From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id E8D936DE0197 for ; Fri, 20 Dec 2019 11:33:47 -0800 (PST) Authentication-Results: arlo.cworth.org; dkim=permerror (0-bit key) header.d=fifthhorseman.net header.i=@fifthhorseman.net header.b="zEV9vPyc"; dkim=pass (2048-bit key; unprotected) header.d=fifthhorseman.net header.i=@fifthhorseman.net header.b="1Rzg9V7o"; dkim-atps=neutral X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -1.526 X-Spam-Level: X-Spam-Status: No, score=-1.526 tagged_above=-999 required=5 tests=[AWL=0.975, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wF7-GMBXStbP for ; Fri, 20 Dec 2019 11:33:46 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 71BC16DE0196 for ; Fri, 20 Dec 2019 11:33:46 -0800 (PST) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1576870425; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=/1cGUGZTZnpILIASeoADeMhnXrFHiWojHDlZuseeOMw=; b=zEV9vPyc54iKW3oJ5chahOUy4sc7XGxCEUJKWY9/JSIbnCZnqk0Guf0R Bz3A0Qp8lS6iarhKKg0ydBjXFW78CA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1576870425; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=/1cGUGZTZnpILIASeoADeMhnXrFHiWojHDlZuseeOMw=; b=1Rzg9V7oXSpkHvwRhf8mm6zpeVdS5kALBwVeYpHXFCBsv4Lv53qinoqc NsRZRJlUJTqEHW0Y7gxfj/+zuJpMY5SeED6Wnd5e35NqjdtMHqTonjaDxY 22n4LwNVjUp6p1Ys0eP5dpls+yKu0ELMgEMG63D9YvV7O9Tnc8QqIosHwF +NOohJigJZr8kjSuPzWi4uFCiNsLo7M2kUyCCWy2X4UEQB8DCLCQrnHkqb EzpUDLU6oZMpp5fN9sOx5rphWnFp/gtTigFlNUbt7qpyHcw+eNrvMAgy6q oQY8ctk8HUZPV58XIVcxVKCBHCSVWEpfllgiG4R34Y7sx3eE7QHt7g== Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 37D88F9A7 for ; Fri, 20 Dec 2019 14:33:44 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 79CF920422; Fri, 20 Dec 2019 13:50:03 -0500 (EST) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: filtering headers from forwarded messages Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw== Date: Fri, 20 Dec 2019 13:50:03 -0500 Message-ID: <877e2qbzms.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 19:33:48 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable hey folks-- i recently had cause to forward a set of messages to a colleague via notmuch (thank you for "notmuch-show-forward-open-messages"!), and noticed that forwarding messages that i've personally received leaks quite a bit of metadata about message delivery paths that is (a) generally not useful when i'm forwarding in order to transfer the message content, and (b) potentially harmful to users whose message routing path reveals something bad or awkward about their setup. For example, maybe for some people, their incoming mail path shows that they're actually reading their personal e-mail on their employer's mailsystems, but they don't want to expose their place of employment to someone just by forwarding a message. (this path is exposed by Received: headers) Or, there are internal headers added by local antispam or antimalware filters, and they don't want to expose the specifics of their filtering defenses because it might enable attacks on those systems (or customized bypass mechanisms). So, it occurs to me that someone might want to forward a message (or messages) while filtering the headers in some way. Of course, for messages being forwarded for the purpose of debugging the transit path, you *don't* want to filter out headers. In notmuch-emacs, i can manually filter the headers by editing the reply compose buffer, of course, but it's kind of a pain, and it'd be nice to have it done automatically for me. Some possible filters i can imagine (which might well have problems, i would appreciate any review): - blocklist: remove all headers that are in a fixed set: (Received, Delivered-To, Received-SPF, X-Original-To, Return-Path, X-Virus-Check-By, X-Virus-Scanned, Authentication-Results, X-MS-*, X-Microsoft-*) =20 - allowlist: remove all headers except for a fixed set (To, From, Cc, Subject, Date, Message-Id, References, In-Reply-To, MIME-Version, Content-*, List-*, Sender) - ordered removal: remove all headers up to and including the last Received line Has anyone else considered this use case, or thought about how to make it easy/simple to do the right thing when using Notmuch? Are there other factors that are worth considering? --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTJDm02IAobkioVCed2GBllKa5f+AUCXf0X2wAKCRB2GBllKa5f +IqKAP4hmrMg5iLtTwwxHrqushoZu4+G+DajqnSpy3r08lx+dwD/VjRv1YVRaVMm TvcQpdPu+PNIuHsFQctrgkK7xH0o4Q8= =fXQt -----END PGP SIGNATURE----- --=-=-=--