Re: leaking timezone
On 24Mar2016 06:13, Bastian wrote: On 24Mar16 11:51 +1100, m...@raf.org wrote: [... when sending, mutt replaces the Date: header, if any, and adds others, and with good reason ...] Fair enough too. Convinced, Cameron Simpson
Re: leaking timezone
On 24Mar16 11:51 +1100, m...@raf.org wrote: > Cameron Simpson wrote: > > > On 23Mar2016 13:56, John Long wrote: > > >On Tue, Mar 22, 2016 at 08:40:21AM +1100, Cameron Simpson wrote: > > >>On the othe hand, I do not think mutt makes the header. I'm in > > >>compose mode right now with headers and the Date: header is not > > >>there. > > > > > >Aside from the Received: header that was already mentioned upthread, Mutt > > >can add headers when it sends meil that you don't see in compose mode. I > > >don't think it's a proof of anything that you don't see it. > > > > How irritating. Is it? Besides Date: mutt adds many more when actually sending. Think about mime, charset, msgid, ... > but it makes sense for the Date: header not to be present when composing the > email. it hasn't been sent yet. it might get postpone, or it might take a > lot of time to write, etc. it makes sense for it to be added when it is sent > and not before. perhaps if you put your own Date: header in while composing, > mutt would not replace it. In fact mutt replaces any Date: header. Play around with a simple sendmail= script [1] and you can see what mutt pipes towards the mta. 1: http://www.mutt.org/doc/manual/manual.html#toc6.3 Cheers, -- Bastian
Re: leaking timezone
Cameron Simpson wrote: > On 23Mar2016 13:56, John Long wrote: > >On Tue, Mar 22, 2016 at 08:40:21AM +1100, Cameron Simpson wrote: > >>On the othe hand, I do not think mutt makes the header. I'm in > >>compose mode right now with headers and the Date: header is not > >>there. > > > >Aside from the Received: header that was already mentioned upthread, Mutt > >can add headers when it sends meil that you don't see in compose mode. I > >don't think it's a proof of anything that you don't see it. > > How irritating. but it makes sense for the Date: header not to be present when composing the email. it hasn't been sent yet. it might get postpone, or it might take a lot of time to write, etc. it makes sense for it to be added when it is sent and not before. perhaps if you put your own Date: header in while composing, mutt would not replace it. cheers, raf
Re: leaking timezone
On 23Mar2016 13:56, John Long wrote: On Tue, Mar 22, 2016 at 08:40:21AM +1100, Cameron Simpson wrote: On the othe hand, I do not think mutt makes the header. I'm in compose mode right now with headers and the Date: header is not there. Aside from the Received: header that was already mentioned upthread, Mutt can add headers when it sends meil that you don't see in compose mode. I don't think it's a proof of anything that you don't see it. How irritating. Cheers, Cameron Simpson
Re: leaking timezone
On Mon, Mar 21, 2016 at 06:08:13AM -0400, Peter P. wrote: > I send mail with mutt and msmtp. Apparently the "Date:" header of the > sent mail shows my current timezone to the receiver, which I would like > to avoid. As others have hinted, this is a waste of your energy. Your time zone narrows down your location to an area that's (very) roughly about 15,000,000 square miles. By contrast, the e-mail system records each hop in received headers, which gives your IP address and reliably identifies the geographical region your mail originated from (usually your personal system, but at very least your mail gateway), quite possibly down to the neighborhood level. You have bigger fish to fry. Even if your mail gateway does not add a received header to indicate where you connected to it from, a motivated attacker can probably get that info easily enough, and an unmotivated attacker won't even look. So this gets you nothing, really. It only protects you from people who aren't really looking anyway. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience. pgpc5Bx5xs8m5.pgp Description: PGP signature
Re: leaking timezone
On Wed, Mar 23, 2016 at 11:52:12AM +0100, bastian-muttu...@t6l.de wrote: > On 22Mar16 08:40 +1100, Cameron Simpson wrote: > > >>TZ=UTC mutt > > >Thank you! A most elegant quick solution! > > > > On the othe hand, I do not think mutt makes the header. > > The input to my sendmail= script lists a date header. (1.5.24) > So, mutt does it I assume. If you're worried about leaking timezone you should either use Mixmaster and be aware the keys are either compromised to some extent and/or weak enough not to stop TLAs, or webmail over TOR. Regardless, you should set your computer time to UTC. If you want to be silly to some time zone that is not your local time zone. It's really not that hard to raid your email provider or your server if you're your own email provider. I don't think leaking the timezone is that big of a deal and if it is you probably shouldn't be using normal email. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: leaking timezone
On Tue, Mar 22, 2016 at 08:40:21AM +1100, Cameron Simpson wrote: > On the othe hand, I do not think mutt makes the header. I'm in > compose mode right now with headers and the Date: header is not > there. Aside from the Received: header that was already mentioned upthread, Mutt can add headers when it sends meil that you don't see in compose mode. I don't think it's a proof of anything that you don't see it. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: leaking timezone
On 22Mar16 08:40 +1100, Cameron Simpson wrote: > >>TZ=UTC mutt > >Thank you! A most elegant quick solution! > > On the othe hand, I do not think mutt makes the header. The input to my sendmail= script lists a date header. (1.5.24) So, mutt does it I assume. > I'm in compose mode right now with headers and the Date: header is not > there. Wild guess: Date: is added right before sending 'y' ? > This suggests that the mail system may be making yours also. So your > mutt "sendmail=" settings says what to use to dispatch email; if you > make that a tiny shell script which sets TZ and then runs sendmail (or > msmtp or whatever) then you can read email in your local timezone and > have the mail system generate a UTC > Date: header. Further idea: - Use the sendmail= script to modify the date header - Or configure/hack msmtp to rewrite/modify it Cheers, -- Bastian
Re: leaking timezone
On 21Mar2016 18:07, Peter P. wrote: * Артур Истомин [2016-03-21 16:59]: On Mon, Mar 21, 2016 at 06:08:13AM -0400, Peter P. wrote: > Hi list, > > please excuse me if this has been discusse before, but I have not found > a satisfactory explanation in the mailing list archives or on the web. > > I send mail with mutt and msmtp. Apparently the "Date:" header of the > sent mail shows my current timezone to the receiver, which I would like > to avoid. > > Is there a way to do this? You can specify the time zone by means of the TZ environment variable before running mutt. TZ=UTC mutt Thank you! A most elegant quick solution! cheers, P On the othe hand, I do not think mutt makes the header. I'm in compose mode right now with headers and the Date: header is not there. This suggests that the mail system may be making yours also. So your mutt "sendmail=" settings says what to use to dispatch email; if you make that a tiny shell script which sets TZ and then runs sendmail (or msmtp or whatever) then you can read email in your local timezone and have the mail system generate a UTC Date: header. Cheers, Cameron Simpson
Re: leaking timezone
> I don't think mutt puts the Date: header on outgong email. Mutt does, but if it didn't then the MTA would. Mutt uses the local time zone, so you can either set the machine time zone to UTC or (as mentioned) run it with TZ=UTC in the environment. However, as also was mentioned, the Received: headers that annotate your mail's progress through the internet are generally in their own respective timezones -- including your own msmtp's. So you're hiding something that people can infer pretty easily. To obfuscate this you would need to inject the mail at a server that uses a different timezone. For example, the OP's first message had these: Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by hardened.mx with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1ahx3Z-WN-Bw for mutt-users@mutt.org; Mon, 21 Mar 2016 10:27:31 + Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 1CEF320739 for ; Mon, 21 Mar 2016 06:09:31 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Mon, 21 Mar 2016 06:09:31 -0400 If he had bypassed his own systems and gone directly to fastmail, those -0400 zones wouldn't appear and we wouldn't know where he is so easily. Doing so would mean using mutt's built-in SMTP instead of an external agent. But if every MTA between mutt and fastmail is running under TZ=UTZ, that's another knowledge bypass. -- David Champion • d...@bikeshed.us
Re: leaking timezone
hy...@lactose.homelinux.net wrote: > I don't think mutt puts the Date: header on outgong email. It puts the Date: header in mail that it saves to the 'set record' mbox so it probably does.
Re: leaking timezone
* Артур Истомин [2016-03-21 16:59]: > On Mon, Mar 21, 2016 at 06:08:13AM -0400, Peter P. wrote: > > Hi list, > > > > please excuse me if this has been discusse before, but I have not found > > a satisfactory explanation in the mailing list archives or on the web. > > > > I send mail with mutt and msmtp. Apparently the "Date:" header of the > > sent mail shows my current timezone to the receiver, which I would like > > to avoid. > > > > Is there a way to do this? > > You can specify the time zone by means of the TZ environment variable before > running mutt. > > TZ=UTC mutt Thank you! A most elegant quick solution! cheers, P
Re: leaking timezone
On Mon, Mar 21, 2016 at 06:08:13AM -0400, Peter P. wrote: > Hi list, > > please excuse me if this has been discusse before, but I have not found > a satisfactory explanation in the mailing list archives or on the web. > > I send mail with mutt and msmtp. Apparently the "Date:" header of the > sent mail shows my current timezone to the receiver, which I would like > to avoid. > > Is there a way to do this? You can specify the time zone by means of the TZ environment variable before running mutt. TZ=UTC mutt
Re: leaking timezone
* Alarig Le Lay [2016-03-21 09:16]: > On Mon Mar 21 08:37:19 2016, hy...@lactose.homelinux.net wrote: [...] > Mutt puts the header. You can use a MUA located in Europe (so, at home) > and a mail server located in Asia. If this is the case, is there a known way to tell mutt to put an UTC header? Thanks! P
Re: leaking timezone
On Mon Mar 21 08:37:19 2016, hy...@lactose.homelinux.net wrote: > Alarig Le Lay writes: > > > >On Mon Mar 21 06:08:13 2016, Peter P. wrote: > >> > >> I send mail with mutt and msmtp. Apparently the "Date:" header of the > >> sent mail shows my current timezone to the receiver, which I would like > >> to avoid. > >> > >> Is there a way to do this? > > > >Hi, > > > >How the other side MUA could guess your timezone if you don't specify > >it? And then, how the MUA could sort the messages? I live in +1 zone and > >I don't want to see you reply before my mail in the thread. > > To resolve both questions, he could use UTC, which is a nice generic > time zone that (unlike GMT) people probably wouldn't make any assumptions > about. For example, my wife's employer's email system uses UTC for its > time stamps, and we are in EST/EDT (UTC-4/5). But again, I think that's > a client-side configuration on his computer and/or with msmtp. You can speak about it to IETF guys ;) > I don't think mutt puts the Date: header on outgong email. Mutt puts the header. You can use a MUA located in Europe (so, at home) and a mail server located in Asia. -- alarig signature.asc Description: Digital signature
Re: leaking timezone
Alarig Le Lay writes: > >On Mon Mar 21 06:08:13 2016, Peter P. wrote: >> >> I send mail with mutt and msmtp. Apparently the "Date:" header of the >> sent mail shows my current timezone to the receiver, which I would like >> to avoid. >> >> Is there a way to do this? > >Hi, > >How the other side MUA could guess your timezone if you don't specify >it? And then, how the MUA could sort the messages? I live in +1 zone and >I don't want to see you reply before my mail in the thread. To resolve both questions, he could use UTC, which is a nice generic time zone that (unlike GMT) people probably wouldn't make any assumptions about. For example, my wife's employer's email system uses UTC for its time stamps, and we are in EST/EDT (UTC-4/5). But again, I think that's a client-side configuration on his computer and/or with msmtp. I don't think mutt puts the Date: header on outgong email. --hymie!http://lactose.homelinux.net/~hymiehy...@lactose.homelinux.net
Re: leaking timezone
On Mon Mar 21 06:08:13 2016, Peter P. wrote: > Hi list, > > please excuse me if this has been discusse before, but I have not found > a satisfactory explanation in the mailing list archives or on the web. > > I send mail with mutt and msmtp. Apparently the "Date:" header of the > sent mail shows my current timezone to the receiver, which I would like > to avoid. > > Is there a way to do this? Hi, How the other side MUA could guess your timezone if you don’t specify it? And then, how the MUA could sort the messages? I live in +1 zone and I don’t want to see you reply before my mail in the thread. -- alarig signature.asc Description: Digital signature
Re: leaking timezone
I can't answer your question. But I just want to point out that even without the Date: header, I can look at the Recevied: headers and take a guess that you live in the Boston area. People knowing that time zone you live in is not recognized as a huge security exploit. That said, your problem is more likely in msmtp than in mutt. --hymie! http://lactose.homelinux.net/~hymiehy...@lactose.homelinux.net "Peter P." writes: >Hi list, > >please excuse me if this has been discusse before, but I have not found >a satisfactory explanation in the mailing list archives or on the web. > >I send mail with mutt and msmtp. Apparently the "Date:" header of the >sent mail shows my current timezone to the receiver, which I would like >to avoid. > >Is there a way to do this? > >Thanks! >P
leaking timezone
Hi list, please excuse me if this has been discusse before, but I have not found a satisfactory explanation in the mailing list archives or on the web. I send mail with mutt and msmtp. Apparently the "Date:" header of the sent mail shows my current timezone to the receiver, which I would like to avoid. Is there a way to do this? Thanks! P
