Giter Club home page Giter Club logo

Comments (2)

GermanCoding avatar GermanCoding commented on August 15, 2024

The plugin currently deliberately checks only the last hop of the email.

The reasoning behind this was that previous hops may not actually belong to us, but may belong to other organizations we don't know. For example, orgs such as GitHub and Google generate local Received headers in their outbound infrastructure. Also, even if a previous hop does belong to us, we have no idea if the hops that come after it are secured in the same way.

Hence I took the decision to solely base the plugin statement on the last hop and put a warning in the readme stating that previous hops may be insecure. There really is no way to know.

However, I understand that some setups generate multiple local Received headers as part of their forwarding/distribution/filtering process, which can be annoying because if these are local systems, you obviously aren't going to use TLS on them.

Possible options I can think of:

  • If you have no use for the local Received headers of your filter, you could try turning them off. This is what I do for my final delivery - I've configured my storage server to not add a Received header, as it serves no real purpose (some RFC standard states you should always add them to allow tracing, but sometimes they're nothing but useless clutter).
  • I might consider adding a feature that allows ignoring of the last n hops. For example, if you know that your setup always generates n internal hops, the plugin could check the l - n Received header. This would mean adding new configuration option that allows configuring what n should be. If you have interest in this, PR's are always welcome.

from roundcube_tls_icon.

maniac0r avatar maniac0r commented on August 15, 2024

Thanks for reply. The configurable number of last N hops to skip would work for me (and I guess for most people with additional "local" mail processing.
Maybe there could be even regex configuration to specify which entries should be skipped - for e.g. skipping my own server(s) entries like:
by localhost (localhost.sk [127.0.0.1])
would be regex like '^\s+by localhost (\S+ [127.0.0.1])'

I would yet need to have a look if i could remove internal hops headers somehow that would be quick solution too.

from roundcube_tls_icon.

Related Issues (8)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.