier extends MessageParser {
331
337
  if (typeof signatureHeader.maxBodyLength === 'number') {
332
338
  result.canonBodyLengthLimited = true;
333
339
  result.canonBodyLengthLimit = signatureHeader.maxBodyLength;
340
+ if (result.canonBodyLengthTotal > result.canonBodyLength) {
341
+ status.underSized = result.canonBodyLengthTotal - result.canonBodyLength;
342
+ }
334
343
  } else {
335
344
  result.canonBodyLengthLimited = false;
336
345
  }
package/lib/dmarc/verify.js CHANGED
@@ -101,8 +101,8 @@ const verifyDmarc = async opts => {
101
101
  rr: dmarcRecord.rr,
102
102
 
103
103
  alignment: {
104
- spf: { result: spfAlignment, strict: dmarcRecord.aspf === 's' },
105
- dkim: { result: dkimAlignment, strict: dmarcRecord.adkim === 's' }
104
+ spf: { result: spfAlignment?.domain, strict: dmarcRecord.aspf === 's' },
105
+ dkim: { result: dkimAlignment?.domain, strict: dmarcRecord.adkim === 's', underSized: dkimAlignment?.underSized }
106
106
  }
107
107
  });
108
108
  };
package/lib/mailauth.js CHANGED
@@ -119,7 +119,14 @@ const authenticate = async (input, opts) => {
119
119
  dmarcResult = await dmarc({
120
120
  headerFrom: dkimResult.headerFrom,
121
121
  spfDomains: [].concat((spfResult && spfResult.status.result === 'pass' && spfResult.domain) || []),
122
- dkimDomains: (dkimResult.results || []).filter(r => r.status.result === 'pass').map(r => r.signingDomain),
122
+ dkimDomains: (dkimResult.results || [])
123
+ .filter(r => r.status.result === 'pass')
124
+ .map(r => ({
125
+ id: r.id,
126
+ domain: r.signingDomain,
127
+ aligned: r.status.aligned,
128
+ underSized: r.status.underSized
129
+ })),
123
130
  arcResult,
124
131
  resolver: opts.resolver
125
132
  });
package/lib/tools.js CHANGED
@@ -398,6 +398,10 @@ const formatAuthHeaderRow = (method, status) => {
398
398
 
399
399
  parts.push(`${method}=${status.result || 'none'}`);
400
400
 
401
+ if (status.underSized) {
402
+ parts.push(`(${escapeCommentValue(`undersized signature: ${status.underSized}`)})`);
403
+ }
404
+
401
405
  if (status.comment) {
402
406
  parts.push(`(${escapeCommentValue(status.comment)})`);
403
407
  }
@@ -443,23 +447,32 @@ const formatDomain = domain => {
443
447
  };
444
448
 
445
449
  const getAlignment = (fromDomain, domainList, strict) => {
446
- domainList = [].concat(domainList || []);
450
+ domainList = []
451
+ .concat(domainList || [])
452
+ .map(entry => {
453
+ if (typeof entry === 'string') {
454
+ return { domain: entry };
455
+ }
456
+ return entry;
457
+ })
458
+ .sort((a, b) => (a.underSized || 0) - (b.underSized || 0));
459
+
447
460
  if (strict) {
448
461
  fromDomain = formatDomain(fromDomain);
449
- for (let domain of domainList) {
450
- domain = formatDomain(psl.get(domain) || domain);
462
+ for (let entry of domainList) {
463
+ let domain = formatDomain(psl.get(entry.domain) || entry.domain);
451
464
  if (formatDomain(domain) === fromDomain) {
452
- return domain;
465
+ return entry;
453
466
  }
454
467
  }
455
468
  }
456
469
 
457
470
  // match org domains
458
471
  fromDomain = formatDomain(psl.get(fromDomain) || fromDomain);
459
- for (let domain of domainList) {
460
- domain = formatDomain(psl.get(domain) || domain);
472
+ for (let entry of domainList) {
473
+ let domain = formatDomain(psl.get(entry.domain) || entry.domain);
461
474
  if (domain === fromDomain) {
462
- return domain;
475
+ return entry;
463
476
  }
464
477
  }
465
478
 
package/man/mailauth.1 CHANGED
@@ -1,4 +1,4 @@
1
- .TH "MAILAUTH" "1" "January 2024" "v4.6.1" "Mailauth Help"
1
+ .TH "MAILAUTH" "1" "January 2024" "v4.6.3" "Mailauth Help"
2
2
  .SH "NAME"
3
3
  \fBmailauth\fR
4
4
  .QP
@@ -138,7 +138,7 @@ You can split longer TXT strings into multiple strings\. There is no length limi
138
138
  Please report any bugs to https://github\.com/postalsys/mailauth/issues\.
139
139
  .SH LICENSE
140
140
  .P
141
- Copyright (c) 2020\-2022, Postal Systems (MIT)\.
141
+ Copyright (c) 2020\-2024, Postal Systems (MIT)\.
142
142
  .SH SEE ALSO
143
143
  .P
144
144
  node\.js(1)
package/man/man.md CHANGED
@@ -133,7 +133,7 @@ Please report any bugs to https://github.com/postalsys/mailauth/issues.
133
133
 
134
134
  ## LICENSE
135
135
 
136
- Copyright (c) 2020-2022, Postal Systems (MIT).
136
+ Copyright (c) 2020-2024, Postal Systems (MIT).
137
137
 
138
138
  ## SEE ALSO
139
139
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mailauth",
3
- "version": "4.6.1",
3
+ "version": "4.6.3",
4
4
  "description": "Email authentication library for Node.js",
5
5
  "main": "lib/mailauth.js",
6
6
  "scripts": {
@@ -43,7 +43,7 @@
43
43
  "marked-man": "0.7.0",
44
44
  "mbox-reader": "1.1.5",
45
45
  "mocha": "10.2.0",
46
- "npm-check-updates": "16.14.12",
46
+ "npm-check-updates": "16.14.13",
47
47
  "pkg": "5.8.1"
48
48
  },
49
49
  "dependencies": {
@@ -56,6 +56,7 @@
56
56
  "psl": "1.9.0",
57
57
  "punycode": "2.3.1",
58
58
  "undici": "5.28.2",
59
+ "uuid": "9.0.1",
59
60
  "yargs": "17.7.2"
60
61
  },
61
62
  "engines": {