Documentation
¶
Index ¶
- func EnforceEncryption(header textproto.Header, body io.Reader, opts Options) error
- func IsAcceptedMessage(header textproto.Header, body io.Reader) (bool, error)
- func IsSecureJoinMessage(header textproto.Header, body io.Reader) bool
- func IsValidEncryptedMessage(contentType string, body io.Reader) (bool, error)
- type Options
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EnforceEncryption ¶ added in v0.46.0
EnforceEncryption is the single PGP-only policy gate used by every message-accepting surface of madmail (SMTP submission & inbound, HTTP MX-Deliv federation, IMAP APPEND, CLI `imap-msgs add`, webimap SMTP).
It returns nil if the message is acceptable and an *exterrors.SMTPError otherwise. The returned error carries SMTP code 523/5.7.1 for policy rejections and 451/4.0.0 for transient read errors so HTTP and IMAP callers can translate once with a simple type-switch.
The implementation is fully streaming: the body reader is consumed incrementally. Cleartext rejection is decided from the Content-Type header alone and returns without touching body at all, so uploading a large unencrypted attachment does not burn CPU memcpy'ing a body we are about to reject anyway.
func IsAcceptedMessage ¶
IsAcceptedMessage reports whether the message would be accepted by the PGP-only policy without the envelope context EnforceEncryption needs. It is kept for the few callers (tests, IMAP wrappers) that have no envelope at hand; new code should prefer EnforceEncryption.
func IsSecureJoinMessage ¶
IsSecureJoinMessage streams body and reports whether it is an unencrypted Secure-Join v[cg]-* handshake message. Kept public for tests and for callers that need to peek without running the full EnforceEncryption gate.
func IsValidEncryptedMessage ¶
IsValidEncryptedMessage streams body and reports whether it is a well-formed RFC 3156 multipart/encrypted / application/pgp-encrypted message. The body reader is consumed. The returned error is always nil in the current implementation (malformed data is reported as false, not as a transient error); the signature is kept for API compatibility.
Types ¶
type Options ¶ added in v0.46.0
type Options struct {
// MailFrom is the SMTP envelope sender (MAIL FROM). It is used to
// recognise mailer-daemon@ bounces and to match the passthrough
// sender list. Leave empty if unknown; the check will simply skip the
// bounce/passthrough-sender branches.
MailFrom string
// Recipients is the list of SMTP envelope recipients (RCPT TO). It is
// consulted only to match the passthrough recipient list.
Recipients []string
// PassthroughSenders short-circuits the check when MailFrom matches
// one of the addresses (case-insensitive, exact match).
PassthroughSenders []string
// PassthroughRecipients short-circuits the check when every entry in
// Recipients matches one of the configured addresses. Entries that
// start with "@" match any address in that domain.
PassthroughRecipients []string
}
Options tunes EnforceEncryption's acceptance rules.
The zero value is the strict chatmail policy: only RFC 3156 PGP/MIME and the unencrypted Secure-Join v[cg]-request handshake step are accepted. Everything else is rejected with SMTP 523 "Encryption Needed".
Callers that terminate SMTP conversations (submission, relay-in, HTTP federation delivery, IMAP APPEND) fill in the envelope sender and the configured passthrough lists so operator-provided exceptions and mailer-daemon bounces round-trip through a single decision point.
Source Files