Comments (2)
The plugin currently deliberately checks only the last hop of the email.
The reasoning behind this was that previous hops may not actually belong to us, but may belong to other organizations we don't know. For example, orgs such as GitHub and Google generate local Received headers in their outbound infrastructure. Also, even if a previous hop does belong to us, we have no idea if the hops that come after it are secured in the same way.
Hence I took the decision to solely base the plugin statement on the last hop and put a warning in the readme stating that previous hops may be insecure. There really is no way to know.
However, I understand that some setups generate multiple local Received headers as part of their forwarding/distribution/filtering process, which can be annoying because if these are local systems, you obviously aren't going to use TLS on them.
Possible options I can think of:
- If you have no use for the local Received headers of your filter, you could try turning them off. This is what I do for my final delivery - I've configured my storage server to not add a Received header, as it serves no real purpose (some RFC standard states you should always add them to allow tracing, but sometimes they're nothing but useless clutter).
- I might consider adding a feature that allows ignoring of the last
n
hops. For example, if you know that your setup always generatesn
internal hops, the plugin could check thel - n
Received header. This would mean adding new configuration option that allows configuring whatn
should be. If you have interest in this, PR's are always welcome.
from roundcube_tls_icon.
Thanks for reply. The configurable number of last N hops to skip would work for me (and I guess for most people with additional "local" mail processing.
Maybe there could be even regex configuration to specify which entries should be skipped - for e.g. skipping my own server(s) entries like:
by localhost (localhost.sk [127.0.0.1])
would be regex like '^\s+by localhost (\S+ [127.0.0.1])'
I would yet need to have a look if i could remove internal hops headers somehow that would be quick solution too.
from roundcube_tls_icon.
Related Issues (8)
- Support sendmail headers HOT 6
- ignore_hops cannot be set to a constant, when emails sometimes first run over a local mailing list manager HOT 3
- Explain the tooltips HOT 1
- 1.3.0 regression - list of messages not shown HOT 4
- Not working for all mails HOT 2
- Documentation wrong word HOT 4
- Conflicting config.inc.php files due to installer autocopy HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from roundcube_tls_icon.