[Dovecot] Are host names a secret?
Timo Sirainen
tss at iki.fi
Fri Jul 17 00:05:42 EEST 2009
On Thu, 2009-07-16 at 22:57 +0200, Geert Hendrickx wrote:
> On Thu, Jul 16, 2009 at 04:30:00PM -0400, Timo Sirainen wrote:
> > Some time ago I added the ability for IMAP clients to fetch messages'
> > GUIDs using FETCH X-GUID command. Because of a bug it wasn't working in
> > 1.2.0 or 1.2.1, but I've fixed it now. But now I'm starting to wonder:
> > With Maildirs the GUIDs are the maildir base filenames, which contain
> > host names. Is it a bad idea to expose them to users?
>
>
> Why?
I don't know. That's why I'm asking. :)
> Users can see hostnames in eg. Received headers as well?
The SMTP servers' headers, sure. That's a pretty known issue. And maybe
some even filter out some Received headers before going outside.
With large installations with multiple servers that could allow user to
see e.g. if they're on the same server as someone else they know, or
when they get moved to a different servers, etc.. But is this a real
issue? Maybe not.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090716/28e767be/attachment.bin
More information about the dovecot
mailing list