tls: surface transport TLS status in email path and authentication
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Parse TLS details (version, cipher, bits, cert verification) from the Postfix Received header parenthetical and expose them per hop, rendered as a per-hop badge in the Email Path card. Add an x-tls Authentication-Results result: parse it when present, and otherwise synthesize it from the inbound hop's TLS info. A negative result (unencrypted inbound connection) applies a -10 authentication score penalty and is shown in the Authentication card. Enable the TLS handler in authentication_milter. Closes: #40
This commit is contained in:
parent
8e7e56851b
commit
d53c1b1e00
11 changed files with 593 additions and 0 deletions
|
|
@ -147,6 +147,13 @@ func (a *AuthenticationAnalyzer) parseAuthenticationResultsHeader(header string,
|
|||
results.XPtr = a.parseXPtrResult(part)
|
||||
}
|
||||
}
|
||||
|
||||
// Parse x-tls
|
||||
if strings.HasPrefix(part, "x-tls=") {
|
||||
if results.XTls == nil {
|
||||
results.XTls = a.parseXTLSResult(part)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -183,6 +190,9 @@ func (a *AuthenticationAnalyzer) CalculateAuthenticationScore(results *model.Aut
|
|||
// Penalty-only: X-Aligned-From (up to -5 points on failure)
|
||||
score += 5 * a.calculateXAlignedFromScore(results) / 100
|
||||
|
||||
// Penalty-only: X-TLS / transport encryption (-10 points when not encrypted)
|
||||
score += 10 * a.calculateXTLSScore(results) / 100
|
||||
|
||||
// Ensure score doesn't exceed 100
|
||||
if score > 100 {
|
||||
score = 100
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue