From 9db8ee4c982492d504f0aed9ba2a37be79b3e997 Mon Sep 17 00:00:00 2001 From: Jumper78 <52802286+Jumper78@users.noreply.github.com> Date: Fri, 14 Feb 2025 16:19:20 +0000 Subject: [PATCH 1/3] added idna function to perform puny encoding on IDN domains (cherry picked from commit 35ffcb070da133648e7e7bc087dcea2a4c005fb5) # Conflicts: # core/admin/mailu/internal/views/rspamd.py --- core/admin/mailu/internal/views/rspamd.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/core/admin/mailu/internal/views/rspamd.py b/core/admin/mailu/internal/views/rspamd.py index b6ead86b..ea54ae29 100644 --- a/core/admin/mailu/internal/views/rspamd.py +++ b/core/admin/mailu/internal/views/rspamd.py @@ -2,6 +2,7 @@ from mailu import models from mailu.internal import internal import flask +import idna def vault_error(*messages, status=404): return flask.make_response(flask.jsonify({'errors':messages}), status) @@ -19,11 +20,23 @@ def rspamd_dkim_key(domain_name): if key := domain.dkim_key: selectors.append( { - 'domain' : domain.name, + 'domain' : idna.encode(domain.name.lower()).decode('ascii'), 'key' : key.decode('utf8'), 'selector': flask.current_app.config.get('DKIM_SELECTOR', 'dkim'), } ) +<<<<<<< HEAD +======= + elif domain := models.Alternative.query.get(domain_name): + if key := domain.domain.dkim_key: + selectors.append( + { + 'domain' : idna.encode(domain.name.lower()).decode('ascii'), + 'key' : key.decode('utf8'), + 'selector': flask.current_app.config.get('DKIM_SELECTOR', 'dkim'), + } + ) +>>>>>>> 35ffcb07 (added idna function to perform puny encoding on IDN domains) return flask.jsonify({'data': {'selectors': selectors}}) @internal.route("/rspamd/local_domains", methods=['GET']) From cc7f94d5f68a51a0a6b0f8b17509be619b6cf2e6 Mon Sep 17 00:00:00 2001 From: Jumper78 <52802286+Jumper78@users.noreply.github.com> Date: Fri, 14 Feb 2025 20:50:14 +0100 Subject: [PATCH 2/3] Create 3758.bugfix (cherry picked from commit 7baea8578349b0df767f5d4c41a33f420c8125ed) --- towncrier/newsfragments/3758.bugfix | 1 + 1 file changed, 1 insertion(+) create mode 100644 towncrier/newsfragments/3758.bugfix diff --git a/towncrier/newsfragments/3758.bugfix b/towncrier/newsfragments/3758.bugfix new file mode 100644 index 00000000..5d38b191 --- /dev/null +++ b/towncrier/newsfragments/3758.bugfix @@ -0,0 +1 @@ +domain name of an IDN domain in the DKIM signature needs to follow RFC6376; puny encoding the domain name when rspamd accesses the vault; From 1f7a1fa727560f407773eced4b40fcd7db7816f7 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Sun, 16 Feb 2025 11:02:35 +0100 Subject: [PATCH 3/3] Update rspamd.py Ensure we IDNA encode DKIM/ARC domains and their alternatives --- core/admin/mailu/internal/views/rspamd.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/core/admin/mailu/internal/views/rspamd.py b/core/admin/mailu/internal/views/rspamd.py index ea54ae29..a513a113 100644 --- a/core/admin/mailu/internal/views/rspamd.py +++ b/core/admin/mailu/internal/views/rspamd.py @@ -25,8 +25,6 @@ def rspamd_dkim_key(domain_name): 'selector': flask.current_app.config.get('DKIM_SELECTOR', 'dkim'), } ) -<<<<<<< HEAD -======= elif domain := models.Alternative.query.get(domain_name): if key := domain.domain.dkim_key: selectors.append( @@ -36,7 +34,6 @@ def rspamd_dkim_key(domain_name): 'selector': flask.current_app.config.get('DKIM_SELECTOR', 'dkim'), } ) ->>>>>>> 35ffcb07 (added idna function to perform puny encoding on IDN domains) return flask.jsonify({'data': {'selectors': selectors}}) @internal.route("/rspamd/local_domains", methods=['GET'])