deltachat / deltachat-core-rust

Delta Chat Rust Core library, used by Android/iOS/desktop apps, bindings and bots 📧
https://delta.chat/en/contribute
Other
664 stars 85 forks source link

Autocrypt setup messages trigger spam detectors #1750

Closed 0xC4N1 closed 4 years ago

0xC4N1 commented 4 years ago

Actual behavior

Base64 content is limited to 79 characters per line excluding new lines.

This behavior triggers spam filters like spam assassin due to violation of Section 2.1.1. Line Length Limits of RFC 2822

Steps to reproduce the problem

Trigger the autocrypt setup message from a delta chat client on a mail server protected by spam assassin.

Logs

Spam Assassin protocol:

Content preview:  This is the Autocrypt Setup Message used to transfer your
  end-to-end setup between clients. To decrypt and use your setup, open the
  message in an Autocrypt-compliant client and enter the setup code presented
   on the generating device.

Content analysis details:   (3.5 points, 2.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 2.2 TVD_RCVD_SINGLE        Message was received from localhost
 2.7 BASE64_LENGTH_78_79    BODY: No description available.
 1.5 BASE64_LENGTH_79_INF   BODY: base64 encoded email part uses line
                            length greater than 79 characters
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0000]
 0.0 T_HTML_ATTACH          HTML attachment to bypass scanning?

base64 part of the mail including the first line of the base64 content:

--23Llja9bhnGlwjM4gEHjf5BMcYVKEE
Content-Type: application/autocrypt-setup
Content-Disposition: attachment; filename="autocrypt-setup-message.html"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIGh0bWw+DQo8aHRtbD4NCiAgPGhlYWQ+DQogICAgPHRpdGxlPkF1dG9jcnlwdCBTZX
gerryfrancis commented 4 years ago

@0xC4N1 Thank you for your report. A lot of work was done regarding a similar issue, https://github.com/deltachat/deltachat-core-rust/issues/1575 . Please check out the most current versions of Delta Chat for Desktop (1.10.0) and/or for Android (1.10.5) to find out if your issue still applies, then please report back. Thank you very much!

0xC4N1 commented 4 years ago

@gerryfrancis thank you for your quick reply. Just tested this with Delta Chat for Desktop v1.10.0 with the same result. The base64 content is still 79 characters per line which still triggers the spam detection.

link2xt commented 4 years ago

But the line "PCFET0NUWVBFIGh0bWw+DQo8aHRtbD4NCiAgPGhlYWQ+DQogICAgPHRpdGxlPkF1dG9jcnlwdCBTZX" is 78 characters long (80 if you include CRLF):

$ python3 -c "print(len('PCFET0NUWVBFIGh0bWw+DQo8aHRtbD4NCiAgPGhlYWQ+DQogICAgPHRpdGxlPkF1dG9jcnlwdCBTZX'))"
78
link2xt commented 4 years ago

Ah, I see, it's not about base64. It's about the text not being wrapped at all. Will fix it.