Change Spam header to Authentication Status header
Christopher Vollick
created 3 years ago
The way I'm running it is before spam assassin runs right now, but after
opendkim, so instead I just use that status as authoritative.
I've left the Spam Assassin code in there but just commented out for
now, because I may turn it back on later, etc.
Change summary
lib/interac_email.rb | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
Detailed changes
@@ -20,6 +20,9 @@ class InteracEmail
NoSpam = err "No Spam Status"
BadSPF = err "Don't trust SPF"
+ NoAuth = err "Authentication header missing"
+ BadAuth = err "Authentication header isn't a pass"
+ BadDomain = err "Authentication header isn't for the right domain"
BadDKIM = err "Don't trust DKIM"
NoDKIM = err "No DKIM Signature somehow..."
WrongDKIM = err "DKIM Signature is for a different domain"
@@ -94,7 +97,8 @@ class InteracEmail
end
def ensure_safe
- ensure_spam_checks
+ # ensure_spam_checks
+ ensure_authentication_header
ensure_dkim
end
@@ -114,6 +118,20 @@ class InteracEmail
raise Error::BadDKIM, @m unless spam.include?("DKIM_VALID_AU")
end
+ def authentication_header
+ @m["Authentication-Results"]&.value
+ end
+
+ HEADER_REGEX = /\sheader.d=payments.interac.ca\s/.freeze
+
+ def ensure_authentication_header
+ auth = authentication_header
+
+ raise Error::NoAuth, @m unless auth
+ raise Error::BadAuth, @m unless auth =~ /\sdkim=pass\s/
+ raise Error::BadDomain, @m unless auth =~ HEADER_REGEX
+ end
+
def dkim_header
@m["DKIM-Signature"]
&.value