fix: always prefer the last header

link2xt · link2xt · commit b40d2d4dd50a · 2025-07-13T04:34:46.000Z
Headers are normally added at the top of the message,
e.g. when forwarding new `Received` headers are
added at the top.

When headers are protected with DKIM-Signature
and oversigning is not used,
forged headers may be added on top
so headers from the top are generally less trustworthy.

This is tested with `test_take_last_header`,
but so far last header was only preferred
for known headers. This change extends
preference of the last header to all headers.
diff --git a/src/mimeparser.rs b/src/mimeparser.rs
@@ -1568,20 +1568,16 @@ impl MimeMessage {
         for field in fields {
             // lowercasing all headers is technically not correct, but makes things work better
             let key = field.get_key().to_lowercase();
-            if !headers.contains_key(&key) || // key already exists, only overwrite known types (protected headers)
-                    is_known(&key) || key.starts_with("chat-")
-            {
-                if key == HeaderDef::ChatDispositionNotificationTo.get_headername() {
-                    match addrparse_header(field) {
-                        Ok(addrlist) => {
-                            *chat_disposition_notification_to = addrlist.extract_single_info();
-                        }
-                        Err(e) => warn!(context, "Could not read {} address: {}", key, e),
+            if key == HeaderDef::ChatDispositionNotificationTo.get_headername() {
+                match addrparse_header(field) {
+                    Ok(addrlist) => {
+                        *chat_disposition_notification_to = addrlist.extract_single_info();
                     }
-                } else {
-                    let value = field.get_value();
-                    headers.insert(key.to_string(), value);
+                    Err(e) => warn!(context, "Could not read {} address: {}", key, e),
                 }
+            } else {
+                let value = field.get_value();
+                headers.insert(key.to_string(), value);
             }
         }
         let recipients_new = get_recipients(fields);
