pimlie / authres_status
This authres_status plugin checks the Authentication-Results headers of your emails and displays the verification status. The verification status is displayed when you read an email, but you can also add a column to your message list.
Installs: 2 496
Dependents: 0
Suggesters: 0
Security: 0
Stars: 36
Watchers: 12
Forks: 20
Open Issues: 23
Type:roundcube-plugin
Requires
- pimlie/php-dkim: >=0.2.2
- roundcube/plugin-installer: >=0.1.3
Requires (Dev)
- phpunit/phpunit: ^6.1
- squizlabs/php_codesniffer: 3.*
README
This plugin checks the Authentication-Results headers that were added by your MTA and displays an icon to show the verification status. Parsing of the Authentication-Results headers is more or less done according to RFC5451 which supports DKIM, DomainKeys, SPF, Sender-ID, iprev and SMTP AUTH result values.
This plugin is partially based on dkimstatus by jvehent, which was based on a plugin by Vladimir Mach.
Icons by brankic1979;
Install
If not using composer, copy all files to your plugins/ folder and add 'authres_status' to your $config['plugins'] array in config/main.inc.php or config/config.inc.php.
Configuration
If you want to enable the results column in your message list, enable this in your settings. You can also choose which statuses you would like to see/ignore.
As of version 0.2 you can also enable an internal DKIM verifier (php-dkim by angrychimp) if your MTA did not add a Authentication-Results header. You could experience some slow down because we need to retrieve the whole message body of each message for which we run the verifier.
Trusted mta's (since v0.3)
An email can be passed through many mta's before it finally ends up in your mailbox. Each mta can add additional headers to the email, thus also Authentication-Result headers. This makes it possible for a malicious mta to add a Authentication-Result header that has a passing result, eventhough the signature is invalid (or not existing). Section 2.2 of RFC5451 states that every Authentication-Result headers should start with an authserv-id which has a similar syntax as a fully-qualified domain name. Often the authserv-id is equal to the fqdn of the mta.
Since version 0.3 you can add a comma separated list of authserv-id's that you trust, then only results from those mta's will be displayed. If you are not sure what the authserv-id from your mta is, toggle the 'raw message headers' display in the preview pane and look for a Authentication-Results header. It should look like:
Authentication-Results: example.com;
sender-id=hardfail header.from=example.com;
dkim=pass (good signature) header.i=sender@example.com
The text between Authentication-Results:
and the first ;
is the authserv-id, in the example above it is example.com
.
Tested
Tested on Roundcube 1.0.0+, let me know if it works on previous version as well
Known issues
- After changing layouts (e.g. from list to widescreen) you need to refresh the page to correctly show the authentication status column