Using the latest The Bat Voyager 8.4.0.6 , as well as some 5-year-old version leads to this unexpected security leak. How to reproduce:
1) Use Gmail IMAP account in Voyager
2) Send an email
3) Sync [GMAIL]\Sent Mail folder with IMAP in The Bat, your message will appear there.
4) Open message header, you will see you local computer hostname (LOCALPC1.LOCALDOMAIN.LOCAL) together with global one, somthing like that:
I find this pretty much unacceptable to expose internal computer name to the public because it may contain come interesting information as well. What can be done to fix or investigate that?
Thanks
P.S. Your server sending emails to furum users is not vulnerable and is hardened on this issue not exposing any internal names:
1) Use Gmail IMAP account in Voyager
2) Send an email
3) Sync [GMAIL]\Sent Mail folder with IMAP in The Bat, your message will appear there.
4) Open message header, you will see you local computer hostname (LOCALPC1.LOCALDOMAIN.LOCAL) together with global one, somthing like that:
| Code |
|---|
Received: from LOCALPC1.LOCALDOMAIN.LOCAL (ppp183-37-15-165.pppoe.vodafone.eg [183.37.15.165]) by smtp.gmail.com with ESMTPSA id k1-v6sm354328221lja.59.2018.11.01.12.43.31 for <xxxxxxx@xx.xx> (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 01 Nov 2018 12:43:32 -0700 (PDT) |
Thanks
P.S. Your server sending emails to furum users is not vulnerable and is hardened on this issue not exposing any internal names:
| Code |
|---|
Received: from mail.ritlabs.com ([127.0.0.1]) by localhost (mail.ritlabs.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I5x0XOta0_kX; Thu, 1 Nov 2018 22:08:56 +0200 (EET) Received: from www.ritlabs.com (unknown [10.10.11.24]) by mail.ritlabs.com (Postfix) with ESMTP id 7E3032601C4; Thu, 1 Nov 2018 22:08:56 +0200 (EET) |