Skip to content

update POSTFIX_TLS_REGEX to also handle stalwart #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
GermanCoding merged 3 commits into from
Jun 17, 2025
Merged

update POSTFIX_TLS_REGEX to also handle stalwart #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
434532f
update POSTFIX_TLS_REGEX to also handle stalwart
Jun 16, 2025
e38b597
also match the closing paren and update the readme
Jun 17, 2025
94266be
Merge branch 'master' into parse-stalwart-header
idkidk000 Jun 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ This plugin parses the "Received" header for the last hop and checks if TLS was
receiving MTA.

In Postfix this can be enabled by
setting [`smtpd_tls_received_header = yes`](https://www.postfix.org/postconf.5.html#smtpd_tls_received_header). Sendmail
setting [`smtpd_tls_received_header = yes`](https://www.postfix.org/postconf.5.html#smtpd_tls_received_header). Sendmail and Stalwart
should work out of the box. Other MTAs have not been explicitly tested.

Note that while this talks about "encryption", this does not imply security. An encrypted mail may still be insecure,
Expand Down
38 changes: 38 additions & 0 deletions test/TlsIconTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ final class TlsIconTest extends TestCase
/** @var string */
private $strSendmailCryptedTlsv12WithCipherVerify = '<img class="lock_icon" src="plugins/tls_icon/lock.svg" title="TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK" />';

/** @var string */
private $strStalwartCryptedTlsv13WithCipher = '<img class="lock_icon" src="plugins/tls_icon/lock.svg" title="TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384" />';

public function testInstance()
{
Expand Down Expand Up @@ -379,4 +381,40 @@ public function testSendmailTLS13MultipleRecipients()
]
], $headersProcessed);
}

public function testStalwartTls()
{
$o = new tls_icon();
$headersProcessed = $o->message_headers([
'output' => [
'subject' => [
'value' => 'Sent to you',
],
],
'headers' => (object) [
'others' => [
'received' => 'from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174] (AS15169 Google LLC, US))
(using TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384)
by mail.example.org (Stalwart SMTP) with ESMTPS id 36DAF29F3A02098;
Mon, 16 Jun 2025 13:33:03 +0000',
]
]
]);
$this->assertEquals([
'output' => [
'subject' => [
'value' => 'Sent to you' . $this->strStalwartCryptedTlsv13WithCipher,
'html' => 1,
],
],
'headers' => (object) [
'others' => [
'received' => 'from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174] (AS15169 Google LLC, US))
(using TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384)
by mail.example.org (Stalwart SMTP) with ESMTPS id 36DAF29F3A02098;
Mon, 16 Jun 2025 13:33:03 +0000',
]
]
], $headersProcessed);
}
}
2 changes: 1 addition & 1 deletion tls_icon.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

class tls_icon extends rcube_plugin
{
const POSTFIX_TLS_REGEX = "/\(using (TLS.*)\) \(/im";
const POSTFIX_TLS_REGEX = "/\(using (TLS[^()]+(?:\([^)]+\))?)\)/im";
const POSTFIX_LOCAL_REGEX = "/\([a-zA-Z]*, from userid [0-9]*\)/im";
const SENDMAIL_TLS_REGEX = "/\(version=(TLS.*)\)(\s+for|;)/im";

Expand Down