From 3b9e2ebd1c6929241d299494652d6b76093b3ab1 Mon Sep 17 00:00:00 2001
From: Christopher Vollick <0@psycoti.ca>
Date: Mon, 30 Jan 2023 15:24:30 -0500
Subject: [PATCH] Change Spam header to Authentication Status header

The way I'm running it is before spam assassin runs right now, but after
opendkim, so instead I just use that status as authoritative.

I've left the Spam Assassin code in there but just commented out for
now, because I may turn it back on later, etc.
---
 lib/interac_email.rb | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/lib/interac_email.rb b/lib/interac_email.rb
index b7212529f9295b2186fc924ce30c4afcf011fcf4..b12b045da6a9444f56d0d58a5c3b0c9f33c85ac9 100644
--- a/lib/interac_email.rb
+++ b/lib/interac_email.rb
@@ -20,6 +20,9 @@ class InteracEmail
 
 		NoSpam = err "No Spam Status"
 		BadSPF = err "Don't trust SPF"
+		NoAuth = err "Authentication header missing"
+		BadAuth = err "Authentication header isn't a pass"
+		BadDomain = err "Authentication header isn't for the right domain"
 		BadDKIM = err "Don't trust DKIM"
 		NoDKIM = err "No DKIM Signature somehow..."
 		WrongDKIM = err "DKIM Signature is for a different domain"
@@ -94,7 +97,8 @@ class InteracEmail
 		end
 
 		def ensure_safe
-			ensure_spam_checks
+			# ensure_spam_checks
+			ensure_authentication_header
 			ensure_dkim
 		end
 
@@ -114,6 +118,20 @@ class InteracEmail
 			raise Error::BadDKIM, @m unless spam.include?("DKIM_VALID_AU")
 		end
 
+		def authentication_header
+			@m["Authentication-Results"]&.value
+		end
+
+		HEADER_REGEX = /\sheader.d=payments.interac.ca\s/.freeze
+
+		def ensure_authentication_header
+			auth = authentication_header
+
+			raise Error::NoAuth, @m unless auth
+			raise Error::BadAuth, @m unless auth =~ /\sdkim=pass\s/
+			raise Error::BadDomain, @m unless auth =~ HEADER_REGEX
+		end
+
 		def dkim_header
 			@m["DKIM-Signature"]
 				&.value