Document that disabling "metamta.one-mail-per-recipient" leaks recipients for "Must Encrypt"
ClosedPublic
Actions

Authored by epriestley on Feb 7 2018, 11:52 AM.

Details

Reviewers

amckinley

Maniphest Tasks

T13053: Plans: Mail Tags and Failover

Commits

rP6e5df2dd714e: Document that disabling "metamta.one-mail-per-recipient" leaks recipients for…

Summary

Depends on D19013. Ref T13053. When mail is marked "Must Encrypt", we normally do not include recipient information.

However, when metamta.one-mail-per-recipient is disabled, the recipient list will leak in the "To" and "Cc" headers. This interaction is probably not very surprising, but document it explicitly for completeness.

(Also use "Mail messages" instead of "Mails".)

Test Plan

Read documentation in the "Config" application.

Diff Detail

Repository

rP Phabricator

Branch

mailer12

Lint

Lint Passed

Unit

Tests Passed

Build Status

Buildable 19377
Build 26204: Run Core Tests
Build 26203: arc lint + arc unit

Event Timeline

epriestley created this revision.Feb 7 2018, 11:52 AM

Harbormaster completed remote builds in B19377: Diff 45583.Feb 7 2018, 11:53 AM

epriestley requested review of this revision.Feb 7 2018, 11:53 AM

epriestley added a child revision: D19015: In HTML mail, make the text for mail stamps in mail bodies smaller and lighter.Feb 7 2018, 12:00 PM

This revision was not accepted when it landed; it landed in state Needs Review.Feb 8 2018, 2:23 PM

Closed by commit rP6e5df2dd714e: Document that disabling "metamta.one-mail-per-recipient" leaks recipients for… (authored by epriestley). · Explain Why

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

config/

option/

PhabricatorMetaMTAConfigOptions.php

6 lines

Diff 45583

View Options

src/applications/config/option/PhabricatorMetaMTAConfigOptions.php

Document that disabling "metamta.one-mail-per-recipient" leaks recipients for "Must Encrypt"ClosedPublicActions