[MlMt] Re: Security (Benny Kjær Nielsen)

uncat uncat at torrecillas.com
Wed Jan 17 11:47:28 EST 2018


> 
>>> Is my password to my email account or my email address stored  
>>> anywhere?
>> 
>> The password can (not must) be stored in the Mac OS X keychain.
>> 
>>> Or sent anywhere?
>> 
>> MailMate is not "cloud" - so except the mail server itself I assume it 
>> stays on your machine.
>> 
>>> Is there any assurance of that?
>> 
>> I hope Benny will answer your mail too and back me up :-)

> I back you up. Only thing to add is that one should make sure that SSL 
> is always enabled such that a password is never sent to the IMAP/SMTP 
> server in plain text. Note that most proper email servers wouldn't even 
> allow non-SSL connections.

Is there a Privacy Policy shown during the installation by chance?

-- 
Daniel

On Jan 17, 2018, at 7:44 AM, mailmate-request at lists.freron.com wrote:

Send mailmate mailing list submissions to
	mailmate at lists.freron.com

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.freron.com/listinfo/mailmate
or, via email, send a message with subject or body 'help' to
	mailmate-request at lists.freron.com

You can reach the person managing the list at
	mailmate-owner at lists.freron.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of mailmate digest..."


Today's Topics:

  1. forwarding HTML emails (Tracy Valleau)
  2. Re: forwarding HTML emails (Bill Cole)
  3. Security (uncat)
  4. Re: Security (Fabian Blechschmidt)
  5. Re: Security (Jan Erik =?utf-8?q?Mostr=C3=B6m?=)
  6. Re: forwarding HTML emails (Benny Kjær Nielsen)
  7. Re: Security (Benny Kjær Nielsen)
  8. Re: Security (Steven M. Bellovin)
  9. Re: How to get rid of a bad email address (Annamarie)
 10. Re: Security (Benny Kjær Nielsen)


----------------------------------------------------------------------

Message: 1
Date: Tue, 16 Jan 2018 15:00:28 -0800
From: "Tracy Valleau" <tracy at dlsi.biz>
To: mailmate at lists.freron.com
Subject: [MlMt] forwarding HTML emails
Message-ID: <7DAD0F13-58FB-4B9F-85AC-4070BD415FE7 at dlsi.biz>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

Hello
Do I take it that  forwarding HTML emails can still only be done via 
attachment?

If so, I'm curious as to why, technically. Since MM can show HTML emails 
now, why can't it (just)  forward them?

Tracy
www.valleau.art


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20180116/791db7a4/attachment-0001.html>

------------------------------

Message: 2
Date: Wed, 17 Jan 2018 00:02:56 -0500
From: "Bill Cole" <mmlist-20120120 at billmail.scconsult.com>
To: "MailMate Users" <mailmate at lists.freron.com>
Subject: Re: [MlMt] forwarding HTML emails
Message-ID:
	<487F7308-CEE0-4868-B1BB-C8D8875E407A at billmail.scconsult.com>
Content-Type: text/plain; format=flowed

On 16 Jan 2018, at 18:00 (-0500), Tracy Valleau wrote:

> Hello
> Do I take it that  forwarding HTML emails can still only be done via 
> attachment?

Not if you're using the 2.0BETA series, which has a plethora of controls 
for perpetuating a bad idea in the Composer panel of the Preferences...

> If so, I'm curious as to why, technically. Since MM can show HTML 
> emails now,

When couldn't it? I adopted MM circa v1.5 and my first pestering of 
Benny was to work out how to make it easier to config MM to only render 
HTML when absolutely needed.

> why can't it (just)  forward them?

This is fundamentally problematic because "just forward them" does not 
have a well-defined technical meaning other than embedding the full 
original message as an attachment. If you want something else, I *THINK* 
the MM options for tweaking HTML forwarding should give you something 
you can live with.

-- 
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole


------------------------------

Message: 3
Date: Tue, 16 Jan 2018 23:27:00 -0800
From: uncat <uncat at torrecillas.com>
To: mailmate at lists.freron.com
Subject: [MlMt] Security
Message-ID: <E46D1B6E-31B5-49E0-9076-3299FF3BF061 at torrecillas.com>
Content-Type: text/plain;	charset=us-ascii

Hi,

I'm interested in trying out MailMate. Questions: Is my password to my email account or my email address stored anywhere? Or sent anywhere? Is there any assurance of that?

-- 
Daniel

------------------------------

Message: 4
Date: Wed, 17 Jan 2018 08:33:57 +0100
From: "Fabian Blechschmidt" <lists-freron-com at fabian-blechschmidt.de>
To: blogs at torrecillas.com, "MailMate Users"
	<mailmate at lists.freron.com>
Subject: Re: [MlMt] Security
Message-ID:
	<5406E8EA-FA32-4EFC-840E-EE807E9ACED6 at fabian-blechschmidt.de>
Content-Type: text/plain; format=flowed

On 17 Jan 2018, at 8:27, uncat wrote:

> Hi,
> 
> I'm interested in trying out MailMate. Questions: Is my password to my 
> email account or my email address stored anywhere? Or sent anywhere? 
> Is there any assurance of that?
> 
> -- 
> Daniel

Hi Daniel,

I'm only a user, so this answer are only observation - I have no access 
to the code.

> Is my password to my email account or my email address stored  
> anywhere?

The password can (not must) be stored in the Mac OS X keychain.

> Or sent anywhere?

MailMate is not "cloud" - so except the mail server itself I assume it 
stays on your machine.

> Is there any assurance of that?

I hope Benny will answer your mail too and back me up :-)


------------------------------

Message: 5
Date: Wed, 17 Jan 2018 10:05:29 +0100
From: "Jan Erik =?utf-8?q?Mostr=C3=B6m?=" <lists at mostrom.pp.se>
To: "MailMate Users" <mailmate at lists.freron.com>
Subject: Re: [MlMt] Security
Message-ID: <E45268A4-6B95-4814-A47F-30406D319D06 at mostrom.pp.se>
Content-Type: text/plain; format=flowed

On 17 Jan 2018, at 8:33, Fabian Blechschmidt wrote:

> Or sent anywhere?
> 
> 
> MailMate is not "cloud" - so except the mail server itself I assume it 
> stays on your machine.

Except for the obvious thing of logging in to the mail server to 
validate that you is you.

= jem


------------------------------

Message: 6
Date: Wed, 17 Jan 2018 11:49:04 +0100
From: "Benny Kjær Nielsen" <mailinglist at freron.com>
To: "MailMate Users" <mailmate at lists.freron.com>
Subject: Re: [MlMt] forwarding HTML emails
Message-ID: <DCF22C3A-1681-4AF8-8E9F-D99EF4181A94 at freron.com>
Content-Type: text/plain; format=flowed

On 17 Jan 2018, at 6:02, Bill Cole wrote:

>> why can't it (just)  forward them?
> 
> This is fundamentally problematic because "just forward them" does not 
> have a well-defined technical meaning other than embedding the full 
> original message as an attachment. If you want something else, I 
> *THINK* the MM options for tweaking HTML forwarding should give you 
> something you can live with.

Yes, both 1.10 and 2.0BETA has the ability to embed the original HTML 
when needed. This is very similar to what other email clients do except 
for the fact that you cannot edit the HTML. If you try then MailMate 
tells you that it'll convert it to plain text first.

It's very tricky (for all email clients) to embed HTML, because HTML 
wasn't designed for this purpose. MailMate uses an external CSS inliner 
(Premailer) to work around most of these problems, but as previously 
discussed on this list then this can be slow at times.

(The problem of embedding HTML is even bigger for webmail clients.)

-- 
Benny
https://freron.com/become_a_mailmate_patron/


------------------------------

Message: 7
Date: Wed, 17 Jan 2018 11:51:33 +0100
From: "Benny Kjær Nielsen" <mailinglist at freron.com>
To: "MailMate Users" <mailmate at lists.freron.com>
Subject: Re: [MlMt] Security
Message-ID: <E729C362-2504-44A6-8942-DFD518424B4B at freron.com>
Content-Type: text/plain; format=flowed

On 17 Jan 2018, at 8:33, Fabian Blechschmidt wrote:

>> Is my password to my email account or my email address stored  
>> anywhere?
> 
> The password can (not must) be stored in the Mac OS X keychain.
> 
>> Or sent anywhere?
> 
> MailMate is not "cloud" - so except the mail server itself I assume it 
> stays on your machine.
> 
>> Is there any assurance of that?
> 
> I hope Benny will answer your mail too and back me up :-)

I back you up. Only thing to add is that one should make sure that SSL 
is always enabled such that a password is never sent to the IMAP/SMTP 
server in plain text. Note that most proper email servers wouldn't even 
allow non-SSL connections.

-- 
Benny
https://freron.com/become_a_mailmate_patron/


------------------------------

Message: 8
Date: Wed, 17 Jan 2018 08:06:11 -0500
From: "Steven M. Bellovin" <smb at cs.columbia.edu>
To: "MailMate Users" <mailmate at lists.freron.com>
Subject: Re: [MlMt] Security
Message-ID: <085CDD6B-7115-4C1E-AD47-EF10A6240A76 at cs.columbia.edu>
Content-Type: text/plain; charset=utf-8; format=flowed

On 17 Jan 2018, at 5:51, Benny Kjær Nielsen wrote:

> On 17 Jan 2018, at 8:33, Fabian Blechschmidt wrote:
> 
>>> Is my password to my email account or my email address stored  
>>> anywhere?
>> 
>> The password can (not must) be stored in the Mac OS X keychain.
>> 
>>> Or sent anywhere?
>> 
>> MailMate is not "cloud" - so except the mail server itself I assume 
>> it stays on your machine.
>> 
>>> Is there any assurance of that?
>> 
>> I hope Benny will answer your mail too and back me up :-)
> 
> I back you up. Only thing to add is that one should make sure that SSL 
> is always enabled such that a password is never sent to the IMAP/SMTP 
> server in plain text. Note that most proper email servers wouldn't 
> even allow non-SSL connections.
> 
What authentication options that don't involve sending passwords does 
MailMate support? Is there a way to configure MM to use only one of 
these safer options if available? I know that I use it with an IMAP 
server that only supports CRAM-MD5 and DIGEST-MD5. There are others 
possible, such as client-side certificates.  (To the original querier: 
if you control your IMAP server, disable plaintext password logins.)


        --Steve Bellovin, https://www.cs.columbia.edu/~smb




------------------------------

Message: 9
Date: Wed, 17 Jan 2018 09:19:54 -0500
From: Annamarie <annamarie.pluhar at gmail.com>
To: "MailMate Users" <mailmate at lists.freron.com>
Subject: Re: [MlMt] How to get rid of a bad email address
Message-ID: <2A9AA6A1-487C-4671-B7D2-7EB5098973AC at gmail.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

Many thanks! Proving once again that the answer is a keystroke away. : )

Annamarie


Annamarie Pluhar
802-451-1941
802-579-5975 (iPhone - not good when I'm at my desk.)

On 16 Jan 2018, at 10:17, John Cooper wrote:

> Annamarie wrote (at 6:31 on 16 Jan 2018):
> 
>> So I have three emails I've sent out that misspell the address...MM 
>> annoyingly finds the misspelled one and uses it. I know I can fix 
>> this by deleting the misaddressed emails in my Sent Folder BUT I need 
>> the record of what I've sent so I don't want to delete them.
>> 
>> What can I do to stop MM from using the bad one - beside paying close 
>> attention to it?
> 
> I haven't personally tested these methods, but based on my 
> understanding of MailMate you have two methods from which to choose:
> 
> 1. Move the misaddressed messages out of your Sent folder and into 
> another folder.
> 2. Blacklist the incorrect addresses:
> 
>    a. Open a message that contains an incorrect address.
>    b. Right-click the address you want to tell MailMate not to use.
>    c. Click **Add "<address>" to Blacklist.**
> 
> John


> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> https://lists.freron.com/listinfo/mailmate
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20180117/07bff5d9/attachment-0001.html>

------------------------------

Message: 10
Date: Wed, 17 Jan 2018 16:44:20 +0100
From: "Benny Kjær Nielsen" <mailinglist at freron.com>
To: "MailMate Users" <mailmate at lists.freron.com>
Subject: Re: [MlMt] Security
Message-ID: <5A26F29D-26EA-415D-A3F0-A4F3367018C6 at freron.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

On 17 Jan 2018, at 14:06, Steven M. Bellovin wrote:

> What authentication options that don't involve sending passwords does 
> MailMate support? Is there a way to configure MM to use only one of 
> these safer options if available? I know that I use it with an IMAP 
> server that only supports CRAM-MD5 and DIGEST-MD5.

MailMate only supports `CRAM-MD5`. It can be forced to only use this by 
editing `Sources.plist` (and `Submission.plist`) to include this for 
each account:

	authMechanism = 'CRAM-MD5';

(`XOAUTH` is also supported for Gmail/Outlook.)

The only real reason for the lack of support of other mechanisms is that 
I implemented it myself instead of using a library which probably 
supports more methods (I haven't checked recently).

Also, most of the servers I have access to only support very few 
authentication methods. They don't even support `CRAM-MD5`.

-- 
Benny
https://freron.com/become_a_mailmate_patron/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20180117/2e8b7f22/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
mailmate mailing list
mailmate at lists.freron.com
https://lists.freron.com/listinfo/mailmate


------------------------------

End of mailmate Digest, Vol 82, Issue 15
****************************************



More information about the mailmate mailing list