Package: icedove Version: 38.5.0-1~deb8u1 Severity: important Dear Maintainer,
icedove reveals the private client ip when using the ehlo comamnt with starttls Steps to reproduce: Setup an account using starttls to secure the smtp connection. Send an email while capturing the traffic using wireshark. Look at the line with the ehlo command from the client to the server. Actual results: The client sends an ehlo request to the server to start the tls connection. this request contains the ip address of the client. e.g. ehlo [1.2.3.4] Expected results: According to the smtp protocol definition, the ehlo command sends the "client" FQDN to the remote server, assuming however a server to server connection. Other Mail Clients use the hostname (not the FQDN) for the ehlo command, which also is some kind of information leakage, since individual hostnames can identify clients. However leaking the private ip can be catastrophic, e.g. when using VPN connections for privacy reasons. Since the "ehlo [ip]" is unencrypted it is possible to identify the client after the traffic leaves the VPN. This is just one example. The ehlo command does not need a specific string to be accepted by the server. "ehlo random_string" is accepted just als well. Since there is no need to send any specific information and according to RFC 2821 sending the hostname is not necessary, the optimal solution would be to send a random string. That would also provide the most privac -- System Information: Debian Release: 8.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages icedove depends on: ii debianutils 4.4+b1 ii fontconfig 2.11.0-6.3 ii libasound2 1.0.28-1 ii libatk1.0-0 2.14.0-1 ii libc6 2.19-18+deb8u2 ii libcairo2 1.14.0-2.1 ii libdbus-1-3 1.8.20-0+deb8u1 ii libdbus-glib-1-2 0.102-1 ii libevent-2.0-5 2.0.21-stable-2 ii libffi6 3.1-2+b2 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-3+deb8u1 ii libgcc1 1:4.9.2-10 ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u4 ii libglib2.0-0 2.42.1-1 ii libgtk2.0-0 2.24.25-3 ii libhunspell-1.3-0 1.3.3-3 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-0 1.36.8-3 ii libpixman-1-0 0.32.6-3 ii libsqlite3-0 3.8.7.1-1+deb8u1 ii libstartup-notification0 0.12-4 ii libstdc++6 4.9.2-10 ii libx11-6 2:1.6.2-3 ii libxcomposite1 1:0.4.4-1 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes3 1:5.0.1-2+b2 ii libxrender1 1:0.9.8-1+b1 ii libxt6 1:1.1.4-1+b1 ii psmisc 22.21-2 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages icedove recommends: ii hunspell-en-us [hunspell-dictionary] 20070829-6 ii iceowl-extension 38.5.0-1~deb8u1 Versions of packages icedove suggests: pn fonts-lyx <none> ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2 -- no debconf information