feat: Update POSTFIX_TLS_REGEX to also handle stalwart (#23)

idkidk000 · adminadmin · web-flow · commit 1b23b480b11b · 2025-06-17T20:19:44.000+02:00
* update POSTFIX_TLS_REGEX to also handle stalwart

* also match the closing paren and update the readme

---------

Co-authored-by: adminadmin &lt;git@akki.uk&gt;
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@ This plugin parses the "Received" header for the last hop and checks if TLS was
 receiving MTA.
 
 In Postfix this can be enabled by
-setting [`smtpd_tls_received_header = yes`](https://www.postfix.org/postconf.5.html#smtpd_tls_received_header). Sendmail
+setting [`smtpd_tls_received_header = yes`](https://www.postfix.org/postconf.5.html#smtpd_tls_received_header). Sendmail and Stalwart
 should work out of the box. Other MTAs have not been explicitly tested.
 
 Note that while this talks about "encryption", this does not imply security. An encrypted mail may still be insecure,
diff --git a/test/TlsIconTest.php b/test/TlsIconTest.php
@@ -30,6 +30,8 @@ final class TlsIconTest extends TestCase
 	/** @var string */
 	private $strSendmailCryptedTlsv12WithCipherVerify = '<img class="lock_icon" src="plugins/tls_icon/lock.svg" title="TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK" />';
 
+	/** @var string */
+	private $strStalwartCryptedTlsv13WithCipher = '<img class="lock_icon" src="plugins/tls_icon/lock.svg" title="TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384" />';
 
 	public function testInstance()
 	{
@@ -379,4 +381,40 @@ public function testSendmailTLS13MultipleRecipients()
 			]
 		], $headersProcessed);
 	}
+
+	public function testStalwartTls()
+	{
+		$o = new tls_icon();
+		$headersProcessed = $o->message_headers([
+			'output' => [
+				'subject' => [
+					'value' => 'Sent to you',
+				],
+			],
+			'headers' => (object) [
+				'others' => [
+					'received' => 'from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174] (AS15169 Google LLC, US))
+					(using TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384)
+					by mail.example.org (Stalwart SMTP) with ESMTPS id 36DAF29F3A02098;
+					Mon, 16 Jun 2025 13:33:03 +0000',
+				]
+			]
+		]);
+		$this->assertEquals([
+			'output' => [
+				'subject' => [
+					'value' => 'Sent to you' . $this->strStalwartCryptedTlsv13WithCipher,
+					'html' => 1,
+				],
+			],
+			'headers' => (object) [
+				'others' => [
+					'received' => 'from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174] (AS15169 Google LLC, US))
+					(using TLSv1.3 with cipher TLS13_AES_256_GCM_SHA384)
+					by mail.example.org (Stalwart SMTP) with ESMTPS id 36DAF29F3A02098;
+					Mon, 16 Jun 2025 13:33:03 +0000',
+				]
+			]
+		], $headersProcessed);
+	}
 }
diff --git a/tls_icon.php b/tls_icon.php
@@ -2,7 +2,7 @@
 
 class tls_icon extends rcube_plugin
 {
-	const POSTFIX_TLS_REGEX = "/\(using (TLS.*)\) \(/im";
+	const POSTFIX_TLS_REGEX = "/\(using (TLS[^()]+(?:\([^)]+\))?)\)/im";
 	const POSTFIX_LOCAL_REGEX = "/\([a-zA-Z]*, from userid [0-9]*\)/im";
 	const SENDMAIL_TLS_REGEX = "/\(version=(TLS.*)\)(\s+for|;)/im";
 

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`
`3`	`3`	`class tls_icon extends rcube_plugin`
`4`	`4`	`{`
`5`		`- const POSTFIX_TLS_REGEX = "/\(using (TLS.*)\) \(/im";`
	`5`	`+ const POSTFIX_TLS_REGEX = "/\(using (TLS[^()]+(?:\([^)]+\))?)\)/im";`
`6`	`6`	`const POSTFIX_LOCAL_REGEX = "/\([a-zA-Z], from userid [0-9]\)/im";`
`7`	`7`	`const SENDMAIL_TLS_REGEX = "/\(version=(TLS.*)\)(\s+for\|;)/im";`
`8`	`8`