diff --git a/app/dashboard/views/mailbox_detail.py b/app/dashboard/views/mailbox_detail.py index 161e2767..a2e85587 100644 --- a/app/dashboard/views/mailbox_detail.py +++ b/app/dashboard/views/mailbox_detail.py @@ -30,7 +30,7 @@ class ChangeEmailForm(FlaskForm): @dashboard_bp.route("/mailbox//", methods=["GET", "POST"]) @login_required def mailbox_detail_route(mailbox_id): - mailbox = Mailbox.get(mailbox_id) + mailbox: Mailbox = Mailbox.get(mailbox_id) if not mailbox or mailbox.user_id != current_user.id: flash("You cannot see this page", "warning") return redirect(url_for("dashboard.index")) @@ -144,6 +144,15 @@ def mailbox_detail_route(mailbox_id): url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id) ) + if mailbox.is_proton(): + flash( + "Enabling PGP for a Proton Mail mailbox is redundant and does not add any security benefit", + "info", + ) + return redirect( + url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id) + ) + mailbox.pgp_public_key = request.form.get("pgp") try: mailbox.pgp_finger_print = load_public_key_and_check( diff --git a/app/dns_utils.py b/app/dns_utils.py index 4e9d1efa..429d0aa2 100644 --- a/app/dns_utils.py +++ b/app/dns_utils.py @@ -34,7 +34,7 @@ def get_cname_record(hostname) -> Optional[str]: def get_mx_domains(hostname) -> [(int, str)]: - """return list of (priority, domain name). + """return list of (priority, domain name) sorted by priority (lowest priority first) domain name ends with a "." at the end. """ try: @@ -50,7 +50,7 @@ def get_mx_domains(hostname) -> [(int, str)]: ret.append((int(parts[0]), parts[1])) - return ret + return sorted(ret, key=lambda prio_domain: prio_domain[0]) _include_spf = "include:" diff --git a/app/models.py b/app/models.py index 9fdd071c..036733be 100644 --- a/app/models.py +++ b/app/models.py @@ -30,6 +30,8 @@ from sqlalchemy_utils import ArrowType from app import config from app import s3 from app.db import Session +from app.dns_utils import get_mx_domains + from app.errors import ( AliasInTrashError, DirectoryInTrashError, @@ -2569,6 +2571,27 @@ class Mailbox(Base, ModelMixin): + Alias.filter_by(mailbox_id=self.id).count() ) + def is_proton(self) -> bool: + if ( + self.email.endswith("@proton.me") + or self.email.endswith("@protonmail.com") + or self.email.endswith("@protonmail.ch") + or self.email.endswith("@pm.me") + ): + return True + + from app.email_utils import get_email_local_part + + mx_domains: [(int, str)] = get_mx_domains(get_email_local_part(self.email)) + # Proton is the first domain + if mx_domains and mx_domains[0][1] in ( + "mail.protonmail.ch.", + "mailsec.protonmail.ch.", + ): + return True + + return False + @classmethod def delete(cls, obj_id): mailbox: Mailbox = cls.get(obj_id) diff --git a/templates/dashboard/mailbox_detail.html b/templates/dashboard/mailbox_detail.html index e5104069..9c6687a7 100644 --- a/templates/dashboard/mailbox_detail.html +++ b/templates/dashboard/mailbox_detail.html @@ -71,98 +71,110 @@ - {% if mailbox.pgp_finger_print and not mailbox.disable_pgp and current_user.include_sender_in_reverse_alias %} + + {% if mailbox.is_proton() and not mailbox.pgp_enabled() %}
- Email headers like From, To, Subject aren't encrypted by PGP. - Currently, your reverse alias includes the sender address. - You can disable this on Settings. + As an email is always encrypted at rest in Proton Mail, having SimpleLogin also encrypt your email is redundant and does not add any security benefit. +
+ The PGP option on SimpleLogin is instead useful for when your mailbox provider isn't encrypted by default like Gmail, Outlook, etc.
{% endif %} -
-
-
-
- Pretty Good Privacy (PGP) - {% if mailbox.pgp_finger_print %} +
+ {% if mailbox.pgp_finger_print and not mailbox.disable_pgp and current_user.include_sender_in_reverse_alias and not mailbox.is_proton() %} -
- {{ csrf_form.csrf_token }} - - -
- {% endif %} -
-
- By importing your PGP Public Key into SimpleLogin, all emails sent to {{ mailbox.email }} are - encrypted with your key. -
- {% if PGP_SIGNER %}All forwarded emails will be signed with {{ PGP_SIGNER }}.{% endif %} -
+
+ Email headers like From, To, Subject aren't encrypted by PGP. + Currently, your reverse alias includes the sender address. + You can disable this on Settings.
- {% if not current_user.is_premium() %} - - - {% endif %} -
- {{ csrf_form.csrf_token }} -
- - -
- - - {% if mailbox.pgp_finger_print %} - - - {% endif %} -
-
-
-
-
- {{ csrf_form.csrf_token }} - + {% endif %} +
- Hide email subject when PGP is enabled +
+ Pretty Good Privacy (PGP) + {% if mailbox.pgp_finger_print %} + + + {{ csrf_form.csrf_token }} + + + + {% endif %} +
- When PGP is enabled, you can choose to use a generic subject for the forwarded emails. - The original subject is then added into the email body. + By importing your PGP Public Key into SimpleLogin, all emails sent to {{ mailbox.email }} are + encrypted with your key.
- As PGP does not encrypt the email subject and the email subject might contain sensitive information, - this option will allow a further protection of your email content. + {% if PGP_SIGNER %}All forwarded emails will be signed with {{ PGP_SIGNER }}.{% endif %}
-
- As the email is encrypted, a subject like "Email for you" - will probably be rejected by your mailbox since it sounds like a spam. -
- Something like "Encrypted Email" would work much better :). -
-
- - + {% if not current_user.is_premium() %} + + + {% endif %} +
+ {{ csrf_form.csrf_token }} +
+ +
- - {% if mailbox.generic_subject %} + {% if mailbox.pgp_finger_print %} {% endif %} -
- + +
+
+
+
+ {{ csrf_form.csrf_token }} + +
+
+ Hide email subject when PGP is enabled +
+ When PGP is enabled, you can choose to use a generic subject for the forwarded emails. + The original subject is then added into the email body. +
+ As PGP does not encrypt the email subject and the email subject might contain sensitive information, + this option will allow a further protection of your email content. +
+
+
+ As the email is encrypted, a subject like "Email for you" + will probably be rejected by your mailbox since it sounds like a spam. +
+ Something like "Encrypted Email" would work much better :). +
+
+ + +
+ + {% if mailbox.generic_subject %} + + + {% endif %} +
+
+

Advanced Options