* Modifications to protect the privacy of users:

	+ Alpine does not generate Sender or X-X-Sender by default
          by making  [X] Do Not Generate Sender Header the default.
	+ Alpine does not disclose User Agent by default by making
          [X]  Suppress User Agent When Sending the default.
	+ Alpine uses the domain in the From: header of a message
          to generate a message-id and suppresses all information
          about Alpine, version, revision, and time of generation
          of the message-id from this header. This information is
          replaced by a random string.

6 files changed, 54 insertions, 57 deletions

diff --git a/alpine/send.c b/alpine/send.c
index b4e2322..2e6eace 100644
--- a/alpine/send.c
+++ b/alpine/send.c
@@ -603,6 +603,7 @@ compose_mail(char *given_to, char *fcc_arg, ACTION_S *role_arg,
 	int impl, template_len = 0;
 	long rflags = ROLE_COMPOSE;
 	PAT_STATE dummy;
+	char *hostpart;
 
         /*=================  Compose new message ===============*/
         body         = mail_newbody();
@@ -611,8 +612,6 @@ compose_mail(char *given_to, char *fcc_arg, ACTION_S *role_arg,
         if(given_to)
 	  rfc822_parse_adrlist(&outgoing->to, given_to, ps_global->maildomain);
 
-        outgoing->message_id = generate_message_id();
-
 	/*
 	 * Setup possible role
 	 */
@@ -646,6 +645,24 @@ compose_mail(char *given_to, char *fcc_arg, ACTION_S *role_arg,
 			    role->nick);
 
 	/*
+	 * set ps_global->hostname to something sensible, if possible,
+	 * for purposes of generating a message id
+	 */
+	hostpart = cpystr(ps_global->hostname);
+	fs_give((void **) &ps_global->hostname);
+	if(role && role->from)
+	  ps_global->hostname = cpystr(role->from->host ? role->from->host : "huh");
+	else if(ps_global->maildomain)	/* as in generate_from() */
+	  ps_global->hostname = cpystr(ps_global->maildomain);
+	else
+	  ps_global->hostname = cpystr(hostpart);	/* all for nothing */
+        outgoing->message_id = generate_message_id();
+	/* undo the changes above */
+	fs_give((void **) &ps_global->hostname);
+	ps_global->hostname = cpystr(hostpart);
+	fs_give((void **) &hostpart);
+
+	/*
 	 * The type of storage object allocated below is vitally
 	 * important.  See SIMPLIFYING ASSUMPTION #37
 	 */
diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h
index eb8f013..65e0228 100644
--- a/imap/src/c-client/mail.h
+++ b/imap/src/c-client/mail.h
@@ -2005,3 +2005,4 @@ void oauth2deviceinfo_get_accesscode(void *, void *);
 XOAUTH2_INFO_S *new_xoauth2_info(void);
 void    free_xoauth2_info(XOAUTH2_INFO_S **);
 XOAUTH2_INFO_S *copy_xoauth2_info(XOAUTH2_INFO_S *);
+char *oauth2_generate_state(void);
diff --git a/imap/src/c-client/oauth2_aux.h b/imap/src/c-client/oauth2_aux.h
index b076da3..7882a3c 100644
--- a/imap/src/c-client/oauth2_aux.h
+++ b/imap/src/c-client/oauth2_aux.h
@@ -18,7 +18,6 @@
 #define OA2_CODE_SUCCESS	0
 
 void mm_login_oauth2_c_client_method (NETMBX *, char *, char *, OAUTH2_S *, unsigned long, int *);
-char *oauth2_generate_state(void);
 void oauth2deviceinfo_get_accesscode(void *, void *);
 
 #endif /* C_CLIENT_OAUTH2_AUX_INCLUDED */
diff --git a/pith/conf.c b/pith/conf.c
index 1835c40..8b977ae 100644
--- a/pith/conf.c
+++ b/pith/conf.c
@@ -2909,7 +2909,7 @@ feature_list(int index)
 
 /* Sending Prefs */
 	{"disable-sender", "Do Not Generate Sender Header",
-	 F_DISABLE_SENDER, h_config_disable_sender, PREF_SEND, 0},
+	 F_DISABLE_SENDER, h_config_disable_sender, PREF_SEND, 1},
 	{"use-sender-not-x-sender", "Use Sender Instead of X-X-Sender",
 	 F_USE_SENDER_NOT_X, h_config_use_sender_not_x, PREF_SEND, 0},
 	{"quell-flowed-text", "Do Not Send Flowed Text",
@@ -3281,7 +3281,7 @@ feature_list(int index)
 	{"quell-timezone-comment-when-sending", "Suppress Timezone Comment When Sending",
 	 F_QUELL_TIMEZONE, h_config_quell_tz_comment, PREF_MISC, 0},
 	{"suppress-user-agent-when-sending", NULL,
-	 F_QUELL_USERAGENT, h_config_suppress_user_agent, PREF_MISC, 0},
+	 F_QUELL_USERAGENT, h_config_suppress_user_agent, PREF_MISC, 1},
 	{"tab-checks-recent", "Tab Checks for Recent Messages",
 	 F_TAB_CHK_RECENT, h_config_tab_checks_recent, PREF_MISC, 0},
 	{"termdef-takes-precedence", NULL,
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 92f2d9a..b549bc9 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -194,19 +194,34 @@ problems you find with this release.
 <LI> Expansion of the configuration screen for XOAUTH2 to include
      username, and tenant.
 
+<LI> If a user has more than one client-id for a service, Alpine tries to
+     asks the user which client-id to use and associates that client-id to
+     the credentials in the XOAUTH2 configuration screen.
+     <A HREF="h_xoauth2_config_screen">Learn more</A>.
+
 <LI> Addition of a link to the Apache License 2.0 (see above). This is 
      available from the Release Notes as well as the welcome screen.
 
+<LI> Modifications to protect the privacy of users:
+<UL>
+<LI> Alpine does not generate Sender or X-X-Sender by default
+     by enabling  <a href="h_config_disable_sender"><!--#echo var="FEAT_disable-sender"--></a>
+     as the default.
+<LI> Alpine does not disclose User Agent by default by enabling
+     <A HREF="h_config_suppress_user_agent"><!--#echo var="FEAT_suppress-user-agent-when-sending"--></A>
+     by default.
+<LI> Alpine uses the domain in the From: header of a message
+     to generate a message-id and suppresses all information
+     about Alpine, version, revision, and time of generation
+     of the message-id from this header. This information is
+     replaced by a random string.
+</UL>
+
 <LI> Alpine will ding the terminal bell when asking  about quitting
      when new mail arrives. This is consistent with Alpine dinging the
      bell when new mail arrives. The bell will not ding if it is disabled
      for status messages. Suggested by Chime Hart.
 
-<LI> If a user has more than one client-id for a service, Alpine tries to
-     asks the user which client-id to use and associates that client-id to
-     the credentials in the XOAUTH2 configuration screen.
-     <A HREF="h_xoauth2_config_screen">Learn more</A>.
-
 <LI> When messages are selected, pressing the &quot;;&quot; command to broaden or narrow
      a search, now offers the possibility to completely replace the search, and
      is almost equivalent to being a shortcut to &quot;unselect all messages, and select
diff --git a/pith/reply.c b/pith/reply.c
index ab4e97c..702832a 100644
--- a/pith/reply.c
+++ b/pith/reply.c
@@ -3346,58 +3346,23 @@ second and a single unique character
 char *
 generate_message_id(void)
 {
-    static short osec = 0, cnt = 0;
-    char         idbuf[128], revisionbuf[128];
     char        *id;
-    time_t       now;
-    struct tm   *now_x;
-    char	*revision = NULL;
-    char        *hostpart = NULL;
-    char	*alpine_name = NULL;
-    char	*alpine_version = NULL;
-    char	*system_os = NULL;
-
-    now   = time((time_t *)0);
-    now_x = localtime(&now);
-
-    if(now_x->tm_sec == osec)
-      cnt++;
-    else{
-	cnt = 0;
-	osec = now_x->tm_sec;
-    }
+    char	*leftpart;
+    char        *hostpart;
 
-    get_alpine_revision_number(revisionbuf, sizeof(revisionbuf));
     if(F_ON(F_ROT13_MESSAGE_ID, ps_global)){
-       hostpart       = rot13(ps_global->hostname);
-       alpine_name    = rot13("alpine");
-       alpine_version = rot5n(ALPINE_VERSION);
-       system_os      = rot13(SYSTYPE);
-       revision	      = rot5n(revisionbuf);
+       hostpart  = rot13(ps_global->hostname);
+       leftpart  = rot13(oauth2_generate_state());
     } else {
-       hostpart	      = cpystr(ps_global->hostname);
-       alpine_name    = cpystr("alpine");
-       alpine_version = cpystr(ALPINE_VERSION);
-       system_os      = cpystr(SYSTYPE);
-       revision	      = cpystr(revisionbuf);
+       hostpart	 = cpystr(ps_global->hostname);
+       leftpart  = oauth2_generate_state();
     }
-    
-    if(!hostpart)
-      hostpart = cpystr("huh");
-
-    snprintf(idbuf, sizeof(idbuf), "<%.6s.%.4s.%.20s.%.10s.%02d%02d%02d%02d%02d%02d%X.%d@%.50s>",
-	    alpine_name, system_os, alpine_version, revision,(now_x->tm_year) % 100, now_x->tm_mon + 1,
-	    now_x->tm_mday, now_x->tm_hour, now_x->tm_min, now_x->tm_sec, 
-	    cnt, getpid(), hostpart);
-    idbuf[sizeof(idbuf)-1] = '\0';
-
-    id = cpystr(idbuf);
-
-    if(hostpart) fs_give((void **) &hostpart);
-    if(alpine_name) fs_give((void **) & alpine_name);
-    if(alpine_version) fs_give((void **)&alpine_version);
-    if(system_os) fs_give((void **)&system_os);
-    if(revision) fs_give((void **)&revision);
+
+    id = fs_get(strlen(leftpart) + strlen(hostpart) + 4);
+    sprintf(id, "<%s@%s>", leftpart, hostpart);
+
+    fs_give((void **) &hostpart);
+    fs_give((void **) &leftpart);
 
     return(id);
 }