From e713cb5457dab0e5ce1984dc3c9c370b1f09b4ea Mon Sep 17 00:00:00 2001 From: Moritz Poldrack Date: Sun, 23 Mar 2025 10:58:30 +0100 Subject: [PATCH] fix: ensure message content is not modified by header filter Due to an oversight, one of the header filters has potentially modified the message body, leading to broken cryptographic signatures. Switch to the Message-Id instead of the Content-Type header, which is usually only present in the global header. Signed-off-by: Moritz Poldrack Co-Authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com> Reported-by: Cole Young Fixes: 009237cc ("chore: Prevent Microsoft MUAs from sending reactions (#4120)") --- CHANGELOG.md | 5 +++++ target/postfix/sender_header_filter.pcre | 3 ++- .../parallel/set3/container_configuration/hostname.bats | 5 +++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 28ae00d9..4995b748 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ All notable changes to this project will be documented in this file. The format > **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes. +### Fixes + +- **Postfix** + - Avoid modifying the message body when filtering sender headers. This regression was introduced from [#4120](https://github.com/docker-mailserver/docker-mailserver/pull/4120) as part of DMS v15.0.0 ([#4429](https://github.com/docker-mailserver/docker-mailserver/pull/4429)) + ## [v15.0.1](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v15.0.1) ### Added diff --git a/target/postfix/sender_header_filter.pcre b/target/postfix/sender_header_filter.pcre index fe4ff045..773ec24f 100644 --- a/target/postfix/sender_header_filter.pcre +++ b/target/postfix/sender_header_filter.pcre @@ -8,4 +8,5 @@ /^\s*X-Mailer/ IGNORE /^\s*X-Originating-IP/ IGNORE /^\s*Received: from.*127.0.0.1/ IGNORE -/^Content-Type:/i PREPEND X-MS-Reactions: disallow +/^\s*X-MS-Reactions:/ IGNORE +/^\s*Message-Id:/i PREPEND X-MS-Reactions: disallow diff --git a/test/tests/parallel/set3/container_configuration/hostname.bats b/test/tests/parallel/set3/container_configuration/hostname.bats index a525ecb2..65d7ce13 100644 --- a/test/tests/parallel/set3/container_configuration/hostname.bats +++ b/test/tests/parallel/set3/container_configuration/hostname.bats @@ -234,8 +234,9 @@ function _should_have_correct_mail_headers() { # but Amavis is changing that. It also changes protocol from SMTP to ESMTP. assert_line --index 7 --partial 'Received: from localhost (localhost [127.0.0.1])' assert_line --index 8 --partial "by ${EXPECTED_FQDN} (Postfix) with ESMTP id" - assert_line --index 14 --partial 'Message-Id:' - assert_line --index 14 --partial "@${EXPECTED_FQDN}>" + assert_line --index 14 'X-MS-Reactions: disallow' + assert_line --index 15 --partial 'Message-Id:' + assert_line --index 15 --partial "@${EXPECTED_FQDN}>" # Mail contents example: #