search

Testausserveri / koirameili

SMTP server to receive emails in Discord DM's
0 stars 1 forks source link

Prevent email spoofing #8

Open RoyTakanen opened 2 years ago

RoyTakanen commented 2 years ago

People can send emails to koirameili from any domain because there are no DKIM checks in place. User should be warned if DKIM signature does not match or does not exist when domain has one configured.

DKIM:

Adds a digital signature to every outgoing message, which lets receiving servers verify the message actually came from your organization

Proof:

root@reformist0refract:~# telnet teapot.testausserveri.fi 25
Trying 152.67.70.55...
Connected to teapot.testausserveri.fi.
Escape character is '^]'.
220 12f1b26b3cc8 ESMTP
HELO 185.150.18.211
250 12f1b26b3cc8 Nice to meet you, [185.150.18.211]
MAIL FROM: <masterminds@testausserveri.fi>
250 Accepted
RCPT TO: <erikoisjaakari@koira.testausserveri.fi>
250 Accepted
DATA
354 End data with <CR><LF>.<CR><LF>
From: masterminds@testausserveri.fi
To: erikoisjaakari@koira.testausserveri.fi
Subject: lähettäjä spoofattu

Katso viestin lähettäjä.

.
250 OK: message queued
kuva
ahnl commented 2 years ago

Thank you for this issue.

If anyone can figure out how to implement DKIM check in this, feel free to suggest or make a PR.