require ["vacation-seconds", "envelope", "regex", "variables"];
#
# Change these as necessary for your system. myaddress is the email address
# of the sieve autoresponder script. The response to the end-user will contain
# this as the "From" address. The serverstring is the string parsed in the
# MultiLine "Received:" header than contains the TLS connection string. For
# Postfix, you may have to set: smtpd_tls_received_header = yes in the
# "main.cf" configuration file. The time that any remote user should wait until
# sending another test message is 300 seconds, defined in the vacation command
# towards the end of this script. This was built around Pigeonhole Sieve but
# should work OK with other Sieve-based filters (CMU/Cyrus Sieve, etc.).
#
# rule:[SetVariables]
set "subject" "EMail Security Test";
set "myaddress" "autotest@example.com";
set "serverstring" "*by mail.example.com (Postfix)*";
set "certkey" "4096"; #SSL Certificate Key Length-Informational Only
# rule:[DiscardSpam]
if header :contains "X-Spam-Flag" "YES"
{
discard;
stop;
}
# rule:[DiscardBulk]
if header :contains "subject" ["ADV:", "bounceme", "ADV:ADLT", "ADV-ADULT", "ADULT ADVERTISEMENT"]
{
discard;
stop;
}
# rule:[DiscardLists]
if anyof (
header "Precedence" "list",
header "Precedence" "bulk",
exists "List-Id",
exists "X-Listname"
)
{
discard;
stop;
}
#rule:[DiscardSieveLoop]
if anyof (
exists "X-Sieve"
)
{
discard;
stop;
}
#rule:[DiscardSystem]
if address :localpart :is "from" ["postmaster", "MAILER-DAEMON", "hostmaster", "abuse"] {
discard;
stop;
}
# rule:[AutoTest]
if size :under 15K
{
if header :matches "Received" "${serverstring}" {
set "status" "Your message was received using encryption:";
set "msgrcvd" "${1}";
if string :matches "${msgrcvd}" "*ECDHE-RSA-AES128-GCM-SHA256*" {
set "enc" "Algorithm: AES 128-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Elliptical Curve Diffie-Hellman Ephemeral, P-384,384bits";
set "mode" "Cipher Mode: Galois/Counter Mode (GCM)";
set "hash" "Message Authentication Code: SHA256";
} elsif string :matches "${msgrcvd}" "*ECDHE-RSA-AES256-SHA384*" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Elliptical Curve Diffie-Hellman Ephemeral, P-384,384bits";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA384";
} elsif string :matches "${msgrcvd}" "*ECDHE-RSA-AES256-GCM-SHA384*" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Elliptical Curve Diffie-Hellman Ephemeral, P-384,384bits";
set "mode" "Cipher Mode: Galois/Counter Mode (GCM)";
set "hash" "Message Authentication Code: SHA384";
} elsif string :matches "${msgrcvd}" "* ECDHE-RSA-AES128-SHA *" {
set "enc" "Algorithm: AES 128-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Elliptical Curve Diffie-Hellman Ephemeral, P-384,384bits";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA1";
} elsif string :matches "${msgrcvd}" "*ECDHE-RSA-AES256-SHA *" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Elliptical Curve Diffie-Hellman Ephemeral, P-384,384bits";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA1";
} elsif string :matches "${msgrcvd}" "* DHE-RSA-AES128-SHA *" {
set "enc" "Algorithm: AES 128-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Diffie-Hellman Ephemeral, 2048 bits";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA1";
} elsif string :matches "${msgrcvd}" "* DHE-RSA-AES256-SHA *" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Diffie-Hellman Ephemeral, 2048 bits";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA1";
} elsif string :matches "${msgrcvd}" "* AES256-SHA *" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: None";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA1";
} elsif string :matches "${msgrcvd}" "* AES128-SHA *" {
set "enc" "Algorithm: AES 128-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: None";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA1";
} elsif string :matches "${msgrcvd}" "* AES256-SHA *" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: None";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA1";
} elsif string :matches "${msgrcvd}" "* AES128-GCM-SHA256 *" {
set "enc" "Algorithm: AES 128-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: None";
set "mode" "Cipher Mode: Galois/Counter Mode (GCM)";
set "hash" "Message Authentication Code: SHA1";
} elsif string :matches "${msgrcvd}" "* AES256-GCM-SHA256 *" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: None";
set "mode" "Cipher Mode: Galois/Counter Mode (GCM)";
set "hash" "Message Authentication Code: SHA256";
} elsif string :matches "${msgrcvd}" "* AES256-GCM-SHA384 *" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: None";
set "mode" "Cipher Mode: Galois/Counter Mode (GCM)";
set "hash" "Message Authentication Code: SHA384";
} elsif string :matches "${msgrcvd}" "* DHE-RSA-AES256-GCM-SHA384 *" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Diffie-Hellman Ephemeral, 2048 bits";
set "mode" "Cipher Mode: Galois/Counter Mode (GCM)";
set "hash" "Message Authentication Code: SHA384";
} elsif string :matches "${msgrcvd}" "* DHE-RSA-AES128-GCM-SHA256 *" {
set "enc" "Algorithm: AES 128-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Diffie-Hellman Ephemeral, 2048 bits";
set "mode" "Cipher Mode: Galois/Counter Mode (GCM)";
set "hash" "Message Authentication Code: SHA256";
} elsif string :matches "${msgrcvd}" "* DHE-RSA-AES256-SHA256 *" {
set "enc" "Algorithm: AES 256-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Diffie-Hellman Ephemeral, 2048 bits";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA256";
} elsif string :matches "${msgrcvd}" "* ECDHE-RSA-AES128-SHA256 *" {
set "enc" "Algorithm: AES 128-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Elliptical Curve Diffie-Hellman Ephemeral, P-384,384bits";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA256";
} elsif string :matches "${msgrcvd}" "* DHE-RSA-AES128-SHA256 *" {
set "enc" "Algorithm: AES 128-bit RSA";
set "key" "Public Key Size: ${certkey}";
set "pfs" "Perfect Forward Secrecy: Diffie-Hellman Ephemeral, 2048 bits";
set "mode" "Cipher Mode: Cipher Block Chaining (CBC)";
set "hash" "Message Authentication Code: SHA256";
}
} else {
set "status" "Your message DID NOT use encryption.";
}
vacation :seconds 300 :addresses "${myaddress}" :subject "${subject}" :from "${myaddress}"
"
${status}
${msgrcvd}
${enc}
${key}
${pfs}
${mode}
${hash}
";
}