Re: [Tails-dev] Testing EHLO messages: simplification propos…

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Testing EHLO messages: simplification proposal
Alan:
> Hi everybody,
>
> During Tails release process we test various aspects the candidate ISO:
> https://tails.boum.org/contribute/release_process/test/
>
> For claws mail, one of these tests is:
>
>     * Check that the profile works and is torified (specifically the
>       EHLO/HELO SMTP messages it sends):

>
>       1. Send an email using Claws and a non-anonymizing SMTP relay.
>       2. Then check that email's headers once received, especially the
>          Received: and Message-ID: ones.

>
> But the next one is:
>
>     * Also check that the EHLO/HELO SMTP message is not leaking anything
>       with a packet sniffer:
>       1. start Claws using the panel icon.
>       1. Disable SSL/TLS for SMTP in Claws (so take precautions for not
>          leaking your password in plaintext by either changing it
>          temporarily or using a disposable account).
>       2. Run `sudo tcpdump -n -i lo -w dump` to capture the packets
>          before Tor encrypts it, then close tcpdump, and check the dump
>          for the HELO/EHLO message and verify that it only contains
>          `localhost`.

>
> I don't see what the first of these tests would check that is not also
> checked by the second. In addition, it's not easy to access a
> "non-anonymizing SMTP relay" through Tor.
>
> I suggest we remove the 1st of these tests. What do you think?


I agree with your proposal. Furthermore, "non-anonymizing SMTP relay" is
badly defined.

--
sajolida