[Dovecot] Are host names a secret?

Axel Luttgens AxelLuttgens at swing.be
Fri Jul 17 01:12:01 EEST 2009


Le 16 juil. 09 à 23:05, Timo Sirainen a écrit :

> On Thu, 2009-07-16 at 22:57 +0200, Geert Hendrickx wrote:
>> On Thu, Jul 16, 2009 at 04:30:00PM -0400, Timo Sirainen wrote:
>>> Some time ago I added the ability for IMAP clients to fetch  
>>> messages'
>>> GUIDs using FETCH X-GUID command. Because of a bug it wasn't  
>>> working in
>>> 1.2.0 or 1.2.1, but I've fixed it now. But now I'm starting to  
>>> wonder:
>>> With Maildirs the GUIDs are the maildir base filenames, which  
>>> contain
>>> host names. Is it a bad idea to expose them to users?
>>
>>
>> Why?
>
> I don't know. That's why I'm asking. :)
>
>> Users can see hostnames in eg. Received headers as well?
>
> The SMTP servers' headers, sure. That's a pretty known issue. And  
> maybe
> some even filter out some Received headers before going outside.

What shouldn't be allowed wrt RFC rules, unless I'm wrong: at any  
time, the user should be able to trace the path of a received message  
(an SMTP server MUST add a Received header, never remove or modify  
such a header).


> With large installations with multiple servers that could allow user  
> to
> see e.g. if they're on the same server as someone else they know, or
> when they get moved to a different servers, etc.. But is this a real
> issue? Maybe not.

I tend to agree with the latter.
First, hiding the info would tend towards security through obscurity.
Second, it is very likely that the info would anyway be leaked through  
some other parts of the transport layers.
Third, one may hope that the security of smtp/imap/pop softwares  
doesn't depend on the availability of such info. ;-)

But it could be very likely that I just missed your concern, in which  
case please don't hesitate to position back the thing!

Axel



More information about the dovecot mailing list