infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-12 17:04:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

add config option to an account destination to reject messages that don't pass a dmarc-like aligned spf/aligned dkim check

Browse Source 
intended for automated processors that don't want to send messages to senders
without verified domains (because the address may be forged, and the processor
doesn't want to bother innocent bystanders).

such delivery attempts will fail with a permanent error immediately, typically
resulting in a DSN message to the original sender. the configurable error
message will normally be included in the DSN, so it could have alternative
instructions.
This commit is contained in:
Mechiel Lukkien
2025-02-15 17:32:31 +01:00
parent f33870ba85
commit 6da5f8f586
13 changed files with 108 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
webaccount/account.ts
View File

@ -1824,6 +1824,7 @@ const destination = async (name: string) => {
let defaultMailbox: HTMLInputElement
let fullName: HTMLInputElement
let smtpError: HTMLInputElement
let msgAuthRequiredSMTPError: HTMLInputElement
let saveButton: HTMLButtonElement
const addresses = [name, ...Object.keys(acc.Destinations || {}).filter(a => !a.startsWith('@') && a !== name)]
@ -1851,6 +1852,12 @@ const destination = async (name: string) => {
smtpError=dom.input(attr.value(dest.SMTPError), attr.placeholder('421 or 550...')),
),
dom.br(),
dom.div(
dom.span('Reject messages without authenticated domain (aligned SPF/DKIM)', attr.title("If non-empty, an additional DMARC-like message authentication check is done for incoming messages, validating the domain in the From-header of the message. Messages without either an aligned SPF or aligned DKIM pass are rejected during the SMTP DATA command with a permanent error code followed by the message in this field. The domain in the message 'From' header is matched in relaxed or strict mode according to the domain's DMARC policy if present, or relaxed mode (organizational instead of exact domain match) otherwise. Useful for autoresponders that don't want to accept messages they don't want to send an automated reply to.")),
dom.br(),
msgAuthRequiredSMTPError=dom.input(attr.value(dest.MessageAuthRequiredSMTPError), attr.placeholder('messages must have aligned spf/dkim for domain authentication...')),
),
dom.br(),
dom.h2('Rulesets'),
dom.p('Incoming messages are checked against the rulesets. If a ruleset matches, the message is delivered to the mailbox configured for the ruleset instead of to the default mailbox.'),
@ -1917,6 +1924,7 @@ const destination = async (name: string) => {
}
}),
SMTPError: smtpError.value,
MessageAuthRequiredSMTPError: msgAuthRequiredSMTPError.value,
}
await check(saveButton, client.DestinationSave(name, dest, newDest))
window.location.reload() // todo: only refresh part of ui