You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since the last update, the privacy mode seems to be slightly broken. Before, when enabled, it would not disclose any information on the sending SMTP server, now it does partially or fully depending on what mode is set.
With privacy mode enabled the headers appear like:
Received: by postal.host with SMTP; Mon, 20 May 2024 16:00:21 +0000
Received: from sending.host (localhost [IPv6:::1]) by sending.host (Postfix) with ESMTPS id 0C222B2F05 for <x@x.com>; Mon, 20 May 2024 16:00:21 +0000
but with it disabled they appear like:
Received: from sending.host (sending.host [2001:xx:xx::xx]) by postal.host with SMTP; Mon, 20 May 2024 15:58:03 +0000
Received: from sending.host (localhost [IPv6:::1]) by sending.host (Postfix) with ESMTPS id 9EFA011D194 for <x@x.com>; Mon, 20 May 2024 15:58:02 +0000
It used to only ever show:
Received: by postal.host with SMTP; Mon, 20 May 2024 16:00:21 +0000
The text was updated successfully, but these errors were encountered:
We've always used it in this way for some pre-routing we have to do before sending.
I restored an old backup of postal last night for testing and it did not do this previously. As per the last example, the same output was seen both indirectly and directly.
It looks like previously Postal had been stripping off anything before it had received it, which was desirable now and it appears now it does not.
It looks like this is related to #2781. So whereas this was good for protecting internal hosts that use SMTP and postal as an outbound gateway, the new code reveals far too much information.
Downgrading "resolved" the issue, but it may be there needs to be a middle, configurable, ground as to what people want to hide or show.
Describe the bug
Since the last update, the privacy mode seems to be slightly broken. Before, when enabled, it would not disclose any information on the sending SMTP server, now it does partially or fully depending on what mode is set.
With privacy mode enabled the headers appear like:
but with it disabled they appear like:
It used to only ever show:
The text was updated successfully, but these errors were encountered: