Feature #6119

audit claws mail

Added by Tails 2013-07-18 07:51:14 . Updated 2013-07-19 06:15:14 .

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Audit
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Message-ID

Tails currently sets domain=localhost in accountrc.tmpl.

An account created from this template on Tails devel branch (Debian Squeeze, Claws Mail 3.7.6-4) ends up with set_domain=0 and domain=, and the Message-ID is generated using the hostname part of the sender’s email address.

Tails 0.6 uses the same Claws Mail version (from Debian backports).

EHLO/HELO

Outgoing EHLO/HELO SMTP commands can also leak private information (see this or-talk thread about it.

According to our tests claws-mail always says EHLO localhost, whatever value the domain is set to.

HTML / Javascript

Optional plugins (fancy, dillo, html2, etc.) can render HTML e-mail. Without any of them, claws-mail does basic HTML formatting (e.g. links) by default. The render_html prefs item, when set to false, fully disables HTML rendering.

Tails currently uses the following HTML-related settings:

render_html=0
invoke_plugin_on_html=0
promote_html_part=0

Resources

  • torsocks homepage has some test results about Claws Mail
  • blog post about using Claws Mail with torsocks
  • the TorifyHOWTO currently only contains information copied from the torsocks homepage, but it’s still worth being watched for updates

Subtasks

History

#1 Updated by intrigeri 2013-07-19 01:22:56

  • Type of work set to Audit

Type of work: Audit

#2 Updated by intrigeri 2013-07-19 06:15:15

  • Subject changed from claws mail to audit claws mail
  • Status changed from Confirmed to Rejected
  • Parent task set to Feature #5769

We’re going to switch to Icedove instead: Feature #5663.