]> source.dussan.org Git - rspamd.git/commit
projects / rspamd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2510567) | patch
[Minor] Change the default list of oversigned headers
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 13 May 2019 10:36:20 +0000 (11:36 +0100)
committerVsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 13 May 2019 10:40:37 +0000 (11:40 +0100)
commit23a41dae4ddb3c5ae48f90e03b67653881f93018
tree899f2a67f88bfb360234ec264248460057915ba7tree | snapshot
parent2510567e0bcdca9ded2f9138d46adf5d976892c5commit | diff
[Minor] Change the default list of oversigned headers

Trivia:

`Subject` header needs to be oversigned as an attacker could add some
'bad' subject to DKIM signed emails with no subject (rare but possible
case). This header is clearly displayed to a user hence, its presence as
well as absence MUST be oversigned explicitly.

`Reply-To` header is widely used to designate a special address used for
replies only but not for authentication checks. It is thus possible to
add a malicious `Reply-To` header to force users to reply to a DKIM
signed email to some attacker's controlled email address. It clearly
opens surface for social engineering like attacks and this header must
thus be unconditionally oversigned even if not presented in an original
message.

Issue: #2887
src/plugins/dkim_check.c diff | blob | history
Rapid spam filtering system: https://github.com/rspamd/rspamd