Hi everybody,
During Tails release process we test various aspects the candidate ISO:
https://tails.boum.org/contribute/release_process/test/
For claws mail, one of these tests is:
* Check that the profile works and is torified (specifically the
EHLO/HELO SMTP messages it sends):
1. Send an email using Claws and a non-anonymizing SMTP relay.
2. Then check that email's headers once received, especially the
Received: and Message-ID: ones.
But the next one is:
* Also check that the EHLO/HELO SMTP message is not leaking anything
with a packet sniffer:
1. start Claws using the panel icon.
1. Disable SSL/TLS for SMTP in Claws (so take precautions for not
leaking your password in plaintext by either changing it
temporarily or using a disposable account).
2. Run `sudo tcpdump -n -i lo -w dump` to capture the packets
before Tor encrypts it, then close tcpdump, and check the dump
for the HELO/EHLO message and verify that it only contains
`localhost`.
I don't see what the first of these tests would check that is not also
checked by the second. In addition, it's not easy to access a
"non-anonymizing SMTP relay" through Tor.
I suggest we remove the 1st of these tests. What do you think?
Cheers
