diff options
author | Eric Wong <e@80x24.org> | 2014-05-21 15:22:49 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2014-05-21 15:22:49 +0000 |
commit | 6eb73a30e5a408d5d967827e734a5acdee19495c (patch) | |
tree | 95607484368931669062575ab3e867cb3c25230b /lib/PublicInbox/MDA.pm | |
parent | 8dc8b69c617550dc1a352861aee1eeca979c8317 (diff) | |
download | public-inbox-6eb73a30e5a408d5d967827e734a5acdee19495c.tar.gz |
We nuke DKIM headers because we modify headers and sometimes the body, which may invalidate the message. We'll also nuke whatever Mailman nukes from messages to avoid phishing and leaking information.
Diffstat (limited to 'lib/PublicInbox/MDA.pm')
-rw-r--r-- | lib/PublicInbox/MDA.pm | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/lib/PublicInbox/MDA.pm b/lib/PublicInbox/MDA.pm index 6a984b81..fe04ded9 100644 --- a/lib/PublicInbox/MDA.pm +++ b/lib/PublicInbox/MDA.pm @@ -58,14 +58,27 @@ sub alias_specified { return 0; } -# RFC2919 sub set_list_headers { my ($class, $simple, $dst) = @_; my $pa = $dst->{-primary_address}; - $simple->header_set("List-Id", "<$pa>"); - # prevent training loops - $simple->header_set('Delivered-To'); + $simple->header_set("List-Id", "<$pa>"); # RFC2919 + + # remove Delivered-To: prevent training loops + # The rest are taken from Mailman 2.1.15, some may be used for phishing + foreach my $h (qw(delivered-to approved approve x-approved x-approve + urgent return-receipt-to disposition-notification-to + x-confirm-reading-to x-pmrqc)) { + $simple->header_set($h); + } + + # Remove any "DomainKeys" (or similar) header lines. + # Any modifications (including List-Id) will cause a message + # to appear invalid + foreach my $h (qw(domainkey-signature dkim-signature + authentication-results)) { + $simple->header_set($h); + } } # returns a 3-element array: name, email, date |