Commit
+10 -14 +/-2 browse
1 | diff --git a/CHANGELOG.md b/CHANGELOG.md |
2 | index 7e67244..38119a1 100644 |
3 | --- a/CHANGELOG.md |
4 | +++ b/CHANGELOG.md |
5 | @@ -1,3 +1,7 @@ |
6 | + mail-auth 0.5.0 |
7 | + ================================ |
8 | + - Fix: Use public suffix list for DMARC relaxed alignment verification (#37) |
9 | + |
10 | mail-auth 0.4.3 |
11 | ================================ |
12 | - Fix: Domain name length check in SPF verification (#34) |
13 | diff --git a/src/dmarc/verify.rs b/src/dmarc/verify.rs |
14 | index 6377716..5f84969 100644 |
15 | --- a/src/dmarc/verify.rs |
16 | +++ b/src/dmarc/verify.rs |
17 | @@ -68,14 +68,12 @@ impl Resolver { |
18 | let has_dkim_pass = dkim_output.iter().any(|o| o.result == DkimResult::Pass); |
19 | if spf_output.result == SpfResult::Pass || has_dkim_pass { |
20 | // Check SPF alignment |
21 | - let from_subdomain = format!(".{}", domain_suffix_fn(rfc5322_from_domain)); |
22 | + let rfc5322_from_subdomain = domain_suffix_fn(rfc5322_from_domain); |
23 | if spf_output.result == SpfResult::Pass { |
24 | output.spf_result = if rfc5321_mail_from_domain == rfc5322_from_domain { |
25 | DmarcResult::Pass |
26 | } else if dmarc.aspf == Alignment::Relaxed |
27 | - && rfc5321_mail_from_domain.ends_with(&from_subdomain) |
28 | - || rfc5322_from_domain |
29 | - .ends_with(&format!(".{}", domain_suffix_fn(rfc5321_mail_from_domain))) |
30 | + && domain_suffix_fn(rfc5321_mail_from_domain) == rfc5322_from_subdomain |
31 | { |
32 | output.policy = dmarc.sp; |
33 | DmarcResult::Pass |
34 | @@ -94,11 +92,8 @@ impl Resolver { |
35 | } else if dmarc.adkim == Alignment::Relaxed |
36 | && dkim_output.iter().any(|o| { |
37 | o.result == DkimResult::Pass |
38 | - && (o.signature.as_ref().unwrap().d.ends_with(&from_subdomain) |
39 | - || rfc5322_from_domain.ends_with(&format!( |
40 | - ".{}", |
41 | - domain_suffix_fn(&o.signature.as_ref().unwrap().d) |
42 | - ))) |
43 | + && domain_suffix_fn(&o.signature.as_ref().unwrap().d) |
44 | + == rfc5322_from_subdomain |
45 | }) |
46 | { |
47 | output.policy = dmarc.sp; |
48 | @@ -106,11 +101,8 @@ impl Resolver { |
49 | } else { |
50 | if dkim_output.iter().any(|o| { |
51 | o.result == DkimResult::Pass |
52 | - && (o.signature.as_ref().unwrap().d.ends_with(&from_subdomain) |
53 | - || rfc5322_from_domain.ends_with(&format!( |
54 | - ".{}", |
55 | - domain_suffix_fn(&o.signature.as_ref().unwrap().d) |
56 | - ))) |
57 | + && domain_suffix_fn(&o.signature.as_ref().unwrap().d) |
58 | + == rfc5322_from_subdomain |
59 | }) { |
60 | output.policy = dmarc.sp; |
61 | } |