audit claws mail
Message-ID
Tails currently sets domain=localhost
in accountrc.tmpl
.
An account created from this template on Tails devel branch (Debian
Squeeze, Claws Mail 3.7.6-4) ends up with set_domain=0
and domain=
,
and the Message-ID
is generated using the hostname part of the
sender’s email address.
Tails 0.6 uses the same Claws Mail version (from Debian backports).
EHLO/HELO
Outgoing EHLO/HELO SMTP commands can also leak private information (see this or-talk thread about it.
According to our tests claws-mail always says EHLO localhost
, whatever
value the domain
is set to.
HTML / Javascript
Optional plugins (fancy, dillo, html2, etc.) can render HTML e-mail.
Without any of them, claws-mail does basic HTML formatting (e.g. links)
by default. The render_html
prefs item, when set to false, fully
disables HTML rendering.
Tails currently uses the following HTML-related settings:
render_html=0
invoke_plugin_on_html=0
promote_html_part=0
Resources
- torsocks homepage has some test results about Claws Mail
- blog post about using Claws Mail with torsocks
- the TorifyHOWTO currently only contains information copied from the torsocks homepage, but it’s still worth being watched for updates
Parent Task: #5769
Original created by @tails on 6119 (Redmine)