Project

General

Profile

Feature #6119

Feature #5769: Applications audit

audit claws mail

Added by Tails almost 6 years ago. Updated almost 6 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Audit
Blueprint:
Starter:
Affected tool:

Description

Message-ID

Tails currently sets domain=localhost in accountrc.tmpl.

An account created from this template on Tails devel branch (Debian Squeeze, Claws Mail 3.7.6-4) ends up with set_domain=0 and domain=, and the Message-ID is generated using the hostname part of the sender's email address.

Tails 0.6 uses the same Claws Mail version (from Debian backports).

EHLO/HELO

Outgoing EHLO/HELO SMTP commands can also leak private information (see this or-talk thread about it).

According to our tests claws-mail always says EHLO localhost, whatever value the domain is set to.

HTML / Javascript

Optional plugins (fancy, dillo, html2, etc.) can render HTML e-mail. Without any of them, claws-mail does basic HTML formatting (e.g. links) by default. The render_html prefs item, when set to false, fully disables HTML rendering.

Tails currently uses the following HTML-related settings:

bc. render_html=0
invoke_plugin_on_html=0
promote_html_part=0

Resources

  • torsocks homepage has some test results about Claws Mail
  • blog post about using Claws Mail with torsocks
  • the TorifyHOWTO currently only contains information copied from the torsocks homepage, but it's still worth being watched for updates

History

#1 Updated by intrigeri almost 6 years ago

  • Type of work set to Audit

Type of work: Audit

#2 Updated by intrigeri almost 6 years ago

  • Subject changed from claws mail to audit claws mail
  • Status changed from Confirmed to Rejected
  • Parent task set to #5769

We're going to switch to Icedove instead: #5663.

Also available in: Atom PDF