Page MenuHomePhabricator
Differential D18983

Add basic support for a "Must Encrypt" mail flag which prevents unsecured content transmission
ClosedPublic
Actions

Authored by epriestley on Feb 1 2018, 4:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 1, 3:11 PM
Unknown Object (File)
Thu, Mar 28, 8:28 AM
Unknown Object (File)
Thu, Mar 28, 8:14 AM
Unknown Object (File)
Wed, Mar 27, 9:20 PM
Unknown Object (File)
Mar 10 2024, 3:22 AM
Unknown Object (File)
Jan 31 2024, 5:16 PM
Unknown Object (File)
Jan 27 2024, 9:25 PM
Unknown Object (File)
Jan 19 2024, 5:28 PM
View All 92 Files
Subscribers
None
Tokens
"Like" token, awarded by avivey.

Details

Reviewers
amckinley
Maniphest Tasks
T13053: Plans: Mail Tags and Failover
Commits
rP7b2b5cd91e01: Add basic support for a "Must Encrypt" mail flag which prevents unsecured…
Summary

Ref T13053. See PHI291. For particularly sensitive objects (like security issues), installs may reasonably wish to prevent details from being sent in plaintext over email.

This adds a "Must Encrypt" mail behavior, which discards mail content and all identifying details, replacing it with a link to the /mail/ application. Users can follow the link to view the message over HTTPS.

The flag discards body content, attachments, and headers which imply things about the content of the object. It retains threading headers and headers which may uniquely identify the object as long as they don't disclose anyting about the content.

The bin/mail list-outbound command now flags these messages with a # mark.

The bin/mail show-outbound command now shows sent/suppressed headers and the body content as delivered (if it differs from the original body content).

The /mail/ web UI now shows a tag for messages marked with this flag.

For now, there is no way to actually set this flag on mail.

Test Plan
  • Forced this flag on, made comments and took actions to send mail.
  • Reviewed mail with bin/mail and /mail/ in the web UI, saw all content information omitted.

Diff Detail

Repository
rP Phabricator
Branch
mail1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 19317
Build 26108: Run Core Tests
Build 26107: arc lint + arc unit

Event Timeline

epriestley created this revision.Feb 1 2018, 4:39 PM
Harbormaster completed remote builds in B19315: Diff 45525.Feb 1 2018, 4:40 PM
epriestley requested review of this revision.Feb 1 2018, 4:40 PM
avivey awarded a token.Feb 1 2018, 5:01 PM
epriestley updated this revision to Diff 45526.Feb 1 2018, 5:27 PM
  • Add a missing UI check before showing the tag on the detail view.
Harbormaster completed remote builds in B19316: Diff 45526.Feb 1 2018, 5:27 PM
Harbormaster completed remote builds in B19316: Diff 45526.
epriestley updated this revision to Diff 45527.Feb 1 2018, 5:30 PM
  • Spell "secure" in a more conventional way.
Harbormaster completed remote builds in B19317: Diff 45527.Feb 1 2018, 5:32 PM
epriestley added a child revision: D18984: Add a Herald action to trigger "Must Encrypt" for mail.Feb 1 2018, 5:34 PM
amckinley accepted this revision.Feb 2 2018, 1:14 AM
This revision is now accepted and ready to land.Feb 2 2018, 1:14 AM
Closed by commit rP7b2b5cd91e01: Add basic support for a "Must Encrypt" mail flag which prevents unsecured… (authored by epriestley). · Explain WhyFeb 2 2018, 10:34 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Diff 45527

View Options

src/applications/metamta/controller/PhabricatorMetaMTAMailViewController.php

Loading...
View Options

src/applications/metamta/management/PhabricatorMailManagementListOutboundWorkflow.php

Loading...
View Options

src/applications/metamta/management/PhabricatorMailManagementShowOutboundWorkflow.php

Loading...
View Options

src/applications/metamta/storage/PhabricatorMetaMTAMail.php

Loading...
Phabricator · Built by Phacility