[Tails-dev] Testing EHLO messages: simplification proposal

Supprimer ce message

Répondre à ce message
Auteur: Alan
Date:  
À: tails-dev
Sujet: [Tails-dev] Testing EHLO messages: simplification proposal
Hi everybody,

During Tails release process we test various aspects the candidate ISO:
https://tails.boum.org/contribute/release_process/test/

For claws mail, one of these tests is:

    * Check that the profile works and is torified (specifically the
      EHLO/HELO SMTP messages it sends):


      1. Send an email using Claws and a non-anonymizing SMTP relay.
      2. Then check that email's headers once received, especially the
         Received: and Message-ID: ones.


But the next one is:

    * Also check that the EHLO/HELO SMTP message is not leaking anything
      with a packet sniffer:
      1. start Claws using the panel icon.
      1. Disable SSL/TLS for SMTP in Claws (so take precautions for not
         leaking your password in plaintext by either changing it
         temporarily or using a disposable account).
      2. Run `sudo tcpdump -n -i lo -w dump` to capture the packets
         before Tor encrypts it, then close tcpdump, and check the dump
         for the HELO/EHLO message and verify that it only contains
         `localhost`.


I don't see what the first of these tests would check that is not also
checked by the second. In addition, it's not easy to access a
"non-anonymizing SMTP relay" through Tor.

I suggest we remove the 1st of these tests. What do you think?

Cheers