Sending attachments to Outlook
Hi, this isn't a strictly mutt related question as it can be reproduced on every Linux email client sending attachments to new versions Outlook (from 2007+). When we send emails with attachmets to Outlook, the receiver sees the attachment as winmail.dat instead of what we've sent. Is there a way to solve this issue from the sender part? or does the receiver have to set something on their client?. Regards, -- Leonardo M. Ramé http://leonardorame.blogspot.com
Re: Sending attachments to Outlook
On Mon, Apr 08, 2013 at 10:49:53AM -0300, Leonardo M. Ramé wrote: Hi, this isn't a strictly mutt related question as it can be reproduced on every Linux email client sending attachments to new versions Outlook (from 2007+). When we send emails with attachmets to Outlook, the receiver sees the attachment as winmail.dat instead of what we've sent. If you mean that you attach the file and send it from Outlook, and then the Linux recipient views the message and sees a winmail.dat file, then that is a very well known problem with Outlook. Here's Microsoft's support page explaining how to fix Outlook: http://support.microsoft.com/kb/278061 If you instead mean that mail sent by Linux users show up with winmail.dat when viewed in Outlook, then that is bizarre. If this is happening, then all I can think is that there must be something on the Windows receiving end that is manipulating the messages and adding the winmail.dat; perhaps a filter or relay in an Exchange server. -Dave Dodge/dodo...@dododge.net
Re: Sending attachments to Outlook
Dave Dodge wrote: On Mon, Apr 08, 2013 at 10:49:53AM -0300, Leonardo M. Ramé wrote: Hi, this isn't a strictly mutt related question as it can be reproduced on every Linux email client sending attachments to new versions Outlook (from 2007+). When we send emails with attachmets to Outlook, the receiver sees the attachment as winmail.dat instead of what we've sent. If you mean that you attach the file and send it from Outlook, and then the Linux recipient views the message and sees a winmail.dat file, then that is a very well known problem with Outlook. Here's Microsoft's support page explaining how to fix Outlook: http://support.microsoft.com/kb/278061 also, if you are unable to get all outlook-using senders to change their outlook configuration (quite possible), then there are programs that can filter mail messages that contain winmail.dat attachments and convert them into normal messages with normal attachments. one such program is available at http://raf.org/textmail/ but there are probably better ones out there. textmail could be used in a procmail recipe like the one below to just translate winmail.dat attachments and nothing else: :0 fw ! textmail -WEHRPLIAVXBS If you instead mean that mail sent by Linux users show up with winmail.dat when viewed in Outlook, then that is bizarre. If this is happening, then all I can think is that there must be something on the Windows receiving end that is manipulating the messages and adding the winmail.dat; perhaps a filter or relay in an Exchange server. agreed. it's only outlook that creates winmail.dat attachments. even if something else is doing it, you'd think that outlook would be able to interpret the contents of a winmail.dat attachment and display them properly. -Dave Dodge/dodo...@dododge.net cheers, raf
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Florian Lohoff wrote: I my wet dreams i' encrypting every single message. But mutt is not very helpful in this. Yes - it can encrypt but i'd like mutt to decide automatically when it's capable of encrypting the mail (remember multiple To:, Cc:, Bcc). It would be okay to encrypt a mail if i have a key for all recipients. I've just sent a (6 part) patch to mutt-dev that implements this. If you're up for it, I'd appreciate people trying it out and providing feedback. http://marc.info/?l=mutt-devm=136340705622283w=2 -Kevin signature.asc Description: Digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
On Wed, Mar 06, 2013 at 09:37:46AM -0600, Dale Raby wrote: I sign most of my messages, even though I only know a few people who actively use GnuPG/PGP. As I see it, this is one way of promoting encryption. I.e.: What is that block of gibberish you have at the end of your emails? That, my friend is my public key. If you have the right software you can verify that I sent you that message, and we can even send encrypted emails that nobody else can read but us. Really?! Tell me more! Is it true that if you want to correspond with people on windoze who use outhouse then it becomes tricky? -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Incoming from Chris Bannister: Is it true that if you want to correspond with people on windoze who use outhouse then it becomes tricky? I. Don't. Care. [about them]. However, it might present a good opportunity to mention Firefox (or Opera) and Cygwin. Yes, I am (seriously!) biased. Rediculously so (at times). Fneh. -- Any technology distinguishable from magic is insufficiently advanced. (*) :(){ :|: };: - - signature.asc Description: Digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Hi, On Thu, Feb 28, 2013 at 01:24:44PM -0600, Will Fiveash wrote: I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign e-mail with a private key where its public key isn't found on a standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. The point is - if you have no policy what to sign anyone could make up a message of yours and claim it wasnt signed. I can claim i have not sent a single unsigned message since '98 or something, be it private or work. Signing a mail might be a good hint for HAM detection but thats going to far. - If one is concerned enough about allowing others to verify the integrity of a message shouldn't this concern also extend to attachments which are a classic attack vector? I my wet dreams i' encrypting every single message. But mutt is not very helpful in this. Yes - it can encrypt but i'd like mutt to decide automatically when it's capable of encrypting the mail (remember multiple To:, Cc:, Bcc). It would be okay to encrypt a mail if i have a key for all recipients. If not a nice way would be if mutt splits the mail into an encrypted one for all recipients i have a key for, and an unencrypted one for all i have no key. In times where all countrys try to get hold of your communication data it is best to try to encrypt all your communication - be it in transit or stored. Its all there: Encrypted filesystems be it truecrypt or dm-crypt, in transit e.h. ssh, smtp with STARTTLS, imaps and gnupg for your mails. Signing a mail is a sign of - i'd like to get all mails encrypted - this is the key i am using. Flo -- Florian Lohoff f...@zz.de signature.asc Description: Digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Incoming from Florian Lohoff: On Thu, Feb 28, 2013 at 01:24:44PM -0600, Will Fiveash wrote: I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign The bloat that a signed message carries is hardly bloat nowadays. HTML mail is bloat; a text version followed by an HTML version, likely followed with a legalese disclaimer .sig demanding you delete it if it's not intended for you, plus multiple jpeg thumbnail attachments ... Now that's bloat! email should be text, full stop. We used to think emacs was bloated, and compared to vi then, it was. Now, we have Tb sized drives and GHz processors in pocket sized supercomputers. Welcome to the 21st Century. Signing an email with PGP/gnupg doesn't begin to reach the level of bloat with what we have to work with now. -- Any technology distinguishable from magic is insufficiently advanced. (*) :(){ :|: };: - - signature.asc Description: Digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
I sign most of my messages, even though I only know a few people who actively use GnuPG/PGP. As I see it, this is one way of promoting encryption. I.e.: What is that block of gibberish you have at the end of your emails? That, my friend is my public key. If you have the right software you can verify that I sent you that message, and we can even send encrypted emails that nobody else can read but us. Really?! Tell me more! As things are now, all kinds of personal info is sent in the clear as if it can't be read... its like writing a love letter on the back of an old style post card, and most people are oblivious to this fact. I once advised an attorney I was acquainted with to start using encryption. His response was; Don't encrypt anything, have nothing to hide in the first place. He is now serving what will probably be a life sentence for conspiring to blow up his wife's car with her in it. He says he is innocent, and the circumstances of his trial are sketchy at best. Key evidence at his trial? You guessed it, unencrypted emails. All person-to-person email should be encrypted. Even if you think you have no secrets, you might be surprised what can be garnered from a month or two of intercepted emails. Hushmail type accounts are no substitute since they are not really secure. Even more fun... and more secure, is using steganography (i.e.:Steghide/SteGUI) to embed a PGP encrypted message into a picture of Aunt Sue at the beach. (Paranoia can be fun!) I see no problem in signing list posts. For those who want to verify them, its easy to set up, those who don't can ignore them just as easily. Its not like you are printing them out and reading them from paper, after all. Dale On 03/06/2013 02:46 AM, Florian Lohoff wrote: Signing a mail is a sign of - i'd like to get all mails encrypted - this is the key i am using. Flo signature.asc Description: OpenPGP digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
* Dale Raby daler...@gmail.com [03-06-13 10:39]: [...] I see no problem in signing list posts. For those who want to verify them, its easy to set up, those who don't can ignore them just as easily. Its not like you are printing them out and reading them from paper, after all. Which is the same argument html posters use! And those who find it necessary to also pm the list-mail poster[s]. -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.orgPhoto Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535@ http://linuxcounter.net
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Incoming from Dale Raby: encryption. I.e.: What is that block of gibberish you have at the end of your emails? That, my friend is my public key. If you have the right software you can verify that I sent you that message, and we can even send encrypted emails that nobody else can read but us. Really?! Tell me more! I've had the same conversation with others in the past. His response was; Don't encrypt anything, have nothing to hide in the first place. He is now serving what will probably be a life sentence for conspiring to blow up his wife's car with her in it. He says he is innocent, and the circumstances of his trial are sketchy at best. Key evidence at his trial? You guessed it, unencrypted emails. The trouble is, we've all already got lots of stuff out there which wasn't cryptoed, and once it's out there, it'll never disappear. If the above is true, then we're all always just tetering on the edge of oblivion. BTW, if he didn't rig his wife's car with a bomb, who did? -- Any technology distinguishable from magic is insufficiently advanced. (*) :(){ :|: };: - - signature.asc Description: Digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
On Wed, Mar 06, 2013 at 09:37:46AM -0600, Dale Raby wrote: I sign most of my messages, even though I only know a few people who actively use GnuPG/PGP. As I see it, this is one way of promoting encryption. I.e.: What is that block of gibberish you have at the end of your emails? That, my friend is my public key. If you have the right software you can verify that I sent you that message, and we can even send encrypted emails that nobody else can read but us. Really?! Tell me more! .snip Your dreaming. In my experience 99.9% of the replies are why would I want to? or the classic stomach turning I have nothing to hide. -- Bob Holtzman If you think you're getting free lunch, check the price of the beer. Key ID: 8D549279 signature.asc Description: Digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
On Wed, Mar 06, 2013 at 03:22:47PM -0700, Robert Holtzman wrote: On Wed, Mar 06, 2013 at 09:37:46AM -0600, Dale Raby wrote: I sign most of my messages, even though I only know a few people who actively use GnuPG/PGP. As I see it, this is one way of promoting encryption. I.e.: What is that block of gibberish you have at the end of your emails? That, my friend is my public key. If you have the right software you can verify that I sent you that message, and we can even send encrypted emails that nobody else can read but us. Really?! Tell me more! .snip Your dreaming. In my experience 99.9% of the replies are why would I want to? or the classic stomach turning I have nothing to hide. Or the fact it's a pain in the ass to setup, much less work at all with gmail. For many it's a classic cost vs benefit trade off. Beyond this, I've been active in the Kerberos community for a long time and the majority of krbdev mail list participants do not sign or encrypt e-mail unless it is important, like a new release announcement or having a discussion about a security bug which is expected to be encrypted. As a side note, I wonder if a pgp/gpg signature as proof of authorship has ever been tested in court? My guess is no. -- Will Fiveash
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Incoming from Robert Holtzman: Your dreaming. In my experience 99.9% of the replies are why would I want to? That's when you get a chance to explain it. Wouldn't it be neat if you could order weed from your dealer via email? :-O As opposed to over the phone with ATT forwarding all your info to the feds ... -- Any technology distinguishable from magic is insufficiently advanced. (*) :(){ :|: };: - - signature.asc Description: Digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Incoming from Will Fiveash: As a side note, I wonder if a pgp/gpg signature as proof of authorship has ever been tested in court? My guess is no. The legal community considers fax to be cutting edge reliable tech. -- Any technology distinguishable from magic is insufficiently advanced. (*) :(){ :|: };: - - signature.asc Description: Digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
On Wed, Mar 06, 2013 at 04:35:07PM -0700, s. keeling wrote: Incoming from Robert Holtzman: Your dreaming. In my experience 99.9% of the replies are why would I want to? That's when you get a chance to explain it. Wouldn't it be neat if you could order weed from your dealer via email? I live in socal, I can do that without pgp :P -Jeremy pgp6XJj0gjOZv.pgp Description: PGP signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
On Thursday, 28 February, 2013 at 19:24:44 GMT, Will Fiveash wrote: - Why sign most messages? I'd rather everyone/everything use PGP. I sign personal messages, even though I know the recipient doesn't use PGP, to at least spread awareness of what it is and that on the off-chance that the recipient does use PGP, we can communicate privately in future correspondence. I guess it's just habit that I don't sign messages to mailing lists. -- .
Re: Sending attachments without crypt_autosign
* Stefan Wimmer swim...@xs4all.nl, 2013-03-01 13:31:26 Fri: * Will Fiveash will.five...@oracle.com [2013-03-01 00:14]: On Thu, Feb 28, 2013 at 05:03:23PM -0600, Will Fiveash wrote: On Thu, Feb 28, 2013 at 03:35:44PM -0500, David Haguenauer wrote: I patched my copy of mutt so that it will let me delete attachments Thanks for the idea. I've attached a patch Thank you very much David (for the initial idea) Will (for creating that patch)! It works perfectly B-) Wow, I sure am happy, and surprised, to find out that I'm not the only one to find it useful to knowingly break e-mail signatures. By the way, my simplistic version of the patch (attached) was slightly different. I didn't try the new patch, and it's not as if anyone is trying to get it merged into the official code base, but there is a chance it will allow the user to try deleting attachments from encrypted (rather than just signed) messages, which is likely to fail. Regarding the discussion that diverged from this thread, a topical xkcd strip, posted yesterday: PGP http://xkcd.com/1181/ -- David Haguenauer --- orig.recvattach.c Tue Nov 28 16:27:34 2006 +++ recvattach.c Tue Nov 28 16:56:00 2006 @@ -1087,7 +1087,7 @@ } #endif -if (WithCrypto hdr-security ~PGP_TRADITIONAL_CHECKED) +if (WithCrypto (hdr-security ENCRYPT)) { mutt_message _( Deletion of attachments from encrypted messages is unsupported.); pgpmkLsqIGZ8O.pgp Description: Digital signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
On Fri, Mar 01, 2013 at 06:34:03PM -0800, Kevin J. McCarthy wrote: Will Fiveash wrote: The why is that you are adding needless bloat to most messages you send. One person's needless bloat is another's digital signature, I guess. Yep, just like one salesperson's HTML format e-mail with a 150K GIF of the company logo attached sent to an internal mail lists is a reasonable use of bandwidth and storage resources. To be honest, the other day I saw an e-mail to an internal mail list that consisted of two sentences yet the thing was 266K. This was a result of an attached logo image and HTML formatted text. Not what I'd call good S/N ratio. I suppose this has me feeling grumpy about the subject. Take for example the message you sent that I'm responding to. Does anyone care that it actually came from you and wasn't tampered with? I doubt it. Mark cares. I care too. Perhaps you'll consider that your opinion on the appropriate use of signatures is just that. Uhm, I never said I made the rules (whoever I am). 8^) -- Will Fiveash
Re: Sending attachments without crypt_autosign
* Will Fiveash will.five...@oracle.com [2013-03-01 00:14]: On Thu, Feb 28, 2013 at 05:03:23PM -0600, Will Fiveash wrote: On Thu, Feb 28, 2013 at 03:35:44PM -0500, David Haguenauer wrote: * Stefan Wimmer swim...@xs4all.nl, 2013-02-28 12:55:39 Thu: I recently started to sign all my mails and it took me little time to find out that you can't delete attachments in signed/encrypted mails ... ;-) I patched my copy of mutt so that it will let me delete attachments from encrypted messages (breaking the signature along the way). I can try to find said patch if there is some interest (it's a one-liner). Thanks for the idea. I've attached a patch that provides a allow_signed_attach_delete boolean option which if set will allow one to delete attachments from a signed message. See the patch for the details. I tweaked the description of the option a bit and have attached the modified patch. Thank you very much David (for the initial idea) Will (for creating that patch)! It works perfectly B-) Kindly yours Stefan pgpVXMv9gTC3_.pgp Description: PGP signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 01:24:44PM -0600, Will Fiveash wrote: On Thu, Feb 28, 2013 at 12:55:39PM +0100, Stefan Wimmer wrote: Hi all, I recently started to sign all my mails and it took me little time to find out that you can't delete attachments in signed/encrypted mails ... ;-) Now I want to automate the way I use crypt_autosign that mutt checks first if there is an attachment and only signs the mail if that's not the case. I was thinking along the lines of I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign e-mail with a private key where its public key isn't found on a standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. I sign all my messages so that I can say, I sign all my messages. Don't believe anything claiming to be from me, if it is unsigned. Sure, I could violate my own policy at any time, but...why? Why put my name on a message that I've repudiated in advance? I look forward with pleasant anticipation but not much hope, to the day when I can set maildrop to discard all unsigned mail before I see it. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu There's an app for that: your browser pgpBHei5LAxOF.pgp Description: PGP signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Will Fiveash wrote: The why is that you are adding needless bloat to most messages you send. One person's needless bloat is another's digital signature, I guess. Take for example the message you sent that I'm responding to. Does anyone care that it actually came from you and wasn't tampered with? I doubt it. Mark cares. I care too. Perhaps you'll consider that your opinion on the appropriate use of signatures is just that. -Kevin signature.asc Description: Digital signature
Sending attachments without crypt_autosign
Hi all, I recently started to sign all my mails and it took me little time to find out that you can't delete attachments in signed/encrypted mails ... ;-) Now I want to automate the way I use crypt_autosign that mutt checks first if there is an attachment and only signs the mail if that's not the case. I was thinking along the lines of send-hook '!~X 1-' 'set crypt_autosign=yes' but that doesn't work as intended :-/ I'm sure that's an error on my side and therefore ask you guys to help me thinking in the right lines ... ;-) Many thanks in advance! Stefan B-) pgpJl3uqYmuRE.pgp Description: PGP signature
Why sign every message? (was Re: Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 12:55:39PM +0100, Stefan Wimmer wrote: Hi all, I recently started to sign all my mails and it took me little time to find out that you can't delete attachments in signed/encrypted mails ... ;-) Now I want to automate the way I use crypt_autosign that mutt checks first if there is an attachment and only signs the mail if that's not the case. I was thinking along the lines of I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign e-mail with a private key where its public key isn't found on a standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. - If one is concerned enough about allowing others to verify the integrity of a message shouldn't this concern also extend to attachments which are a classic attack vector? -- Will Fiveash
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
* Will Fiveash will.five...@oracle.com [02-28-13 14:25]: [...] I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign e-mail with a private key where its public key isn't found on a standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. - If one is concerned enough about allowing others to verify the integrity of a message shouldn't this concern also extend to attachments which are a classic attack vector? I believe it is *mostly* for show. I can so I will, see me. Your questions/statement are spot on. And some may not know how to sign one message and not another -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.orgPhoto Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535@ http://linuxcounter.net
Re: Why sign every message? (was Sending attachments without crypt_autosign
* Patrick Shanahan ptilopt...@gmail.com [2013-02-28 20:38]: * Will Fiveash will.five...@oracle.com [02-28-13 14:25]: [...] I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign e-mail with a private key where its public key isn't found on a standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. - If one is concerned enough about allowing others to verify the integrity of a message shouldn't this concern also extend to attachments which are a classic attack vector? I believe it is *mostly* for show. I can so I will, see me. Your questions/statement are spot on. And some may not know how to sign one message and not another OK OK - I got it ... Thank you very much for being *that* helpful. Will: you have a very valid point with your second statement ... I didn't look at it that way but was only concerned about space. Regarding your first point I'm afraid I don't understand. I immediately went to pgp.mit.edu and looked my key up: http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x2F1C8EE8DC35B4E3 But hey I'm sure I simply miss the technical understanding knowledge about encryption and am just not clever enough to *really* understand what it's all about and just want to show off as Patrick assumed ;-) Let's leave it with that and forget the small technical question I asked ... Kindly yours Stefan
Re: Sending attachments without crypt_autosign
* Stefan Wimmer swim...@xs4all.nl, 2013-02-28 12:55:39 Thu: I recently started to sign all my mails and it took me little time to find out that you can't delete attachments in signed/encrypted mails ... ;-) I patched my copy of mutt so that it will let me delete attachments from encrypted messages (breaking the signature along the way). I can try to find said patch if there is some interest (it's a one-liner). -- David Haguenauer pgptU6VAS7xj2.pgp Description: Digital signature
Re: Why sign every message? (was Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 09:30:47PM +0100, Stefan Wimmer wrote: * Patrick Shanahan ptilopt...@gmail.com [2013-02-28 20:38]: * Will Fiveash will.five...@oracle.com [02-28-13 14:25]: [...] I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign e-mail with a private key where its public key isn't found on a standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. - If one is concerned enough about allowing others to verify the integrity of a message shouldn't this concern also extend to attachments which are a classic attack vector? [...] Will: you have a very valid point with your second statement ... I didn't look at it that way but was only concerned about space. Regarding your first point I'm afraid I don't understand. I immediately went to pgp.mit.edu and looked my key up: I wasn't referring to you specifically as I see you did publish your pubkey properly. Instead, I was referring to others (like s.keeling) that sign everything yet I can not retrieve their pubkey. -- Will Fiveash
Re: Why sign every message? (was Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 02:43:36PM -0600, Will Fiveash wrote: I wasn't referring to you specifically as I see you did publish your pubkey properly. Instead, I was referring to others (like s.keeling) that sign everything yet I can not retrieve their pubkey. I'm actually working with him on that right now. I think he has multiple keys and is signing with the wrong one. -Jeremy pgpWdHfUZHsPa.pgp Description: PGP signature
Re: Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 03:35:44PM -0500, David Haguenauer wrote: * Stefan Wimmer swim...@xs4all.nl, 2013-02-28 12:55:39 Thu: I recently started to sign all my mails and it took me little time to find out that you can't delete attachments in signed/encrypted mails ... ;-) I patched my copy of mutt so that it will let me delete attachments from encrypted messages (breaking the signature along the way). I can try to find said patch if there is some interest (it's a one-liner). Thanks for the idea. I've attached a patch that provides a allow_signed_attach_delete boolean option which if set will allow one to delete attachments from a signed message. See the patch for the details. -- Will Fiveash # HG changeset patch # User Will Fiveash will.five...@oracle.com # Date 1362092439 21600 # Branch HEAD # Node ID 1dd89609c1b16c9f3656ff7117fcb5719f5b6dec # Parent 8c4b813160a898dc2014eaa85a49a4e0d3e30472 support new option to allow deletion of attachments in signed messages diff --git a/init.h b/init.h --- a/init.h +++ b/init.h @@ -149,6 +149,12 @@ ** and give it the same color as your attachment color (see also ** $$crypt_timestamp). */ + { allow_signed_attach_delete, DT_BOOL, R_NONE, OPTALLOWSIGNATTCHDEL, 0 }, + /* + ** .pp + ** Controls whether attachments in signed e-mails can be deleted. It is false + ** by default. + */ { arrow_cursor,DT_BOOL, R_BOTH, OPTARROWCURSOR, 0 }, /* ** .pp diff --git a/mutt.h b/mutt.h --- a/mutt.h +++ b/mutt.h @@ -314,6 +314,7 @@ { OPTALLOW8BIT, OPTALLOWANSI, + OPTALLOWSIGNATTCHDEL, OPTARROWCURSOR, OPTASCIICHARS, OPTASKBCC, diff --git a/recvattach.c b/recvattach.c --- a/recvattach.c +++ b/recvattach.c @@ -1119,7 +1119,8 @@ } #endif -if (WithCrypto hdr-security ~PGP_TRADITIONAL_CHECKED) +if (!option(OPTALLOWSIGNATTCHDEL) WithCrypto + (hdr-security ~PGP_TRADITIONAL_CHECKED)) { mutt_message _( Deletion of attachments from encrypted messages is unsupported.); pgpT6lfdVMXa_.pgp Description: PGP signature
Re: Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 05:03:23PM -0600, Will Fiveash wrote: On Thu, Feb 28, 2013 at 03:35:44PM -0500, David Haguenauer wrote: * Stefan Wimmer swim...@xs4all.nl, 2013-02-28 12:55:39 Thu: I recently started to sign all my mails and it took me little time to find out that you can't delete attachments in signed/encrypted mails ... ;-) I patched my copy of mutt so that it will let me delete attachments from encrypted messages (breaking the signature along the way). I can try to find said patch if there is some interest (it's a one-liner). Thanks for the idea. I've attached a patch that provides a allow_signed_attach_delete boolean option which if set will allow one to delete attachments from a signed message. See the patch for the details. I tweaked the description of the option a bit and have attached the modified patch. -- Will Fiveash # HG changeset patch # User Will Fiveash will.five...@oracle.com # Date 1362093073 21600 # Branch HEAD # Node ID bd8e669e66a0add24813e41f7836fd80c85dbc03 # Parent 8c4b813160a898dc2014eaa85a49a4e0d3e30472 support new option to allow deletion of attachments in signed messages diff --git a/init.h b/init.h --- a/init.h +++ b/init.h @@ -149,6 +149,12 @@ ** and give it the same color as your attachment color (see also ** $$crypt_timestamp). */ + { allow_signed_attach_delete, DT_BOOL, R_NONE, OPTALLOWSIGNATTCHDEL, 0 }, + /* + ** .pp + ** Controls whether attachments in signed e-mails can be deleted. Note, deleting attachments + ** will cause the signature verification of the affected message to fail. + */ { arrow_cursor,DT_BOOL, R_BOTH, OPTARROWCURSOR, 0 }, /* ** .pp diff --git a/mutt.h b/mutt.h --- a/mutt.h +++ b/mutt.h @@ -314,6 +314,7 @@ { OPTALLOW8BIT, OPTALLOWANSI, + OPTALLOWSIGNATTCHDEL, OPTARROWCURSOR, OPTASCIICHARS, OPTASKBCC, diff --git a/recvattach.c b/recvattach.c --- a/recvattach.c +++ b/recvattach.c @@ -1119,7 +1119,8 @@ } #endif -if (WithCrypto hdr-security ~PGP_TRADITIONAL_CHECKED) +if (!option(OPTALLOWSIGNATTCHDEL) WithCrypto + (hdr-security ~PGP_TRADITIONAL_CHECKED)) { mutt_message _( Deletion of attachments from encrypted messages is unsupported.); pgpFYO984WZ2s.pgp Description: PGP signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Incoming from Will Fiveash: On Thu, Feb 28, 2013 at 12:55:39PM +0100, Stefan Wimmer wrote: I recently started to sign all my mails and it took me little time to find out that you can't delete attachments in signed/encrypted mails ... ;-) Now I want to automate the way I use crypt_autosign that mutt checks first if there is an attachment and only signs the mail if that's not the case. I was thinking along the lines of I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign e-mail with a private key where its public key isn't found on a standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. Until recently, I thought the same. My $0.02; it's a political statement, it's me reacting to what appears to me to be rampant fascism. I rejoiced when Spain buried Franco, yet it appears many countries have chosen Oligopoly/Plutocracy/Fascism behind our backs. This's just me saying no. :-P - If one is concerned enough about allowing others to verify the integrity of a message shouldn't this concern also extend to attachments which are a classic attack vector? See the mutt manual for auto_view. -- Any technology distinguishable from magic is insufficiently advanced. (*) :(){ :|: };: - - signature.asc Description: Digital signature
Re: Why sign every message? (was Sending attachments without crypt_autosign
Incoming from Will Fiveash: I wasn't referring to you specifically as I see you did publish your pubkey properly. Instead, I was referring to others (like s.keeling) that sign everything yet I can not retrieve their pubkey. ... which is very annoying to me too. === (0) infidel /home/keeling_ gpg --list-secret-keys /home/keeling/.gnupg/secring.gpg sec 1024D/AC94E4B7 2003-12-21 uid s. keeling (21Dec2003) keel...@spots.ab.ca ssb 1024g/534197F0 2003-12-21 ssb 2048R/A0F68CAF 2008-02-01 === http://pgp.mit.edu:11371/pks/lookup?search=keelingop=index I've no idea what I did wrong or how to fix it (workin' on it), but I must have missed something. -- Any technology distinguishable from magic is insufficiently advanced. (*) :(){ :|: };: - - signature.asc Description: Digital signature
Mutt question: sending attachments from command line
I am attempting to send an html page as an attachment with following Mutt command: mutt -n -F /dev/null [EMAIL PROTECTED] /test/test.html The message is sent, however the page attachment is within the messaage body and only appearing as plain text. I ~~think~ this is because the message is not being send as MIME? I have read through the Mutt Documentation (newbie here), and cannot get the right configuration in Muttrc to send the message as attachment instead of inline. Any help would be appreciated :)
Re: Mutt question: sending attachments from command line
On Sun, Sep 29, 2002 at 08:53:24AM -0700, Paul Seniuk wrote: I am attempting to send an html page as an attachment with following Mutt command: mutt -n -F /dev/null [EMAIL PROTECTED] /test/test.html The message is sent, however the page attachment is within the messaage body and only appearing as plain text. I ~~think~ this is because the message is not being send as MIME? I have read through the Mutt Documentation (newbie here), and cannot get the right configuration in Muttrc to send the message as attachment instead of inline. From the mutt man page: OPTIONS -a file Attach a file to your message using MIME. So in your case, mutt -n -F /dev/null -a /test/test.html [EMAIL PROTECTED] /dev/null HTH, Gary -- Gary Johnson | Agilent Technologies [EMAIL PROTECTED] | Spokane, Washington, USA http://www.spocom.com/users/gjohnson/mutt/ |
sending attachments
Hi- I'm having problems sending attachments to non mutt users. It appears to be stemming from their not being able to recognize the boundaries between attachments (I've noticed that other mailers use a "boundary" variable, and my mutt is adding an asterisk to this.) I'd really appreciate any help on this. Tony Mullen
Re: sending attachments
On Thu 08-Mar-2001 at 04:23:35PM +0100, Mullen A.J. wrote: I'm having problems sending attachments to non mutt users. It appears to be stemming from their not being able to recognize the boundaries between attachments (I've noticed that other mailers use a "boundary" variable, and my mutt is adding an asterisk to this.) You need to give some examples. Your Content-Type header is a bit of a mess as well: Content-Type: text/plain; charset*=ascii''ascii Bruno -- http://bruno.postle.net/
Re: sending attachments
On Thu 08-Mar-2001 at 05:42:11PM +0100, Mullen A.J. wrote: Here's an example of the full header and boundaries I'm sending which is not being properly decoded by other mailers (although it is by other mutt users). From [EMAIL PROTECTED] Thu Mar 8 15:20:13 2001 Date: Thu, 8 Mar 2001 15:20:13 +0100 From: "Mullen A.J." [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: att Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary*="ascii''0lnxQi9hkpPO77W3" Content-Disposition: inline User-Agent: Mutt/1.3.8i Status: RO Content-Length: 175926 Lines: 2879 --0lnxQi9hkpPO77W3 Content-Type: text/plain; charset*=ascii''ascii Content-Disposition: inline msg txt --0lnxQi9hkpPO77W3 Content-Type: application/postscript Content-Disposition: attachment; filename*=ascii''braustac%2Eps %!PS-Adobe-2.0 %%Creator: dvips(k) 5.85 Copyright 1999 Radical Eye Software et cetera... It is messed-up, I don't know why :-) Bruno -- http://bruno.postle.net/
sending attachments
To elaborate on my earlier question about including attachments, the following is what I'm sending out. This is the raw text of the mail. When Mutt receives this, it's able to parse it without a problem and treat the attachments and text appropriately. When other mailers (so far tried with emacs and hotmail, among others) they fail. Thanks, T Mullen From [EMAIL PROTECTED] Thu Mar 8 15:20:13 2001 Date: Thu, 8 Mar 2001 15:20:13 +0100 From: "Mullen A.J." [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: att Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary*="ascii''0lnxQi9hkpPO77W3" Content-Disposition: inline User-Agent: Mutt/1.3.8i Status: RO Content-Length: 175926 Lines: 2879 --0lnxQi9hkpPO77W3 Content-Type: text/plain; charset*=ascii''ascii Content-Disposition: inline msg txt --0lnxQi9hkpPO77W3 Content-Type: application/postscript Content-Disposition: attachment; filename*=ascii''braustac%2Eps %!PS-Adobe-2.0 %%Creator: dvips(k) 5.85 Copyright 1999 Radical Eye Software et cetera...
Re: sending attachments
Mullen A.J. writes: To elaborate on my earlier question about including attachments, the following is what I'm sending out. This is the raw text of the mail. When Mutt receives this, it's able to parse it without a problem and treat the attachments and text appropriately. When other mailers (so far tried with emacs and hotmail, among others) they fail. You are running mutt-1.3.8, right? Then you should post to mutt-dev, not mutt-users. 1.3.8 is ultimately outdated. I'd recommend to upgrade to the latest devel version 1.3.16 (or use 1.2.5, the latest stable release). The problem you observe was fixed in mutt-1.3.9. 1.3.8's handling of character set conversion (iconv) was broken. I had a very similar problem with 1.3.8 on Solaris.
sending attachments and getting them back
Hello! I have to write two shell scripts. One to check a file, and send it via Email to the other script. The second script has to get the attached file back from the Email and install it. The file which is attached is a PGP signed Tarball. It is send via mutt -a files.tar.pgp -s "Subject" [EMAIL PROTECTED] message.txt Sending the file works fine! On the other side each time the user gets a mail a script is executed which uses metamail to get the file back. Metamail is executed as follow metamail -r -q -x -w /tmp/receivedmail Now my problem :) If I use mutt for sending the file the files created by metamail are only called with temp names beginning with mm. If I use the Netscape Messenger with the file attached, the name after metamail is correct. I need a correct naming for working with the file. Its hard for me to find the pgp tempfile and rename it an so on... This is the MUTT-Header of the received Email: From [EMAIL PROTECTED] Thu Aug 31 13:55:39 2000 Received: (from burgsth@localhost) by dawsobr.tronicplanet.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) id NAA01325 for [EMAIL PROTECTED]; Thu, 31 Aug 2000 13:55:21 +0200 Date: Thu, 31 Aug 2000 13:55:12 +0200 From: Thomas Burgstaller [EMAIL PROTECTED] To: Virus user [EMAIL PROTECTED] Subject: Virus-DAT-Files Update Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="k+w/mQv8wyuph6w0" X-Mailer: Mutt 1.0pre3i --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Die angehaengten Daten sind fuer das Update des Virenscanners notwendig --k+w/mQv8wyuph6w0 Content-Type: application/pgp Content-Disposition: attachment; filename="dat-files.tar.pgp" Content-Transfer-Encoding: base64 --- --- --- This is the Netscape-Header of the received Email: From [EMAIL PROTECTED] Thu Aug 31 14:01:52 2000 Received: from tronicplanet.de (burgsth@localhost [127.0.0.1]) by dawsobr.tronicplanet.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id OAA01406 for virus@localhost; Thu, 31 Aug 2000 14:01:28 +0200 Sender: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Date: Thu, 31 Aug 2000 14:01:27 +0200 From: Thomas Burgstaller [EMAIL PROTECTED] Organization: Tronicplanet Datendienst GmbH X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.13 i586) X-Accept-Language: en MIME-Version: 1.0 To: [EMAIL PROTECTED] Content-Type: multipart/mixed; boundary="17FB9875B8174B98B316AA45" This is a multi-part message in MIME format. --17FB9875B8174B98B316AA45 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --17FB9875B8174B98B316AA45 Content-Type: application/octet-stream; name="dat-files.tar.pgp" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="dat-files.tar.pgp" Thank you Thomas
Sending attachments without invoking editor
Hi, Is there a way in mutt to send an attachment from the command line, without invoking an editor? I would like to do this from a shell script on an HP-UX machine. TIA. PS. Please, if you have a solution, copy me directly, since I am not subscribed to this list at the moment. Regards, Marcin -- Marcin J. Kraszewski [EMAIL PROTECTED]
Re: Sending attachments without invoking editor
Marcin J. Kraszewski [[EMAIL PROTECTED]] wrote: Is there a way in mutt to send an attachment from the command line, without invoking an editor? I would like to do this from a shell script on an HP-UX machine. TIA. $ man mutt ... OPTIONS -a file Attach a file to your message using MIME. ... $ mutt -a attach.txt -s subject [EMAIL PROTECTED] message_body.txt -- Jeremy Blosser | [EMAIL PROTECTED] | http://jblosser.firinn.org/ -+-+-- "If Microsoft can change and compete on quality, I've won." -- L. Torvalds PGP signature
Re: Sending attachments without invoking editor
Marcin J. Kraszewski [EMAIL PROTECTED] wrote on Wed, 20 Oct 1999: Is there a way in mutt to send an attachment from the command line, without invoking an editor? I would like to do this from a shell script on an HP-UX machine. TIA. mutt -a file -s "Message subject" recipient msg_text Will use text from the file "msg_text" as message body text, and will attach a file called "file". You may specify multiple -a switches for attaching more than one file. Mikko -- // Mikko Hänninen, aka. Wizzu // [EMAIL PROTECTED] // http://www.iki.fi/wiz/ // The Corrs list maintainer // net.freak // DALnet IRC operator / // Interests: roleplaying, Linux, the Net, fantasy scifi, the Corrs / Of all the things I've lost, I miss my mind the most.
Re: Sending attachments without invoking editor
Marcin J. Kraszewski [[EMAIL PROTECTED]] wrote: I do not have mutt on my HP-UX machines, that is why I decided to bother this list. No worries, but just FYI, there is a copy of the man page (and the manual) at http://www.mutt.org/doc/ -- Jeremy Blosser | [EMAIL PROTECTED] | http://jblosser.firinn.org/ -+-+-- "If Microsoft can change and compete on quality, I've won." -- L. Torvalds PGP signature
Re: Sending attachments without invoking editor
Ralf, Jeremy, Goran, Mikko, David, Ronny, Thank you very much for your quick replies. I do not have mutt on my HP-UX machines, that is why I decided to bother this list. I looked at mail, mailx, elm, and pine, and did not see a way of doing what I wanted to do from a shell script. I'm glad mutt gives me that option. Thanks again. Regards, Marcin Ralf Hildebrandt wrote: On Wed, Oct 20, 1999 at 09:48:08AM -0400, Marcin J. Kraszewski wrote: Is there a way in mutt to send an attachment from the command line, without invoking an editor? I would like to do this from a shell script on an HP-UX machine. TIA. % mutt -s subject -a file /dev/null -- Ralf Hildebrandt [EMAIL PROTECTED] www.stahl.bau.tu-bs.de/~hildeb If you tell them, they never listen. If they listen, they never learn. If they learn, they never remember. If they remember, they never obey. -- Marcin J. Kraszewski [EMAIL PROTECTED]
Re: Sending attachments without invoking editor
Op wo. 20 okt 1999 14:11:53 zei Marcin J. Kraszewski: Thank you very much for your quick replies. I do not have mutt on my HP-UX machines, that is why I decided to bother this list. I looked at mail, mailx, elm, and pine, and did not see a way of doing what I wanted to do from a shell script. I'm glad mutt gives me that option. Thanks again. if all you need is using it from shell scripts you might also want to check the mpack/munpack duo out. if you decide to go for the mpack option, do install mutt anyway for interactive use. your scripts will be just as happy with anything, but obce you try it you won't be happy with anything else but mutt! s