diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2021-11-23 22:28:14 -0700 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2021-11-23 22:28:14 -0700 |
| commit | 4b63640c8e01ae6222663d412ff1625e3b4ba3b5 (patch) | |
| tree | b83d119d7917a7b9af0799691fc28da3588ec965 | |
| parent | bc15b12b7f13ec9c9cd855aae0e62be4d0ef9e31 (diff) | |
| download | alpine-4b63640c8e01ae6222663d412ff1625e3b4ba3b5.tar.xz | |
* To protect the privacy of a user, generate the domain-part of a
message-id using the domain part of the from address that a user is
willing to disclose.
| -rw-r--r-- | alpine/send.c | 16 | ||||
| -rw-r--r-- | pith/pine.hlp | 5 |
2 files changed, 20 insertions, 1 deletions
diff --git a/alpine/send.c b/alpine/send.c index 8d8d3a69..f278c340 100644 --- a/alpine/send.c +++ b/alpine/send.c @@ -3138,6 +3138,22 @@ pine_send(ENVELOPE *outgoing, struct mail_bodystruct **body, outgoing->sender->host = cpystr(ps_global->hostname); } + /* To protect the privacy of the user, make sure that the domain + * part in the message id matches the domain in the from, so that + * the user does not disclose more than they are already willing + * to disclose. + */ + + if(outgoing->message_id && outgoing->from && !role){ + fs_give((void **) &outgoing->message_id); + role = (ACTION_S *) fs_get(sizeof(ACTION_S)); /* create fake role */ + memset((void *) role, 0, sizeof(ACTION_S)); + role->from = outgoing->from; /* and fill the from field only */ + outgoing->message_id = generate_message_id(role); /* new message id */ + role->from = NULL; /* disconnect the from part */ + fs_give((void **) &role); /* the fake role can be discarded */ + } + if(ps_global->newthread){ if(outgoing->in_reply_to) fs_give((void **)&outgoing->in_reply_to); if(outgoing->references) fs_give((void **)&outgoing->references); diff --git a/pith/pine.hlp b/pith/pine.hlp index e9fee1cd..78e56236 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 622 2021-11-23 10:53:56 +Alpine Commit 623 2021-11-23 22:28:10 ============= h_news ================= <HTML> <HEAD> @@ -217,6 +217,9 @@ new additions to Alpine, please check it periodically. is available for that server. In this case additional information is given: The method to use (device or authorize), a user id that uses the suggested client-id or a report that the client-id has not been used. + +<LI> To protect the privacy of a user, the message-id of a message will be + generated using the domain in the From field of the message. </UL> <P> |