Date: Sun, 05 Oct 2014 20:53:21 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 123468] mail/postgrey: information leak, privacy issue Message-ID: <bug-123468-13-jFdXOOFnKy@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-123468-13@https.bugs.freebsd.org/bugzilla/> References: <bug-123468-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=123468 --- Comment #12 from marquis@roble.com --- > - If the operator of %r uses the default response string from postgrey It appears that you're mistaking %r with the localhost (running freebsd and postgrey). %r is generated on the mailserver running postgrey and is sent A) to the originating MTA via SMTP handshake and B) if the message is timed-out it is normally sent back to the originating user in the bounce message text. > they are making it public they're using postgrey. If they didn't want to > disclose that, they'd override the string and remove the URI entirely. It's not clear what you are referring to here. First the postgrey advertisement is not at issue. WRT removing it, the only way to do so is by editing the postgrey script on the recipient MTA. The installation Makefile does not provide any mechanism for "override"ing %r nor does the sender or sending MTA have any way to do this. More importantly, none of these parties has expressed an interest in providing the owner of postgrey.schweikert.ch with this information. > - Network information about the server receiving for %r is not disclosed to > postgrey.schweikert.ch. True in some cases but not relevant to the patch. If the recipient of a bounced message or the reader of a mail log follows the URL, for information on greylisting for example, the operator of postgrey.schweikert.ch is informed of the sender's domain. This is what the patch prevents. The owner of schweikert.ch does not need to know what remote MTAs are being greylisted by other's MTAs nor is the disclosed domain name in any way helpful in researching the cause of a bounced or delayed email. The bottom line is this: neither the mail sender nor the intermediate MTA operators have an interest in disclosing this information to a third party (postgrey.schweikert.ch). > - The IP address disclosed to the postgrey.schweikert.ch is that of the browser > going to the site, not the mail server relaying to %r. This is incorrect. The %r string in question is the providing the sender's domainname. It has nothing to do with web browsers. > The information disclosure is that a browser appearing at a given IP address is > emitting unencrypted HTTP requests which may or may not be associated with an > email sent to %r. The lack of SSL and minimal level of information provided > means this is effectively a disclosure of information already widely disclosed. I respect your opinion that the information disclosed is "minimal", however, it is nevertheless just your opinion. Many of us believe that privacy does matter (as the popularity of Edward Snowden has revealed much less the work of groups from the EFF to EPIC). The patch would not have been submitted if everyone held the same opinion. > Given the insignificant nature of the disclosure, there is greater utility > in not deviating from upstream. An opinion of what constitutes privacy and a mistaken evaluation of what postgrey's %r string resolves to are not valid criteria for rejecting the patch. This patch should be evaluated on more factual and policy-based criteria. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-123468-13-jFdXOOFnKy>