Skip to content

audit claws mail

Message-ID

Tails currently sets domain=localhost in accountrc.tmpl.

An account created from this template on Tails devel branch (Debian Squeeze, Claws Mail 3.7.6-4) ends up with set_domain=0 and domain=, and the Message-ID is generated using the hostname part of the sender’s email address.

Tails 0.6 uses the same Claws Mail version (from Debian backports).

EHLO/HELO

Outgoing EHLO/HELO SMTP commands can also leak private information (see this or-talk thread about it.

According to our tests claws-mail always says EHLO localhost, whatever value the domain is set to.

HTML / Javascript

Optional plugins (fancy, dillo, html2, etc.) can render HTML e-mail. Without any of them, claws-mail does basic HTML formatting (e.g. links) by default. The render_html prefs item, when set to false, fully disables HTML rendering.

Tails currently uses the following HTML-related settings:

render_html=0
invoke_plugin_on_html=0
promote_html_part=0

Resources

  • torsocks homepage has some test results about Claws Mail
  • blog post about using Claws Mail with torsocks
  • the TorifyHOWTO currently only contains information copied from the torsocks homepage, but it’s still worth being watched for updates

Parent Task: #5769

Original created by @tails on 6119 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information