Re: [Evolution] Evolution resolves MLs to to, instead of using ML-address - compliance/privacy issue
On 3/25/21 3:30 AM, Sebastian Rottmann wrote: But evolution does some kind of usability and gives autocomplete to the user. The user then sees "mailinglist >" when they write their mail. If the user then presses enter the to: just shows an "mailinglist". When they send this mail, the mailinglist gets resolved to all people subscribed to the list, when sended. Every recipient of the mail (subscriber to the mailinglist) then sees everyone else (every subscriber) when they receive the mail. I foresee a privacy compliance issue on the horizon. I don't know the solution to your problem but there are a few things here that stand out. If the emails to the list do not normally include all of the users and email addresses then that cannot be the source of the autocomplete. The source of the autocomplete must be your Exchange server. Evolution is querying the database for the autocomplete list. It does this for LDAP too if it is configured. Since anyone with the same search permissions as your email sender can search the server for the mailing list members, fixing Evolution does not actually help you here. I think you need to fix your Exchange server so it does not provide the list membership in response to user search. Where else could the full user list come from, if not from your server? -- Knowledge is Power -- Power Corrupts Study Hard -- Be Evil ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] Evolution resolves MLs to to, instead of using ML-address - compliance/privacy issue
On Thu, 2021-03-25 at 10:30 +0100, Sebastian Rottmann wrote: > working against an Exchange Mailserver. We do have a lot of cases, > where let's say, someone writes an mail to "mailingl...@company.com". Hi, how do you connect to the server, please? I suppose it's by using evolution-ews, right? This adds also user's address books, especially the Global Address List (GAL). > > So here is the issue: If the user writes the full address, everything > works ok. The mail has "to/from: mailingl...@company.com" for sender > and receipient. Mail-Filters work and nobody knows who is subscribed to > the list. Where does it get the address from, from the GAL? The evolution-ews expands distribution lists with respective members. I do not see any option to turn that off. You can disable auto-completion for the GAL (in Edit->Preferences ->Contacts), but it won't auto-complete any contact from there, meaning nobody from the company, which is not what you want. Adding a mailingl...@company.com contact into another address book enabled for completion (like On This Computer/Personal) might not always work - that would be a timing issue, which book provides the contact first would "win". You can file a feature request against evolution-ews [1] (if you use that), to add the option to not expand the distribution lists. Or maybe they should not be expanded in the GAL, only in the other address books. It's required to expand them, to be able to edit the members of it. Bye, Milan [1] https://gitlab.gnome.org/GNOME/evolution-ews/-/issues/new ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
[Evolution] Evolution resolves MLs to to, instead of using ML-address - compliance/privacy issue
Hi, I hope I can explain our problem, so you guys can understand what our problem is. Don't hesitate to ask, or correct me. We have Linux-Clients (Fed33) with Evolution 3.38.4 ((3.38.4-1.fc33)) working against an Exchange Mailserver. We do have a lot of cases, where let's say, someone writes an mail to "mailingl...@company.com". So here is the issue: If the user writes the full address, everything works ok. The mail has "to/from: mailingl...@company.com" for sender and receipient. Mail-Filters work and nobody knows who is subscribed to the list. But evolution does some kind of usability and gives autocomplete to the user. The user then sees "mailinglist >" when they write their mail. If the user then presses enter the to: just shows an "mailinglist". When they send this mail, the mailinglist gets resolved to all people subscribed to the list, when sended. Every recipient of the mail (subscriber to the mailinglist) then sees everyone else (every subscriber) when they receive the mail. I foresee a privacy compliance issue on the horizon. We figured out that it may have something to do with the vcard3 format of the evolution data server. We don't have this issue with OWA and mutt users. Is there a way to avoid this with evolution? I would be fine if there would be no autocomplete and users would have to write down the full mail address. We do have a lot of non-technical users which won't understand if we tell them how to address mailinglists the evolution-way (write the full addresses). Thanks in advance /Sebastian signature.asc Description: This is a digitally signed message part ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
