Closed ask2018 closed 6 years ago
vladimiry
commented
6 years ago Going to investigate what are the blocked requests, app itself interacts with https://mail.protonmail.com only, you can see that looking into the code. Most likely blocked requests are update check requests produced by electron-updater module, such requests are happening on app start and then every 30 minutes.
ask2018
commented
6 years ago Yes its on app start and then after some time period. I've tried to look on DNS requests on program start and it wants to resolve those github.com mail.protonmail.com ctldl.windowsupdate.com ocsp.quovadisglobal.com crl.quovadisglobal.com ev.ocsp.quovadisglobal.com
So looks like mostly some certificate download requests, but why exactly?
vladimiry
commented
6 years ago Can you try this version https://www.dropbox.com/s/fquubq186t9ldqn/protonmail-desktop-app-0.4.0-windows-nsis-installer.exe?dl=0? Having installed it, go to the "general" settings and disable Check for updates and notify on app start option there.
ask2018
commented
6 years ago Github connection on port 443 is gone with version 0.4.0 and disabled check for updates, but the rest attempts to port 80 for these is still there and still not sure why exactly ctldl.windowsupdate.com ocsp.quovadisglobal.com crl.quovadisglobal.com ev.ocsp.quovadisglobal.com
vladimiry
commented
6 years ago still not sure why exactly
Have no idea so far about remaining requests, on Win 10 it's not reproducible (tried using Fiddler sniffer).
vladimiry
commented
6 years ago Can you try to monitor the network activity using Fiddler or any other network sniffer having your firewall enabled and then disabled, to make sure that it's not a firewall somehow causes the issue, as there is no such side requests on clean Win 10 based on the Fiddler report. I'm not sure I will be able to play around this on Win 7 in the near future.
ask2018
commented
6 years ago I did just quick check for DNS request using DNS Query Sniffer and its still there firewall enabled or disabled. But ocsp parts are also in browser and looks like its this https://support.quovadisglobal.com/kb/a415/what-is-ocsp-stapling.aspx Also protonmail cert is verified by this company. So should be probably ok.
vladimiry
commented
6 years ago Ok closing then. The good part is that we got a new feature "disabling update check" because of this issue :smile:
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
1 year ago on last update, i can see attempts to connect on port 80 as well, but doesn't look like ocsp. any idea what these could be? a2-16-172-11.deploy.static.akamaitechnologies.com a92-123-189-138.deploy.static.akamaitechnologies.com
vladimiry
commented
1 year ago @fusionneur no idea. I'd recommend enabling Block non "API entry point"-based network requests to all email accounts. A red alert message will be displayed each time when the request gets blocked by the app. So might be annoying feature.
vladimiry
commented
1 year ago on last update, i can see attempts to connect on port 80 as well
Try disabling the update check feature in the app's general settings block and restart the app then.
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
1 year ago i already have both already: "block non api entry point... " enabled, and updates disabled
vladimiry
commented
1 year ago "block non api entry point... "
This only works for the webview the proton web clients loaded in, as enabled per account. But outer @electron itself might technically connect somewhere too. One option if such connection is downloading dictionaries for spellchecking feature, but this is a one time action per enabled language.
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
1 year ago putting my 2 cents here... i blocked port 80 on firewall since 1 march and seen no impact on the functionality. the requests are daily several times, each time with several attempts spamming my firewall's log.
could it be possible to add toggles to disable dictionaries/spellchecking periodic download?
vladimiry
commented
1 year ago vladimiry
commented
1 year ago Consider disabling "update check" and "spellcheck" features in the app. Restart it and see if it helps.
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
1 year ago I already had "check spelling" and "check for update and notify" options disabled under settings>general. are these the features you are referring to ?
vladimiry
commented
1 year ago @fusionneur, those features, yes. I don't know what else to recommend, and would be interested to see if you are able to track down what triggers the unnecessary connection. I'm not sure that "check spelling" disabling works as expected, see https://github.com/electron/electron/issues/22995.
PS Maybe try running the app for a while without the proton accounts added (no need to remove the accounts, disabling by toggle should be enough, so webview doesn't get created/loaded), so we know if it linked to the proton's web clients.
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
1 year ago One interesting thing is that on ElectronMail I have enabled 'Login delay range (seconds)' feature set on 10-30 seconds for each of my accounts. There is no connection attempt on port 80, until the first account actually connects to proton API and gets logged in.
I followed your idea, and disabled the accounts and after starting electronMail I did not see any connection attempt on port 80. Enabling the accounts one by one, triggered 2 connections attempts for each account after being logged in (reproduceable each time): a2-18-79-133.deploy.static.akamaitechnologies.com a2-18-79-144.deploy.static.akamaitechnologies.com
Found 2 more opened issues that might be related: https://github.com/electron/electron/issues/32314 https://github.com/electron/electron/issues/27403
Maybe the current electron check spelling flag only does the checking but it's not related to the actual download of the language packages. The download might be triggered upon electron handling text data such as after logging into proton mail, but most probably the request is not triggered by Proton API itself since on Android and on web browser there are no port 80 connections.
ask2018
commented
1 year ago I can confirm the connections attempts outside of Protonmail are there. I have enabled only Proton IPs and here is screenshot from my firewall log from last ~24 hours.
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
1 year ago offtopic: what firewall are you using?
ask2018
commented
1 year ago offtopic: what firewall are you using?
It is Outpost Firewall. It is unfortunately dead, but still best if you on Win7 as me :) More details here for example: https://trackerninja.codeberg.page/post/agnitum-outpost-firewall-pro-advanced-protection-for-windows-7/
vladimiry
commented
1 year ago The option is to bundle the dictionaries into the app build (~32MB in archive, comes with each @electron release) and then serving it via the custom protocol from the app itself by using session.setSpellCheckerDictionaryDownloadURL.
Some points to consider:
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
1 year ago could it be separated as an individual and optional language pack installer on top of electronMail? ..or add the possibility to download them from github (if possible to store the dictionaries here) on main installer or even post install
vladimiry
commented
1 year ago Should be possible, but complicates the UX (explicit to user dictionaries downloading step vs in-background bootstrapping) and implementation/maintenance as each new app release will need to, depending on the feature state enabling, re-download all dictionaries in background from @electron release page since it might include some updates (they serve it as a single archive, so all locales at once). So I'd prefer to avoid this path.
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
1 year ago i used a different firewall which performed better DNS lookup. It turns out that these unencrypted connections are related indeed to certificates:
I have in my firewall enabled only https connection to mail.protonmail.com for this application. Everything works fine, but i've noticed in firewall log, that program constantly tries to connect also to these addresses. See blocked connections on this screenshot: https://lut.im/Mu2eD4ZyNo/5rpxPJJHUpmTFgsJ.png Why are there these connection attempts and how can I disable them in the settings?