WIP: Many attachment improvements #1737

Merged
merged 6 commits into from Jan 15, 2017

Projects

None yet

2 participants

@BjarniRunar
Member

This fixes a whole bunch of minor buglets to do with attachments, and adds a 1st draft of checking sender reputation before allowing the user to interact with risky content.

This is a work in progress, more commits are expected before merging.

BjarniRunar added some commits Dec 19, 2016
@BjarniRunar BjarniRunar Enhance header fingerprinting so it can be used for sender reputation
   * Generate two fingerprints (tools and sender), extract MUA name
   * Record the MUA name as a search term, e.g. mua:thunderbird
   * Add a User-Agent: header to our own outgoing messages
   * The tool fingerprint depends only on the tool used to compose
   * The new sender fingerprint includes details about the path the
     message took through the network

This allows us to track sender reputation, so we can detect bulk
forgeries (phishing) and less sophisticated spear-phishing attempts.
8a5b54a
@BjarniRunar BjarniRunar Attachments: Fix downloads broken by nuking the content-ID. Fixes #1732 efd11a5
@BjarniRunar BjarniRunar Fix unicode buglet when attaching files with funky names 4f0f832
@BjarniRunar BjarniRunar Improve attachment size warning b55fc27
@BjarniRunar BjarniRunar Fix sticky attachment upload notification bug, Issue #1703 74a67dd
@JocelynDelalande
Contributor

@BjarniRunar thanks :-) I know this adds workload but maybe split into two PR :

  • one for the attachments, mergeable soon (attachments are broken on current master)
  • one WIP for sender reuptation
@BjarniRunar BjarniRunar Whitespace fix, password/passphrase fix f6315b1
@BjarniRunar
Member

Agreed. I've removed the reputation UI stuff from this PR. Will merge tomorrow sometime to get the bugs fixed, leaving open in case someone wants to help test.

@BjarniRunar BjarniRunar merged commit 4e79594 into mailpile:master Jan 15, 2017
@BjarniRunar BjarniRunar deleted the BjarniRunar:pr/fix-attachments branch Jan 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment