From 552fe0f43e66f427cfadbf4818eee16d928d8967 Mon Sep 17 00:00:00 2001 From: link2xt Date: Wed, 29 Jan 2025 00:01:51 +0000 Subject: [PATCH] Replace subject with [...] for outgoing mail `authclean` cleanup server is used by reinjecting smtpd running on localhost:10025 by default. It runs after filtermail and currently removes `Received` header to avoid leaking IP address. Can as well be used to replace `Subject` lines with `Subject: [...]`. If there are multiple `Subject` lines, all of them should be replaced. This allows us to avoid dealing with localized subjects, including SecureJoin messages `vc-request` and `vg-request` which can have Subject lines like Subject: =?utf-8?q?Nachricht_von_nrn178fi4=40nine=2Etestrun=2Eorg?= --- CHANGELOG.md | 3 + .../chatmaild/common_encrypted_subjects.py | 59 ------------------- chatmaild/src/chatmaild/filtermail.py | 3 - .../src/chatmaild/tests/test_filtermail.py | 20 +++---- .../postfix/submission_header_cleanup | 1 + 5 files changed, 11 insertions(+), 75 deletions(-) delete mode 100644 chatmaild/src/chatmaild/common_encrypted_subjects.py diff --git a/CHANGELOG.md b/CHANGELOG.md index f5c13806..c0a1bf8a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ - improve secure-join message detection ([#473](https://github.com/deltachat/chatmail/pull/473)) +- replace `Subject` with `[...]` for all outgoing mails. + ([#481](https://github.com/deltachat/chatmail/pull/481)) + ## 1.5.0 2024-12-20 - cmdeploy dns: always show recommended DNS records diff --git a/chatmaild/src/chatmaild/common_encrypted_subjects.py b/chatmaild/src/chatmaild/common_encrypted_subjects.py deleted file mode 100644 index b693a522..00000000 --- a/chatmaild/src/chatmaild/common_encrypted_subjects.py +++ /dev/null @@ -1,59 +0,0 @@ -"""Generated from deltachat, draft-ietf-lamps-header-protection, and -encrypted_subject localizations in -https://github.com/thunderbird/thunderbird-android/ - -""" - -common_encrypted_subjects = { - "...", - "[...]", - "암호화된 메시지", - "Ĉifrita mesaĝo", - "Courriel chiffré", - "Dulrituð skilaboð", - "Encrypted Message", - "Fersifere berjocht", - "Kemennadenn enrineget", - "Krüptitud kiri", - "Krypterat meddelande", - "Krypteret besked", - "Kryptert melding", - "Mensagem criptografada", - "Mensagem encriptada", - "Mensaje cifrado", - "Mensaxe cifrada", - "Mesaj Criptat", - "Mesazh i Fshehtëzuar", - "Messaggio criptato", - "Messaghju cifratu", - "Missatge encriptat", - "Neges wedi'i Hamgryptio", - "Pesan terenkripsi", - "Salattu viesti", - "Şifreli İleti", - "Šifrēta ziņa", - "Šifrirana poruka", - "Šifrirano sporočilo", - "Šifruotas laiškas", - "Tin nhắn được mã hóa", - "Titkosított üzenet", - "Verschlüsselte Nachricht", - "Versleuteld bericht", - "Zašifrovaná zpráva", - "Zaszyfrowana wiadomość", - "Zifratu mezua", - "Κρυπτογραφημένο μήνυμα", - "Зашифроване повідомлення", - "Зашифрованное сообщение", - "Зашыфраваны ліст", - "Криптирано съобщение", - "Шифрована порука", - "დაშიფრული წერილი", - "הודעה מוצפנת", - "پیام رمزنگاری‌شده", - "رسالة مشفّرة", - "എൻക്രിപ്റ്റുചെയ്‌ത സന്ദേശം", - "加密邮件", - "已加密的訊息", - "暗号化されたメッセージ", -} diff --git a/chatmaild/src/chatmaild/filtermail.py b/chatmaild/src/chatmaild/filtermail.py index fcbb9c0b..38cfb578 100644 --- a/chatmaild/src/chatmaild/filtermail.py +++ b/chatmaild/src/chatmaild/filtermail.py @@ -12,7 +12,6 @@ from aiosmtpd.controller import Controller -from .common_encrypted_subjects import common_encrypted_subjects from .config import read_config @@ -128,8 +127,6 @@ def check_encrypted(message): """ if not message.is_multipart(): return False - if message.get("subject") not in common_encrypted_subjects: - return False if message.get_content_type() != "multipart/encrypted": return False parts_count = 0 diff --git a/chatmaild/src/chatmaild/tests/test_filtermail.py b/chatmaild/src/chatmaild/tests/test_filtermail.py index 989378c4..24d5cad7 100644 --- a/chatmaild/src/chatmaild/tests/test_filtermail.py +++ b/chatmaild/src/chatmaild/tests/test_filtermail.py @@ -5,7 +5,6 @@ SendRateLimiter, check_armored_payload, check_encrypted, - common_encrypted_subjects, is_securejoin, ) @@ -71,18 +70,13 @@ def test_filtermail_securejoin_detection(maildata): def test_filtermail_encryption_detection(maildata): - for subject in common_encrypted_subjects: - msg = maildata( - "encrypted.eml", - from_addr="1@example.org", - to_addr="2@example.org", - subject=subject, - ) - assert check_encrypted(msg) - - # if the subject is not a known encrypted subject value, it is not considered ac-encrypted - msg.replace_header("Subject", "Click this link") - assert not check_encrypted(msg) + msg = maildata( + "encrypted.eml", + from_addr="1@example.org", + to_addr="2@example.org", + subject="Subject does not matter, will be replaced anyway", + ) + assert check_encrypted(msg) def test_filtermail_no_literal_packets(maildata): diff --git a/cmdeploy/src/cmdeploy/postfix/submission_header_cleanup b/cmdeploy/src/cmdeploy/postfix/submission_header_cleanup index 6439329f..0eedad9d 100644 --- a/cmdeploy/src/cmdeploy/postfix/submission_header_cleanup +++ b/cmdeploy/src/cmdeploy/postfix/submission_header_cleanup @@ -2,3 +2,4 @@ /^X-Originating-IP:/ IGNORE /^X-Mailer:/ IGNORE /^User-Agent:/ IGNORE +/^Subject:/ REPLACE Subject: [...]