Commit
Author: mdecimus [mauro@stalw.art]
Hash: 5b57af6740ffff75e6a230f69e2d2d27878a49a8
Timestamp: Fri, 09 Aug 2024 09:09:52 +0000 (2 months ago)

+10 -14 +/-2 browse
v0.5.0
1diff --git a/CHANGELOG.md b/CHANGELOG.md
2index 7e67244..38119a1 100644
3--- a/CHANGELOG.md
4+++ b/CHANGELOG.md
5 @@ -1,3 +1,7 @@
6+ mail-auth 0.5.0
7+ ================================
8+ - Fix: Use public suffix list for DMARC relaxed alignment verification (#37)
9+
10 mail-auth 0.4.3
11 ================================
12 - Fix: Domain name length check in SPF verification (#34)
13 diff --git a/src/dmarc/verify.rs b/src/dmarc/verify.rs
14index 6377716..5f84969 100644
15--- a/src/dmarc/verify.rs
16+++ b/src/dmarc/verify.rs
17 @@ -68,14 +68,12 @@ impl Resolver {
18 let has_dkim_pass = dkim_output.iter().any(|o| o.result == DkimResult::Pass);
19 if spf_output.result == SpfResult::Pass || has_dkim_pass {
20 // Check SPF alignment
21- let from_subdomain = format!(".{}", domain_suffix_fn(rfc5322_from_domain));
22+ let rfc5322_from_subdomain = domain_suffix_fn(rfc5322_from_domain);
23 if spf_output.result == SpfResult::Pass {
24 output.spf_result = if rfc5321_mail_from_domain == rfc5322_from_domain {
25 DmarcResult::Pass
26 } else if dmarc.aspf == Alignment::Relaxed
27- && rfc5321_mail_from_domain.ends_with(&from_subdomain)
28- || rfc5322_from_domain
29- .ends_with(&format!(".{}", domain_suffix_fn(rfc5321_mail_from_domain)))
30+ && domain_suffix_fn(rfc5321_mail_from_domain) == rfc5322_from_subdomain
31 {
32 output.policy = dmarc.sp;
33 DmarcResult::Pass
34 @@ -94,11 +92,8 @@ impl Resolver {
35 } else if dmarc.adkim == Alignment::Relaxed
36 && dkim_output.iter().any(|o| {
37 o.result == DkimResult::Pass
38- && (o.signature.as_ref().unwrap().d.ends_with(&from_subdomain)
39- || rfc5322_from_domain.ends_with(&format!(
40- ".{}",
41- domain_suffix_fn(&o.signature.as_ref().unwrap().d)
42- )))
43+ && domain_suffix_fn(&o.signature.as_ref().unwrap().d)
44+ == rfc5322_from_subdomain
45 })
46 {
47 output.policy = dmarc.sp;
48 @@ -106,11 +101,8 @@ impl Resolver {
49 } else {
50 if dkim_output.iter().any(|o| {
51 o.result == DkimResult::Pass
52- && (o.signature.as_ref().unwrap().d.ends_with(&from_subdomain)
53- || rfc5322_from_domain.ends_with(&format!(
54- ".{}",
55- domain_suffix_fn(&o.signature.as_ref().unwrap().d)
56- )))
57+ && domain_suffix_fn(&o.signature.as_ref().unwrap().d)
58+ == rfc5322_from_subdomain
59 }) {
60 output.policy = dmarc.sp;
61 }