From 434532fb2b441344f9c7124028dc88576f83ef89 Mon Sep 17 00:00:00 2001 From: adminadmin Date: Mon, 16 Jun 2025 17:18:12 +0100 Subject: [PATCH 1/2] update POSTFIX_TLS_REGEX to also handle stalwart --- test/TlsIconTest.php | 38 ++++++++++++++++++++++++++++++++++++++ tls_icon.php | 2 +- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/test/TlsIconTest.php b/test/TlsIconTest.php index f52c4d4..3cbc732 100644 --- a/test/TlsIconTest.php +++ b/test/TlsIconTest.php @@ -30,6 +30,8 @@ final class TlsIconTest extends TestCase /** @var string */ private $strSendmailCryptedTlsv12WithCipherVerify = ''; + /** @var string */ + private $strStalwartCryptedTlsv13WithCipher = ''; public function testInstance() { @@ -379,4 +381,40 @@ public function testSendmailTLS13MultipleRecipients() ] ], $headersProcessed); } + + public function testStalwartTls() + { + $o = new tls_icon(); + $headersProcessed = $o->message_headers([ + 'output' => [ + 'subject' => [ + 'value' => 'Sent to you', + ], + ], + 'headers' => (object) [ + 'others' => [ + 'received' => 'from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174] (AS15169 Google LLC, US)) + (using TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384) + by mail.example.org (Stalwart SMTP) with ESMTPS id 36DAF29F3A02098; + Mon, 16 Jun 2025 13:33:03 +0000', + ] + ] + ]); + $this->assertEquals([ + 'output' => [ + 'subject' => [ + 'value' => 'Sent to you' . $this->strStalwartCryptedTlsv13WithCipher, + 'html' => 1, + ], + ], + 'headers' => (object) [ + 'others' => [ + 'received' => 'from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174] (AS15169 Google LLC, US)) + (using TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384) + by mail.example.org (Stalwart SMTP) with ESMTPS id 36DAF29F3A02098; + Mon, 16 Jun 2025 13:33:03 +0000', + ] + ] + ], $headersProcessed); + } } diff --git a/tls_icon.php b/tls_icon.php index a6bbecc..0148aa1 100644 --- a/tls_icon.php +++ b/tls_icon.php @@ -2,7 +2,7 @@ class tls_icon extends rcube_plugin { - const POSTFIX_TLS_REGEX = "/\(using (TLS.*)\) \(/im"; + const POSTFIX_TLS_REGEX = "/\(using (TLS[^()]+(?:\([^)]+\))?)/im"; const POSTFIX_LOCAL_REGEX = "/\([a-zA-Z]*, from userid [0-9]*\)/im"; const SENDMAIL_TLS_REGEX = "/\(version=(TLS.*)\)(\s+for|;)/im"; From e38b5977fdbfa801d08c4065925c906c0cd03b1b Mon Sep 17 00:00:00 2001 From: adminadmin Date: Tue, 17 Jun 2025 19:05:38 +0100 Subject: [PATCH 2/2] also match the closing paren and update the readme --- README.md | 2 +- tls_icon.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8818eba..d0a04f0 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ This plugin parses the "Received" header for the last hop and checks if TLS was receiving MTA. In Postfix this can be enabled by -setting [`smtpd_tls_received_header = yes`](https://www.postfix.org/postconf.5.html#smtpd_tls_received_header). Sendmail +setting [`smtpd_tls_received_header = yes`](https://www.postfix.org/postconf.5.html#smtpd_tls_received_header). Sendmail and Stalwart should work out of the box. Other MTAs have not been explicitly tested. Note that while this talks about "encryption", this does not imply security. An encrypted mail may still be insecure, diff --git a/tls_icon.php b/tls_icon.php index 0148aa1..40a4b6f 100644 --- a/tls_icon.php +++ b/tls_icon.php @@ -2,7 +2,7 @@ class tls_icon extends rcube_plugin { - const POSTFIX_TLS_REGEX = "/\(using (TLS[^()]+(?:\([^)]+\))?)/im"; + const POSTFIX_TLS_REGEX = "/\(using (TLS[^()]+(?:\([^)]+\))?)\)/im"; const POSTFIX_LOCAL_REGEX = "/\([a-zA-Z]*, from userid [0-9]*\)/im"; const SENDMAIL_TLS_REGEX = "/\(version=(TLS.*)\)(\s+for|;)/im";