~singpolyma/jmp-pay: Change Spam header to Authentication Status header

3b9e2ebd1c6929241d299494652d6b76093b3ab1 — Christopher Vollick 8 months ago 9de5399

Change Spam header to Authentication Status header

The way I'm running it is before spam assassin runs right now, but after
opendkim, so instead I just use that status as authoritative.

I've left the Spam Assassin code in there but just commented out for
now, because I may turn it back on later, etc.

patch browse .tar.gz

1 files changed, 19 insertions(+), 1 deletions(-)

M lib/interac_email.rb

M lib/interac_email.rb => lib/interac_email.rb +19 -1

@@ 20,6 20,9 @@ class InteracEmail
 
 		NoSpam = err "No Spam Status"
 		BadSPF = err "Don't trust SPF"
+		NoAuth = err "Authentication header missing"
+		BadAuth = err "Authentication header isn't a pass"
+		BadDomain = err "Authentication header isn't for the right domain"
 		BadDKIM = err "Don't trust DKIM"
 		NoDKIM = err "No DKIM Signature somehow..."
 		WrongDKIM = err "DKIM Signature is for a different domain"


@@ 94,7 97,8 @@ class InteracEmail
 		end
 
 		def ensure_safe
-			ensure_spam_checks
+			# ensure_spam_checks
+			ensure_authentication_header
 			ensure_dkim
 		end
 


@@ 114,6 118,20 @@ class InteracEmail
 			raise Error::BadDKIM, @m unless spam.include?("DKIM_VALID_AU")
 		end
 
+		def authentication_header
+			@m["Authentication-Results"]&.value
+		end
+
+		HEADER_REGEX = /\sheader.d=payments.interac.ca\s/.freeze
+
+		def ensure_authentication_header
+			auth = authentication_header
+
+			raise Error::NoAuth, @m unless auth
+			raise Error::BadAuth, @m unless auth =~ /\sdkim=pass\s/
+			raise Error::BadDomain, @m unless auth =~ HEADER_REGEX
+		end
+
 		def dkim_header
 			@m["DKIM-Signature"]
 				&.value