about summary refs log tree commit homepage
path: root/lib/PublicInbox/MDA.pm
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2014-05-21 15:22:49 +0000
committerEric Wong <e@80x24.org>2014-05-21 15:22:49 +0000
commit6eb73a30e5a408d5d967827e734a5acdee19495c (patch)
tree95607484368931669062575ab3e867cb3c25230b /lib/PublicInbox/MDA.pm
parent8dc8b69c617550dc1a352861aee1eeca979c8317 (diff)
downloadpublic-inbox-6eb73a30e5a408d5d967827e734a5acdee19495c.tar.gz
We nuke DKIM headers because we modify headers and sometimes the
body, which may invalidate the message.  We'll also nuke whatever
Mailman nukes from messages to avoid phishing and leaking
information.
Diffstat (limited to 'lib/PublicInbox/MDA.pm')
-rw-r--r--lib/PublicInbox/MDA.pm21
1 files changed, 17 insertions, 4 deletions
diff --git a/lib/PublicInbox/MDA.pm b/lib/PublicInbox/MDA.pm
index 6a984b81..fe04ded9 100644
--- a/lib/PublicInbox/MDA.pm
+++ b/lib/PublicInbox/MDA.pm
@@ -58,14 +58,27 @@ sub alias_specified {
         return 0;
 }
 
-# RFC2919
 sub set_list_headers {
         my ($class, $simple, $dst) = @_;
         my $pa = $dst->{-primary_address};
-        $simple->header_set("List-Id", "<$pa>");
 
-        # prevent training loops
-        $simple->header_set('Delivered-To');
+        $simple->header_set("List-Id", "<$pa>"); # RFC2919
+
+        # remove Delivered-To: prevent training loops
+        # The rest are taken from Mailman 2.1.15, some may be used for phishing
+        foreach my $h (qw(delivered-to approved approve x-approved x-approve
+                        urgent return-receipt-to disposition-notification-to
+                        x-confirm-reading-to x-pmrqc)) {
+                $simple->header_set($h);
+        }
+
+        # Remove any "DomainKeys" (or similar) header lines.
+        # Any modifications (including List-Id) will cause a message
+        # to appear invalid
+        foreach my $h (qw(domainkey-signature dkim-signature
+                        authentication-results)) {
+                $simple->header_set($h);
+        }
 }
 
 # returns a 3-element array: name, email, date