Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Relax parsing of the `Authentication-Results` header

See original GitHub issue

Relax the parsing to allow some common RFC violations:

  • allow trailing ; at the end
  • allow / in the b-tag, even if it is not in a quoted-string (#49, #71)

Bellow original post:

Hello, Looks like there is an issue with parsing the Authentication-Results header as it is set by the Zoho mail server.

For isolating the issue and preventing any confusion I have unchecked the Verify DKIM Signatures setting. Here is the resulting debug output.

2017-01-13 08:03:56	DKIM_Verifier.Logging	DEBUG	initialized

2017-01-13 08:03:59	DKIM_Verifier.Policy	DEBUG	DB initialized

2017-01-13 08:04:09	DKIM_Verifier.JSDNS	CONFIG	changed DNS Servers to : [{server:"8.8.8.8", alive:true}, {server:"8.8.4.4", alive:true}]

2017-01-13 08:04:09	DKIM_Verifier.JSDNS	CONFIG	changed DNS Servers to : [{server:"8.8.8.8", alive:true}, {server:"8.8.4.4", alive:true}]

2017-01-13 08:04:09	DKIM_Verifier.JSDNS	INFO	Resolving _dmarc.example.com TXT by querying 8.8.8.8

2017-01-13 08:04:10	DKIM_Verifier.JSDNS	DEBUG	_dmarc.example.com/TXT: Answer: v=DMARC1; p=none; sp=none; adkim=r; aspf=r; pct=100; fo=1; rua=mailto:hxfynrdk@ag.dmarcian.com,mailto:dmarc-rua@example.com; ruf=mailto:hxfynrdk@fr.dmarcian.com;

2017-01-13 08:04:10	DKIM_Verifier.DNSWrapper	DEBUG	result: ({data:["v=DMARC1; p=none; sp=none; adkim=r; aspf=r; pct=100; fo=1; rua=mailto:hxfynrdk@ag.dmarcian.com,mailto:dmarc-rua@example.com; ruf=mailto:hxfynrdk@fr.dmarcian.com;"], rcode:0, secure:false, bogus:false})

2017-01-13 08:04:10	DKIM_Verifier.DMARC	DEBUG	DMARCPolicy: ({adkim:"r", pct:100, p:"none", domain:"example.com", source:"example.com"})

2017-01-13 08:04:10	DKIM_Verifier.Policy	DEBUG	shouldBeSigned: true; sdid: example.com; hideFail: false; foundRule: false

2017-01-13 08:04:10	DKIM_Verifier.AuthVerifier	ERROR	Error: Parsing error (resource://dkim_verifier/ARHParser.jsm:253:1) JS Stack trace: match@ARHParser.jsm:253:1 < parseResinfo@ARHParser.jsm:188:14 < _ARHParser_parse@ARHParser.jsm:162:21 < getARHResult@AuthVerifier.jsm:225:10 < _authVerifier_verify/promise<@AuthVerifier.jsm:116:20

2017-01-13 08:04:10	DKIM_Verifier.AuthVerifier	DEBUG	authResult: ({version:"2.0", dkim:[{version:"2.0", result:"none", res_num:40, result_str:"No Signature"}], spf:[], dmarc:[]})

And here are the email headers of the same email, note though that I have obscured the domain of my server with example.com, as well as its IP address with x.x.x.x.

Delivered-To: sales@example.com
Received-SPF: pass (zoho.com: domain of email.example.com designates 167.89.55.65 as permitted sender) client-ip=167.89.55.65; envelope-from=bounces+2344330-4453-sales=example.com@email.example.com; helo=o1.7nn.fshared.sendgrid.net;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of email.example.com designates 167.89.55.65 as permitted sender)  smtp.mailfrom=bounces+2344330-4453-sales=example.com@email.example.com;
Return-Path: <bounces+2344330-4453-sales=example.com@email.example.com>
Received: from o1.7nn.fshared.sendgrid.net (o1.7nn.fshared.sendgrid.net [167.89.55.65]) by mx.zohomail.com
	with SMTPS id 1484246776936349.02854621594497; Thu, 12 Jan 2017 10:46:16 -0800 (PST)
Received: by filter0691p1mdw1.sendgrid.net with SMTP id filter0691p1mdw1-31661-5877CEF2-29
        2017-01-12 18:46:10.784231552 +0000 UTC
Received: from example.com (example.com [x.x.x.x])
	by ismtpd0002p1lon1.sendgrid.net (SG) with ESMTP id Rc1DMZOHQDuVuX5cYM7YzA
	for <sales@example.com>; Thu, 12 Jan 2017 18:46:10.503 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=example.com; 
	h=to:from:subject:mime-version:content-type:content-transfer-encoding; 
	s=s1; bh=528ZwQtSB/2qVd7MJNMPYs7ZD5s=; b=kBy78xq/dwwoTTFMtTEa3Hy
	S8Pj3G2b4EQMouyWSav2eZ2jSm3zDUdPnDPbIO6xY7pbRyEo5pcwHoY/exvoARcC
	XEKt8B2WCvBGCqv/BpyYwH8fZH1XMBMfVNsvDS2r3aI63kUzY6s5Acj9n8cukRls
	oVHFQjs1WRQh2y/x18nw=
Date: Thu, 12 Jan 2017 20:46:09 +0200
To: sales@example.com
From: "example.com" <no-reply@example.com>
Subject: =?UTF-8?B?zpXOuc60zr/PgM6/zq/Ot8+Dzrcgzp3Orc6xz4IgzqDOsc+BzrHOs86zzrXOu86vzrHPgg==?=
Message-ID: <87fcc4cddb8a79d1ead2905850ca77d8@example.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_87fcc4cddb8a79d1ead2905850ca77d8"
Content-Transfer-Encoding: 8bit
X-SG-EID: gOUNDwUZ2BR4HKLzjgMW+kvYtWz9GDxsoMs56GxmdgeoFp6RARf2fwQv5KptcBDsahTrVj9mbfJcQc
 zuuKPQTdmUZuGS724CHVPHVtCkux44ObONv9Q9cdbzbji0Yk8iUse4CItwtLBTww8QcXyyRdSH89Wy
 ibMj1iyUXbKrYuuCVQp4VgENUkfgltg5XrDyvJUv1VedEIjkxEQVLIHE1tvMS/qwmM3EnmWvRx7+1w
 4=
X-ZohoMail: RSF_0  Z_38635583 SPT_1 Z_38638371 SPT_1 UDT_7 RF_0
X-Zoho-Virus-Status: 2

The extension reports No Signature on the DKIM field, which is to be expected I guess because the verification of the DKIM is disabled and Zoho doesn’t verify DKIM, but the information about the SPF is also missing.

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
magkopiancommented, Jan 16, 2017

Just noticed that Outlook does the same thing with Zoho. Here is an example of an Authentication-Results header form Outlook,

Authentication-Results: spf=pass (sender IP is 91.194.248.199)
 smtp.mailfrom=reply1.ebay.com; outlook.com; dkim=pass (signature was
 verified) header.d=reply1.ebay.com;outlook.com; dmarc=pass action=none
 header.from=reply1.ebay.com;

Seems like you are right about the violation of the RFC standard, but considering the fact that we can’t actually do anything about it shouldn’t we follow a less strict approach during parsing?

Also, apart from the Authentication-Results header there is also the Received-SPF header which could be used to obtain at least the SPF result, if the parsing of the Authentication-Results fails.

0reactions
liesercommented, Apr 1, 2018

The new pre release v2.0.0pre4 has an advanced option for relaxed parsing.

Note that the ARH from Outlook that you posted will still not work, as there the outlook.com; part is in the middle (and even multiple times). Before I invest more time into trying to also allowing this, could you please confirm that Outlook is still doing this?

Read more comments on GitHub >

github_iconTop Results From Across the Web

RFC 7001: Message Header Field for Indicating Message ...
RFC 7001 Authentication-Results Header Field September 2013 Table of Contents 1. ... that allow for easy parsing within the rest of the header...
Read more >
What is an Email Header Parser? - PowerDMARC
An email header parser is a tool that can help you to parse email headers of a specific email message.
Read more >
RFC 7601 - Message Header Field for ... - IETF Datatracker
Message Header Field for Indicating Message Authentication Status
Read more >
What all the stuff in email headers means—and how to sniff ...
Parsing email headers needs care and knowledge—but it requires no special ... is encrypted in-flight, and signed and authenticated at-rest.
Read more >
Anti-spam message headers - Office 365 - Microsoft Learn
This tool helps parse headers and put them into a more readable format. ... AAR : Records the content of the Authentication-results header ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

New icons

Next page

Construction using window.location.href as base throws Invalid URL