def test_authenticate_dmarc(self):
msg = b"""DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=valimail.com; s=google2048;
h=mime-version:from:date:message-id:subject:to;
bh=3VWGQGY+cSNYd1MGM+X6hRXU0stl8JCaQtl4mbX/j2I=;
b=gntRk4rCVYIGkpO09ROkbs3n4YSIcp/Pi7tUnSIgs8uS+uZ2a77dG+/qlSvnk+mWET
IBrkt1YpDzev/0ITTDy/zgTHjPiQIFcg9Q+3hn3sTz8ExCyM8/YYgoPqSs3oUXn3jwXk
N/wpMuF29LTVp1gpkYzaoCDNPGd1Wag6Vh2lw65S7ruECCAdBm5XeSnvTOzIC0E/jmEt
3hvaPiKAohCAsC5JAN89EATPOjnYJL4Q6X6p2qUsusz/8tkHuYvReHmxQkjQ0/N3fPP0
6VfkIrPOHympq6qDUizbjiBmgiMWKnarrptblJvyt66/aIHx+QamP6LUA+/RUFY1q7TG
MSDg==
MIME-Version: 1.0
From: Gene Shuman <*****@*****.**>
Date: Wed, 25 Jan 2017 16:13:31 -0800
Message-ID: <CANtLugNVcUMfjVH22FN=+A6Y_Ss+QX_=GnJ3xGfDY1iuEbbuRA@mail.gmail.com>
Subject: Test
To: [email protected]
Content-Type: text/plain; charset=UTF-8
This is a test!
"""
res = authenticate_message(msg,
"example.com",
spf=False,
dnsfunc=self.dnsfunc)
self.assertEqual(
res,
"Authentication-Results: example.com; dkim=pass header.d=valimail.com; dmarc=pass header.from=valimail.com"
)
def test_authenticate_dmarc(self):
res = authenticate_message(self.message2,
"example.com",
spf=False,
dnsfunc=self.dnsfunc)
self.assertEqual(
res,
"Authentication-Results: example.com; dkim=pass header.d=example.com [email protected]; dmarc=pass (Used From Domain Record) header.from=example.com policy.dmarc=reject"
)
def test_authenticate_dkim(self):
from authheaders import authenticate_message
res = authenticate_message(self.message2,
"example.com",
spf=False,
dmarc=False,
dnsfunc=self.dnsfunc)
self.assertEqual(
res,
"Authentication-Results: example.com; dkim=pass header.d=example.com [email protected]"
)
def test_prev(self):
prev = "Authentication-Results: example.com; spf=pass smtp.mailfrom=gmail.com"
res = authenticate_message(self.message2,
"example.com",
prev=prev,
spf=False,
dmarc=False,
dnsfunc=self.dnsfunc)
self.assertEqual(
res,
"Authentication-Results: example.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass header.d=example.com [email protected]"
)
def test_chain_validation_fail(self):
msg = b"""MIME-Version: 1.0
Return-Path: <*****@*****.**>
ARC-Seal: a=rsa-sha256;
b=dOdFEyhrk/tw5wl3vMIogoxhaVsKJkrkEhnAcq2XqOLSQhPpGzhGBJzR7k1sWGokon3TmQ
7TX9zQLO6ikRpwd/pUswiRW5DBupy58fefuclXJAhErsrebfvfiueGyhHXV7C1LyJTztywzn
QGG4SCciU/FTlsJ0QANrnLRoadfps=; cv=none; d=example.org; i=1; s=dummy;
t=12345
ARC-Message-Signature: a=rsa-sha256;
b=QsRzR/UqwRfVLBc1TnoQomlVw5qi6jp08q8lHpBSl4RehWyHQtY3uOIAGdghDk/mO+/Xpm
9JA5UVrPyDV0f+2q/YAHuwvP11iCkBQkocmFvgTSxN8H+DwFFPrVVUudQYZV7UDDycXoM6UE
cdfzLLzVNPOAHEDIi/uzoV4sUqZ18=;
bh=KWSe46TZKCcDbH4klJPo+tjk5LWJnVRlP5pvjXFZYLQ=; c=relaxed/relaxed;
d=example.org; h=from:to:date:subject:mime-version:arc-authentication-results;
i=1; s=dummy; t=12345
ARC-Authentication-Results: i=1; lists.example.org;
spf=pass [email protected];
dkim=pass (1024-bit key) [email protected];
dmarc=pass
Received: from segv.d1.example (segv.d1.example [72.52.75.15])
by lists.example.org (8.14.5/8.14.5) with ESMTP id t0EKaNU9010123
for <*****@*****.**>; Thu, 14 Jan 2015 15:01:30 -0800 (PST)
(envelope-from [email protected])
Authentication-Results: lists.example.org;
spf=pass [email protected];
dkim=pass (1024-bit key) [email protected];
dmarc=pass
Received: by 10.157.14.6 with HTTP; Tue, 3 Jan 2017 12:22:54 -0800 (PST)
Message-ID: <*****@*****.**>
Date: Thu, 14 Jan 2015 15:00:01 -0800
From: John Q Doe <*****@*****.**>
To: [email protected]
Subject: Example 1
ey gang,
This is a test message.
--J.
"""
prev = "Authentication-Results: example.com; spf=pass smtp.mailfrom=gmail.com"
res = authenticate_message(msg,
"example.com",
prev=prev,
arc=True,
dkim=False,
spf=False,
dmarc=False,
dnsfunc=self.dnsfunc)
self.assertEqual(
res,
"Authentication-Results: example.com; spf=pass smtp.mailfrom=gmail.com; arc=fail header.d=example.org"
)
def test_authenticate_dmarc_np2(self):
self.maxDiff = None
res = authenticate_message(
self.message7,
"example.com",
prev=
'Authentication-Results: example.com; dkim=fail header.d=sub2.example.biz [email protected]',
spf=False,
dkim=False,
dnsfunc=self.dnsfunc)
self.assertEqual(
res,
"Authentication-Results: example.com; dkim=fail header.d=sub2.example.biz [email protected]; dmarc=fail (Used Org Domain Record) header.from=sub2.example.biz policy.dmarc=quarantine"
)
def test_authenticate_dmarc_sub(self):
self.maxDiff = None
res = authenticate_message(
self.message5,
"example.com",
prev=
'Authentication-Results: example.com; dkim=fail header.d=sub.example.net [email protected]',
spf=False,
dkim=False,
dnsfunc=self.dnsfunc)
self.assertEqual(
res,
"Authentication-Results: example.com; dkim=fail header.d=sub.example.net [email protected]; dmarc=fail (Used Org Domain Record) header.from=sub.example.net policy.dmarc=reject"
)
def test_authenticate_dmarc_mult_from2(self):
self.maxDiff = None
res = authenticate_message(
self.message4,
"example.com",
prev=
'Authentication-Results: example.com; dkim=fail header.d=example.com [email protected]; dkim=pass header.d=example.org [email protected]',
spf=False,
dkim=False,
dnsfunc=self.dnsfunc)
self.assertEqual(
res,
"Authentication-Results: example.com; dkim=fail header.d=example.com [email protected]; dkim=pass header.d=example.org [email protected]; dmarc=fail (Used From Domain Record) header.from=example.com policy.dmarc=reject"
)
def test_authenticate_dmarc_no_p(self):
self.maxDiff = None
res = authenticate_message(
self.message9,
"example.com",
prev=
'Authentication-Results: example.com; dkim=fail header.d=nop.example.org [email protected]',
spf=False,
dkim=False,
dnsfunc=self.dnsfunc)
self.assertEqual(
res,
"Authentication-Results: example.com; dkim=fail header.d=nop.example.org [email protected]; dmarc=none"
)
def main():
if len(sys.argv) < 3:
print("Usage: authenticate-message.py authservId ip mailFrom helo",
file=sys.stderr)
sys.exit(1)
if sys.version_info[0] >= 3:
# Make sys.stdin and stdout binary streams.
sys.stdin = sys.stdin.detach()
sys.stdout = sys.stdout.detach()
authservId = sys.argv[1]
ip = sys.argv[2]
mailFrom = sys.argv[3]
message = sys.stdin.read()
#try:
if len(sys.argv) == 5:
helo = sys.argv[4]
header = authheaders.authenticate_message(msg=message,
authserv_id=authservId,
ip=ip,
mail_from=mailFrom,
helo=helo,
spf=True,
dkim=True,
arc=True)
else:
header = authheaders.authenticate_message(msg=message,
authserv_id=authservId,
ip=ip,
mail_from=mailFrom,
spf=True,
dkim=True,
arc=True)
sys.stdout.write(header.encode('utf8'))
def authenticate(msg, msgdata):
"""ARC verify a message and update the Authentication-Results header.
If there is a previous Authentication-Results, remove that and add a
new one.
"""
prev = trusted_auth_res(msg)
auth_result = authenticate_message(
msg.as_bytes(),
config.arc.authserv_id,
prev=prev,
spf=False, # cant spf check in mailman
dkim=config.arc.dkim_enabled,
dmarc=config.arc.dmarc_enabled,
arc=True,
dnsfunc=dnsfunc)
if AUTH_RESULT_HEADER in msg:
del msg[AUTH_RESULT_HEADER]
auth_result = auth_result.split(':', 1)[1].strip()
prepend_headers(msg, [(AUTH_RESULT_HEADER, auth_result)])
# 1. The origin of this software must not be misrepresented; you must not
# claim that you wrote the original software. If you use this software
# in a product, an acknowledgment in the product documentation would be
# appreciated but is not required.
# 2. Altered source versions must be plainly marked as such, and must not be
# misrepresented as being the original software.
# 3. This notice may not be removed or altered from any source distribution.
#
# Copyright (c) 2017 Valimail Inc
# Contact: Gene Shuman <*****@*****.**>
#
import sys
from authheaders import authenticate_message
if len(sys.argv) != 5:
print("Usage: authenticate_message.py authserv_id ip mail_from helo")
sys.exit(1)
if sys.version_info[0] >= 3:
# Make sys.stdin a binary stream.
sys.stdin = sys.stdin.detach()
message = sys.stdin.read()
res = authenticate_message(message, sys.argv[1], ip=sys.argv[2], mail_from=sys.argv[3], helo=sys.argv[4])
for line in res:
sys.stdout.write(line)
sys.stdout.write("\n")
