From 1ba73d1437202b9ae3c2cff6d20dbe92fcacf053 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 8 Aug 2016 19:35:17 -0400 Subject: [PATCH] Omit User-Agent: header by default The User-Agent: header can be fun and interesting, but it also leaks quite a bit of information about the user and their software stack. This represents a potential security risk (attackers can target the particular stack) and also an anonymity risk (a user trying to preserve their anonymity by sending mail from a non-associated account might reveal quite a lot of information if their choice of mail user agent is exposed). This change also avoids hiding the User-Agent header by default, so that people who decide they want to send it will at least see it (and can edit it if they want to) before sending. It makes sense to have safer defaults. --- emacs/notmuch-mua.el | 4 ++-- test/T310-emacs.sh | 16 ---------------- 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el index 1ca80564..f3a4e5a3 100644 --- a/emacs/notmuch-mua.el +++ b/emacs/notmuch-mua.el @@ -62,7 +62,7 @@ disabled: this would result in an incorrect behavior.")) (const :tag "Compose mail in a new window" new-window) (const :tag "Compose mail in a new frame" new-frame))) -(defcustom notmuch-mua-user-agent-function 'notmuch-mua-user-agent-full +(defcustom notmuch-mua-user-agent-function nil "Function used to generate a `User-Agent:' string. If this is `nil' then no `User-Agent:' will be generated." :type '(choice (const :tag "No user agent string" nil) @@ -73,7 +73,7 @@ disabled: this would result in an incorrect behavior.")) :value notmuch-mua-user-agent-full)) :group 'notmuch-send) -(defcustom notmuch-mua-hidden-headers '("^User-Agent:") +(defcustom notmuch-mua-hidden-headers nil "Headers that are added to the `message-mode' hidden headers list." :type '(repeat string) diff --git a/test/T310-emacs.sh b/test/T310-emacs.sh index 65c1728d..202fc3bf 100755 --- a/test/T310-emacs.sh +++ b/test/T310-emacs.sh @@ -193,7 +193,6 @@ emacs_deliver_message \ (kill-whole-line) (insert "To: user@example.com\n")' sed \ - -e s',^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' \ -e s',^Message-ID: <.*>$,Message-ID: ,' \ -e s',^\(Content-Type: text/plain\); charset=us-ascii$,\1,' < sent_message >OUTPUT cat <EXPECTED @@ -201,7 +200,6 @@ From: Notmuch Test Suite To: user@example.com Subject: Testing message sent via SMTP Date: 01 Jan 2000 12:00:00 -0000 -User-Agent: Notmuch/XXX Emacs/XXX Message-ID: MIME-Version: 1.0 Content-Type: text/plain @@ -310,7 +308,6 @@ test_emacs '(let ((message-hidden-headers ''())) (test-output))' sed -i -e 's/^In-Reply-To: <.*>$/In-Reply-To: /' OUTPUT sed -i -e 's/^References: <.*>$/References: /' OUTPUT -sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT cat <EXPECTED From: Notmuch Test Suite To: user@example.com @@ -318,7 +315,6 @@ Subject: Re: Testing message sent via SMTP In-Reply-To: Fcc: ${MAIL_DIR}/sent References: -User-Agent: Notmuch/XXX Emacs/XXX --text follows this line-- Notmuch Test Suite writes: @@ -335,7 +331,6 @@ test_emacs "(let ((message-hidden-headers '())) (notmuch-test-wait) (notmuch-search-reply-to-thread) (test-output))" -sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT cat <EXPECTED From: Notmuch Test Suite To: Sender @@ -343,7 +338,6 @@ Subject: Re: ${test_subtest_name} In-Reply-To: <${gen_msg_id}> Fcc: ${MAIL_DIR}/sent References: <${gen_msg_id}> -User-Agent: Notmuch/XXX Emacs/XXX --text follows this line-- Sender writes: @@ -361,7 +355,6 @@ test_emacs "(let ((message-hidden-headers '())) (notmuch-test-wait) (notmuch-search-reply-to-thread) (test-output))" -sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT cat <EXPECTED From: Notmuch Test Suite To: Sender , someone@example.com @@ -369,7 +362,6 @@ Subject: Re: ${test_subtest_name} In-Reply-To: <${gen_msg_id}> Fcc: ${MAIL_DIR}/sent References: <${gen_msg_id}> -User-Agent: Notmuch/XXX Emacs/XXX --text follows this line-- Sender writes: @@ -382,7 +374,6 @@ test_emacs '(let ((message-hidden-headers ''())) (notmuch-show "id:20091118002059.067214ed@hikari") (notmuch-show-reply) (test-output))' -sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT cat <EXPECTED From: Notmuch Test Suite To: Adrian Perez de Castro , notmuch@notmuchmail.org @@ -390,7 +381,6 @@ Subject: Re: [notmuch] Introducing myself In-Reply-To: <20091118002059.067214ed@hikari> Fcc: ${MAIL_DIR}/sent References: <20091118002059.067214ed@hikari> -User-Agent: Notmuch/XXX Emacs/XXX --text follows this line-- Adrian Perez de Castro writes: @@ -447,7 +437,6 @@ test_emacs '(let ((message-hidden-headers ''())) (notmuch-show "id:cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com") (notmuch-show-reply) (test-output))' -sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT cat <EXPECTED From: Notmuch Test Suite To: Alex Botero-Lowry , notmuch@notmuchmail.org @@ -455,7 +444,6 @@ Subject: Re: [notmuch] preliminary FreeBSD support In-Reply-To: Fcc: ${MAIL_DIR}/sent References: -User-Agent: Notmuch/XXX Emacs/XXX --text follows this line-- Alex Botero-Lowry writes: @@ -521,7 +509,6 @@ test_emacs "(let ((message-hidden-headers '())) (notmuch-show \"id:${gen_msg_id}\") (notmuch-show-reply) (test-output))" -sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT cat <EXPECTED From: Notmuch Test Suite To: @@ -529,7 +516,6 @@ Subject: Re: Reply within emacs to an html-only message In-Reply-To: <${gen_msg_id}> Fcc: ${MAIL_DIR}/sent References: <${gen_msg_id}> -User-Agent: Notmuch/XXX Emacs/XXX --text follows this line-- Notmuch Test Suite writes: @@ -546,7 +532,6 @@ test_emacs "(let ((message-hidden-headers '())) (notmuch-show \"id:$message_id\") (notmuch-show-reply) (test-output))" -sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT cat <EXPECTED From: Notmuch Test Suite To: @@ -554,7 +539,6 @@ Subject: Re: Quote MML tags in reply In-Reply-To: Fcc: ${MAIL_DIR}/sent References: -User-Agent: Notmuch/XXX Emacs/XXX --text follows this line-- Notmuch Test Suite writes: