Alan: > Hi everybody, > > During Tails release process we test various aspects the candidate ISO: > https://tails.boum.org/contribute/release_process/test/ > > For claws mail, one of these tests is: > > * Check that the profile works and is torified (specifically the > EHLO/HELO SMTP messages it sends): > > 1. Send an email using Claws and a non-anonymizing SMTP relay. > 2. Then check that email's headers once received, especially the > Received: and Message-ID: ones. > > But the next one is: > > * Also check that the EHLO/HELO SMTP message is not leaking anything > with a packet sniffer: > 1. start Claws using the panel icon. > 1. Disable SSL/TLS for SMTP in Claws (so take precautions for not > leaking your password in plaintext by either changing it > temporarily or using a disposable account). > 2. Run `sudo tcpdump -n -i lo -w dump` to capture the packets > before Tor encrypts it, then close tcpdump, and check the dump > for the HELO/EHLO message and verify that it only contains > `localhost`. > > I don't see what the first of these tests would check that is not also > checked by the second. In addition, it's not easy to access a > "non-anonymizing SMTP relay" through Tor. > > I suggest we remove the 1st of these tests. What do you think?
I agree with your proposal. Furthermore, "non-anonymizing SMTP relay" is badly defined. -- sajolida
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
