Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private Mode Broken #2982

Open
iammattmartin opened this issue May 20, 2024 · 3 comments
Open

Private Mode Broken #2982

iammattmartin opened this issue May 20, 2024 · 3 comments
Labels

Comments

@iammattmartin
Copy link

Describe the bug

Since the last update, the privacy mode seems to be slightly broken. Before, when enabled, it would not disclose any information on the sending SMTP server, now it does partially or fully depending on what mode is set.

With privacy mode enabled the headers appear like:

Received: by postal.host with SMTP; Mon, 20 May 2024 16:00:21 +0000
Received: from sending.host (localhost [IPv6:::1]) by sending.host (Postfix) with ESMTPS id 0C222B2F05	for <x@x.com>; Mon, 20 May 2024 16:00:21 +0000

but with it disabled they appear like:

Received: from sending.host (sending.host [2001:xx:xx::xx]) by postal.host with SMTP; Mon, 20 May 2024 15:58:03 +0000
Received: from sending.host (localhost [IPv6:::1]) by sending.host (Postfix) with ESMTPS id 9EFA011D194	for <x@x.com>; Mon, 20 May 2024 15:58:02 +0000

It used to only ever show:

Received: by postal.host with SMTP; Mon, 20 May 2024 16:00:21 +0000
@adamcooke
Copy link
Contributor

From what I can see the received header added by Postal is correct. The header which includes the IP was added by Postfix elsewhere in the chain.

@iammattmartin
Copy link
Author

We've always used it in this way for some pre-routing we have to do before sending.

I restored an old backup of postal last night for testing and it did not do this previously. As per the last example, the same output was seen both indirectly and directly.

It looks like previously Postal had been stripping off anything before it had received it, which was desirable now and it appears now it does not.

@iammattmartin
Copy link
Author

It looks like this is related to #2781. So whereas this was good for protecting internal hosts that use SMTP and postal as an outbound gateway, the new code reveals far too much information.

Downgrading "resolved" the issue, but it may be there needs to be a middle, configurable, ground as to what people want to hide or show.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants