happyDomain/happyDeliver
2
0
Fork 0
Code Issues 6 Pull requests 10 Projects Releases Packages Wiki Activity Actions

Handle x-google-dkim authentication result

Browse source
This commit is contained in:
nemunaire 2025-10-24 11:49:32 +07:00
commit 115da72874
4 changed files with 136 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
api/openapi.yaml
View file

@ -680,6 +680,9 @@ components:
$ref: '#/components/schemas/ARCResult'
iprev:
$ref: '#/components/schemas/IPRevResult'
x_google_dkim:
$ref: '#/components/schemas/AuthResult'
description: Google-specific DKIM authentication result (x-google-dkim)
AuthResult:
type: object

48
pkg/analyzer/authentication.go
View file

@ -134,6 +134,13 @@ func (a *AuthenticationAnalyzer) parseAuthenticationResultsHeader(header string,
results.Iprev = a.parseIPRevResult(part)
}
}
// Parse x-google-dkim
if strings.HasPrefix(part, "x-google-dkim=") {
if results.XGoogleDkim == nil {
results.XGoogleDkim = a.parseXGoogleDKIMResult(part)
}
}
}
}
@ -299,6 +306,37 @@ func (a *AuthenticationAnalyzer) parseIPRevResult(part string) *api.IPRevResult
return result
}
// parseXGoogleDKIMResult parses Google DKIM result from Authentication-Results
// Example: x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=fauiPVZ6
func (a *AuthenticationAnalyzer) parseXGoogleDKIMResult(part string) *api.AuthResult {
result := &api.AuthResult{}
// Extract result (pass, fail, etc.)
re := regexp.MustCompile(`x-google-dkim=(\w+)`)
if matches := re.FindStringSubmatch(part); len(matches) > 1 {
resultStr := strings.ToLower(matches[1])
result.Result = api.AuthResultResult(resultStr)
}
// Extract domain (header.d or d)
domainRe := regexp.MustCompile(`(?:header\.)?d=([^\s;]+)`)
if matches := domainRe.FindStringSubmatch(part); len(matches) > 1 {
domain := matches[1]
result.Domain = &domain
}
// Extract selector (header.s or s) - though not always present in x-google-dkim
selectorRe := regexp.MustCompile(`(?:header\.)?s=([^\s;]+)`)
if matches := selectorRe.FindStringSubmatch(part); len(matches) > 1 {
selector := matches[1]
result.Selector = &selector
}
result.Details = api.PtrTo(strings.TrimPrefix(part, "x-google-dkim="))
return result
}
// parseARCHeaders parses ARC headers from email message
// ARC consists of three headers per hop: ARC-Authentication-Results, ARC-Message-Signature, ARC-Seal
func (a *AuthenticationAnalyzer) parseARCHeaders(email *EmailMessage) *api.ARCResult {
@ -549,6 +587,16 @@ func (a *AuthenticationAnalyzer) CalculateAuthenticationScore(results *api.Authe
}
}
// X-Google-DKIM (optional) - penalty if failed
if results.XGoogleDkim != nil {
switch results.XGoogleDkim.Result {
case api.AuthResultResultPass:
// pass: don't alter the score
default: // fail
score -= 12
}
}
// DMARC (25 points)
if results.Dmarc != nil {
switch results.Dmarc.Result {

55
pkg/analyzer/authentication_test.go
View file

@ -1261,6 +1261,61 @@ func TestParseIPRevResult(t *testing.T) {
}
}
func TestParseXGoogleDKIMResult(t *testing.T) {
tests := []struct {
name string
part string
expectedResult api.AuthResultResult
expectedDomain string
expectedSelector string
}{
{
name: "x-google-dkim pass with domain",
part: "x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=fauiPVZ6",
expectedResult: api.AuthResultResultPass,
expectedDomain: "1e100.net",
},
{
name: "x-google-dkim pass with short form",
part: "x-google-dkim=pass d=gmail.com",
expectedResult: api.AuthResultResultPass,
expectedDomain: "gmail.com",
},
{
name: "x-google-dkim fail",
part: "x-google-dkim=fail header.d=example.com",
expectedResult: api.AuthResultResultFail,
expectedDomain: "example.com",
},
{
name: "x-google-dkim with minimal info",
part: "x-google-dkim=pass",
expectedResult: api.AuthResultResultPass,
},
}
analyzer := NewAuthenticationAnalyzer()
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := analyzer.parseXGoogleDKIMResult(tt.part)
if result.Result != tt.expectedResult {
t.Errorf("Result = %v, want %v", result.Result, tt.expectedResult)
}
if tt.expectedDomain != "" {
if result.Domain == nil || *result.Domain != tt.expectedDomain {
var gotDomain string
if result.Domain != nil {
gotDomain = *result.Domain
}
t.Errorf("Domain = %v, want %v", gotDomain, tt.expectedDomain)
}
}
})
}
}
func TestParseAuthenticationResultsHeader_IPRev(t *testing.T) {
tests := []struct {
name string

30
web/src/lib/components/AuthenticationCard.svelte
View file

@ -183,6 +183,36 @@
</div>
</div>
<!-- X-Google-DKIM (Optional) -->
{#if authentication.x_google_dkim}
<div class="list-group-item" id="authentication-x-google-dkim">
<div class="d-flex align-items-start">
<i class="bi {getAuthResultIcon(authentication.x_google_dkim.result, false)} {getAuthResultClass(authentication.x_google_dkim.result, false)} me-2 fs-5"></i>
<div>
<strong>X-Google-DKIM</strong>
<span class="text-uppercase ms-2 {getAuthResultClass(authentication.x_google_dkim.result, false)}">
{authentication.x_google_dkim.result}
</span>
{#if authentication.x_google_dkim.domain}
<div class="small">
<strong>Domain:</strong>
<span class="text-muted">{authentication.x_google_dkim.domain}</span>
</div>
{/if}
{#if authentication.x_google_dkim.selector}
<div class="small">
<strong>Selector:</strong>
<span class="text-muted">{authentication.x_google_dkim.selector}</span>
</div>
{/if}
{#if authentication.x_google_dkim.details}
<pre class="p-2 mb-0 bg-light text-muted small" style="white-space: pre-wrap">{authentication.x_google_dkim.details}</pre>
{/if}
</div>
</div>
</div>
{/if}
<!-- DMARC (Required) -->
<div class="list-group-item" id="authentication-dmarc">
<div class="d-flex align-items-start">