search

thunderbird / thunderbird-android

Thunderbird for Android – Open Source Email App for Android (fka K-9 Mail)
https://thunderbird.net/
Apache License 2.0
10.03k stars 2.47k forks source link

Add a way to download only the full headers and not the rest of the content #2819

Open suuuehgi opened 6 years ago

suuuehgi commented 6 years ago

Expectead behavior

Print complete header when pressing Show headers. I don't care about highlighting, plaintext is okay but print the complete header.

Actual behavior

k9 is not showing the full header. It appears as if just some special/known(?) parts of the header are chosen.

Example

This is a classical spam-header -- hence I leave the senders information.

k9
Message-ID: <ovyiwnq35671246.04083004@mail.mtsbu.us>
From: Zusatzliches Einkommen <ovyiwnq@mtsbu.us>
To: <censored@censored.com>
Subject: Zusätzliches Einkommen für alle
Date: Mon, 25 Sep 2017 23:41:23 +0300
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----9AVLIOCRAVG8Z8SJ6PZ1Z962WKLRFS"
Content-Transfer-Encoding: 7bit
Actually / Expected
Received: from mailer.censored.com (censored.10.17) by um-excht-a01.um.censored.com
 (censored.11.221) with Microsoft SMTP Server id 14.3.361.1; Mon, 25 Sep 2017
 22:41:36 +0200
Received: from censored.censored.com ([censored.82.140])    by mailer.censored.com
 with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from
 <ovyiwnq@mtsbu.us>)    id 1dwaC8-0001bk-Oc; Mon, 25 Sep 2017 22:41:36 +0200
Received: by censored.censored.com (Postfix)    id 591195A7; Mon, 25 Sep 2017
 22:41:36 +0200 (CEST)
Delivered-To: censored@censored.censored.com
Received: by censored.censored.com (Postfix, from userid 65534) id
 41631545C; Mon, 25 Sep 2017 22:41:36 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
    censored.censored.com
X-Spam-Level:
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,EXTRA_MPART_TYPE,
    HTML_IMAGE_ONLY_04,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,MPART_ALT_DIFF,
    RCVD_IN_DNSWL_HI,TVD_SPACE_RATIO,T_AXB_MIME_IMG830 autolearn=ham version=3.3.2
Received: from mailer.censored.com (mailer.censored.com [censored.10.26])   by  
 censored.censored.com (Postfix) with ESMTPS id A9D1A5A7;   Mon, 25 Sep 2017
 22:41:29 +0200 (CEST)
Received: from mfilter-123-1-1.mx.srv.dfn.de ([194.95.232.60])  by  
 mailer.censored.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)    (Exim
 4.80)  (envelope-from <ovyiwnq@mtsbu.us>)  id 1dwaC1-0001aM-J4; Mon, 25 Sep 
 2017 22:41:29 +0200
Received: from mail.mtsbu.us (mail.mtsbu.us [89.163.212.18])    by  
 mfilter-123-1-1.mx.srv.dfn.de (Postfix) with ESMTP;    Mon, 25 Sep 2017 22:41:25
 +0200 (CEST)
Received: from mtsbu.us (mail.mtsbu.us [89.163.212.18]) by mail.mtsbu.us
 (Postfix) with ESMTPA id D21A11C0F38;  Mon, 25 Sep 2017 23:41:21 +0300 (EEST)
Message-ID: <ovyiwnq35671246.04083004@mail.mtsbu.us>
From: Zusatzliches Einkommen <ovyiwnq@mtsbu.us>
To: <censored@censored.com>
Subject: =?utf-8?B?WnVzw6R0emxpY2hlcyBFaW5rb21tZW4gZsO8ciBhbGxl?=
Date: Mon, 25 Sep 2017 23:41:23 +0300
Content-Type: multipart/related; type="multipart/alternative";
    boundary="----=_NextPart_000_0006_01D33655.5FBCB8C0"
Precedence: bulk
List-Id: b83348430v73546086
X-Complaints-To: abuse@mtsbu.us
List-Unsubscribe: <http://mtsbu.us/ru/unsubscribe/do?hash=8100057523076787>
X-Virus-Scanned: (clean) by clamav
Return-Path: ovyiwnq@mtsbu.us
X-MS-Exchange-Organization-AuthSource: UM-EXCHT-A01.um.censored.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: mtsbu.us
X-MS-Exchange-Organization-SenderIdResult: Fail
Received-SPF: Fail (UM-EXCHT-A01.um.censored.com: domain of ovyiwnq@mtsbu.us does
 not designate censored.82.140 as permitted sender)
 receiver=UM-EXCHT-A01.um.censored.com; client-ip=censored.82.140;
 helo=mailer.censored.com;
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.16631.866;SID:SenderIDStatus Fail;OrigIP:censored.82.140
MIME-Version: 1.0

Environment

K-9 Mail version: 5.208

Android version: 7.1.2

Account type (IMAP, POP3, WebDAV/Exchange): IMAP

njeyaakili commented 6 years ago

I suspect that this is a large message, that isn't fully downloaded. You have to fully download the message (i.e., select the "Download complete message" button at the bottom) before you'll see the complete headers.

suuuehgi commented 6 years ago

Indeed! Now the full header appears -- but also the embedded content! This is a real no-go! When I just want to get the header, I don't want it do execute possibly malicious stuff.

philipwhiuk commented 6 years ago

We don't "execute content" under any circumstances. We don't download remote content unless you ask us to.

So for me it's kind of low priority to implement this kind of feature, but it could be done potentially. (I'm not sure how exactly IMAP works in practice here).

We'd want a new FetchProfile - FULL_HEADER.

suuuehgi commented 6 years ago

Thank you for your reply! Maybe I was unclear. Afaik k9 doesn't execute content in terms of binaries but k9 does open and therefore executes (or reads) embedded html content (like malicious images). I never ever want my phone to do so and afaik there is no other way to get to the plaintext header.

philipwhiuk commented 6 years ago

K-9 does not execute HTML content.

It passes the raw string data to Android WebView. WebView renders the HTML but does not fetch remote content, unless told to (it's network connection is disabled). We don't tell it to fetch remote content (by enabling it's network connection) until you click that button, regardless of whether we have the full message or not.

We also remove all scripts using a HTML cleaner tool.

suuuehgi commented 6 years ago

Thank you for your answer! But anyway, the HTML-content (in this case images) is being displayed in it's full glory as soon as I click on "Download complete message".

So, in this case, to read the full header, I have to click "Download complete message" and WebView then renders everything, right? Hum. :-(

ramack commented 5 years ago

Would be also great to be able to show (partial) content of some headers always (if header is available). Like the score or the tests of header "X-Spam-Status".

patch-work commented 2 years ago

This is a five years old problem that is still awaiting for a solution.

When K9 "fetches" messages up to a user-specified amount of bytes, it counts the header size as part of the total. If a messages is bigger than the specified amount, then K9 shows the "download complete message" button to download both the rest of the message and the rest of the header.

The approach is not efficient: to see the full header, K9 downloads the whole message, possibly including heavy attachments or inline graphics.

It has been proposed, several times, that when the user hits the "show headers" button, K9 should display the full header as per user request, and thus K9 should download it in full before displaying it. This is more efficient, in terms of bandwidth, than downloading the whole message, and less inconvenient, in terms of coding, than having to enhance K9's GUI to warn the user that the headers are incomplete and that yet another button needs to be pressed to download the rest of it.