(james-project) branch master updated: JAMES-4032 DKIMHook should bypass trusted addresses (#2510)

Tue, 19 Nov 2024 00:07:56 -0800 

This is an automated email from the ASF dual-hosted git repository.

btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git


The following commit(s) were added to refs/heads/master by this push:
     new 57ce1517ee JAMES-4032 DKIMHook should bypass trusted addresses (#2510)
57ce1517ee is described below

commit 57ce1517eef3657077b8f2adf402aab67a0e3f2e
Author: Benoit TELLIER <[email protected]>
AuthorDate: Tue Nov 19 15:07:42 2024 +0700

    JAMES-4032 DKIMHook should bypass trusted addresses (#2510)
---
 .../james/mailets/DKIMHookIntegrationTest.java     | 120 +++++++++++++++++++++
 .../java/org/apache/james/smtpserver/DKIMHook.java |   3 +
 2 files changed, 123 insertions(+)

diff --git 
a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/DKIMHookIntegrationTest.java
 
b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/DKIMHookIntegrationTest.java
new file mode 100644
index 0000000000..504438bffe
--- /dev/null
+++ 
b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/DKIMHookIntegrationTest.java
@@ -0,0 +1,120 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one   *
+ * or more contributor license agreements.  See the NOTICE file *
+ * distributed with this work for additional information        *
+ * regarding copyright ownership.  The ASF licenses this file   *
+ * to you under the Apache License, Version 2.0 (the            *
+ * "License"); you may not use this file except in compliance   *
+ * with the License.  You may obtain a copy of the License at   *
+ *                                                              *
+ *   http://www.apache.org/licenses/LICENSE-2.0                 *
+ *                                                              *
+ * Unless required by applicable law or agreed to in writing,   *
+ * software distributed under the License is distributed on an  *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
+ * KIND, either express or implied.  See the License for the    *
+ * specific language governing permissions and limitations      *
+ * under the License.                                           *
+ ****************************************************************/
+
+package org.apache.james.mailets;
+
+import static org.apache.james.mailets.configuration.Constants.DEFAULT_DOMAIN;
+import static org.apache.james.mailets.configuration.Constants.LOCALHOST_IP;
+import static org.apache.james.mailets.configuration.Constants.PASSWORD;
+import static 
org.apache.james.mailets.configuration.Constants.awaitAtMostOneMinute;
+
+import java.io.File;
+
+import org.apache.james.MemoryJamesServerMain;
+import org.apache.james.mailets.configuration.SmtpConfiguration;
+import org.apache.james.modules.protocols.ImapGuiceProbe;
+import org.apache.james.modules.protocols.SmtpGuiceProbe;
+import org.apache.james.probe.DataProbe;
+import org.apache.james.utils.DataProbeImpl;
+import org.apache.james.utils.SMTPMessageSender;
+import org.apache.james.utils.TestIMAPClient;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+import org.junit.jupiter.api.io.TempDir;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+
+class DKIMHookIntegrationTest {
+    private static final String FROM_LOCAL_PART = "fromUser";
+    private static final String FROM = FROM_LOCAL_PART + "@" + DEFAULT_DOMAIN;
+    private static final String RECIPIENT_LOCAL_PART = "touser";
+    private static final String RECIPIENT = RECIPIENT_LOCAL_PART + "@" + 
DEFAULT_DOMAIN;
+
+    @RegisterExtension
+    public TestIMAPClient testIMAPClient = new TestIMAPClient();
+    @RegisterExtension
+    public SMTPMessageSender messageSender = new 
SMTPMessageSender(DEFAULT_DOMAIN);
+
+    private TemporaryJamesServer jamesServer;
+
+
+    @AfterEach
+    void tearDown() {
+        jamesServer.shutdown();
+    }
+
+    @Test
+    void trustedAddressesShouldSkipDKIMHookCheck(@TempDir File 
temporaryFolder) throws Exception {
+        initJamesServer(temporaryFolder);
+
+        messageSender.connect(LOCALHOST_IP, 
jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort())
+            .sendMessageWithHeaders(FROM, ImmutableList.of(RECIPIENT), 
"Return-Path: <[email protected]>\n" +
+                "Content-Type: multipart/mixed; 
boundary=\"------------dsVZbfyUhMRjfuWnqQ80tHvc\"\n" +
+                "Message-ID: 
<[email protected]>\n" +
+                "Date: Tue, 7 Nov 2023 12:14:47 +0100\n" +
+                "MIME-Version: 1.0\n" +
+                "User-Agent: Mozilla Thunderbird\n" +
+                "Content-Language: en-US\n" +
+                "To: [email protected]\n" +
+                "From: \"[email protected]\" <[email protected]>\n" +
+                "Subject: Simple message\n" +
+                "\n" +
+                "This is a multi-part message in MIME format.\n" +
+                "--------------dsVZbfyUhMRjfuWnqQ80tHvc\n" +
+                "Content-Type: text/plain; charset=UTF-8; format=flowed\n" +
+                "Content-Transfer-Encoding: 7bit\n" +
+                "\n" +
+                "Simple body\n" +
+                "\n" +
+                "--------------dsVZbfyUhMRjfuWnqQ80tHvc\n" +
+                "Content-Type: message/rfc822; name=BNPP ADVICE LOLO.eml\n" +
+                "Content-Disposition: attachment; filename=\"BNPP.eml\"\n" +
+                "\n" +
+                "\n" +
+                "--------------dsVZbfyUhMRjfuWnqQ80tHvc--");
+
+        testIMAPClient.connect(LOCALHOST_IP, 
jamesServer.getProbe(ImapGuiceProbe.class).getImapPort())
+            .login(RECIPIENT, PASSWORD)
+            .select(TestIMAPClient.INBOX)
+            .awaitMessage(awaitAtMostOneMinute);
+    }
+
+    private void initJamesServer(File temporaryFolder) throws Exception {
+        jamesServer = TemporaryJamesServer
+            .builder()
+            .withBase(MemoryJamesServerMain.IN_MEMORY_SERVER_AGGREGATE_MODULE)
+            .withSmtpConfiguration(SmtpConfiguration.builder()
+                .withAutorizedAddresses("0.0.0.0/0.0.0.0")
+                .addHook("org.apache.james.smtpserver.DKIMHook", 
ImmutableMap.of(
+                    "forceCLRF", "true",
+                    "signatureRequired", "true",
+                    "onlyForSenderDomain", DEFAULT_DOMAIN,
+                    "expectedDToken", DEFAULT_DOMAIN))
+                .build())
+            .build(temporaryFolder);
+        jamesServer.start();
+
+        DataProbe dataProbe = jamesServer.getProbe(DataProbeImpl.class);
+        dataProbe.addDomain(DEFAULT_DOMAIN);
+        dataProbe.addUser(RECIPIENT, PASSWORD);
+        dataProbe.addUser(FROM, PASSWORD);
+    }
+}
diff --git 
a/server/protocols/protocols-smtp-dkim/src/main/java/org/apache/james/smtpserver/DKIMHook.java
 
b/server/protocols/protocols-smtp-dkim/src/main/java/org/apache/james/smtpserver/DKIMHook.java
index cda884e4bd..e97cda41a8 100644
--- 
a/server/protocols/protocols-smtp-dkim/src/main/java/org/apache/james/smtpserver/DKIMHook.java
+++ 
b/server/protocols/protocols-smtp-dkim/src/main/java/org/apache/james/smtpserver/DKIMHook.java
@@ -298,6 +298,9 @@ public class DKIMHook implements JamesMessageHook {
 
     @Override
     public HookResult onMessage(SMTPSession session, Mail mail) {
+        if (session.isRelayingAllowed()) {
+            return HookResult.DECLINED;
+        }
         if (!dkimCheckNeeded.test(mail)) {
             return HookResult.DECLINED;
         }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to