From: SourceForge.net <no...@so...> - 2006-04-18 22:00:34
|
Support Requests item #629518, was opened at 2002-10-27 11:30 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: blocking Group: 3.0.x Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Differentiate between OE and IE Initial Comment: My platform is WinXP, SP1 with IE6 and OE6. Privoxy version is 3.0.0. How would you differentiate between requests for web documents that came from Outlook Express (OE) versus Internet Explorer (IE)? As far as I can tell, there is no way to do that. If it is, can someone enlighten me. The reason why this is important is because of "web bugs" contained in e-mails. See: http://www.mackraz.com/trickybit/readreceipt/ for a demo of privacy leaks and see: http://www.nthelp.com/OEtest/web_bug_faq.htm for a web bug FAQ. So, back to the original question. If there was a way to determine which image requests came from OE and which ones from IE, they web bugs could be filtered out. Remember that these images can be any size (they are not like the 1x1 webbugs mentioned in default.filter). If IE and OE share their internet connection then there is no way to distinguish between their requests? Any ideas? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-04-18 15:00 Message: Logged In: NO Thanks for the answer fabiankeil! Nobody (What is happening here?) ---------------------------------------------------------------------- Comment By: Fabian Keil (fabiankeil) Date: 2006-03-15 04:55 Message: Logged In: YES user_id=875547 OE is only using IE's proxy settings while displaying HTML mails. If you enable HTML mail rendering (don't), embedded images will be requested through your proxy chain. DNS requests for the mail server and the mail transfer itself will be send directly. To change this you have to check if OE can be convinced to use SOCKS and then specify tor as SOCKS server. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-12 16:26 Message: Logged In: NO What is happening here? I setup the tor/privoxy bundle, and it seems to work perfect, checking with a sniffer. But when I use outlook express it's sure as hell not being run through tor/privoxy. And neither is the dns request connected with connecting to the mailserver... And yes OE is sharing it's proxy connestion settings with IE! Is there something I have misunderstood? I thought from the user manuals and from this discussion, that OE would automatically be run through tor/privoxy the same way as when accessing a webpage.. ---------------------------------------------------------------------- Comment By: Hal Burgiss (hal9) Date: 2002-10-27 19:23 Message: Logged In: YES user_id=322640 Thanks. Good info. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2002-10-27 16:59 Message: Logged In: NO ZoneAlarm is much simpler because it addresses security at a higher level. Beware, though that some ZoneAlarm versions may also "protect" browsing by messing up User-Agent, Cookie, and other HTTP headers if it is allowed to. Privoxy does a MUCH better job than ZoneAlarm when it comes to HTTP processing. Kerio v2.1.4 requires meticulous configuration. You must decide which port accesses are allowed for each & every application. It doesn't come pre-configured & ready-to-use. For most people, the concept of TCP/IP ports is foreign and so they can easily mess up. Kerio is a VERY small application that gives you complete control over every little detail -- that's both its strength and its weakness. At this time newer versions of Kerio are in beta testing of a major revision and there does not seem to be a concensus yet on how great it will be. The Kerio and the Security forums at DslReports / BroadBandReports may be good sources for review: http://www.dslreports.com/forum/kerio http://www.dslreports.com/forum/security,1 Other similar "Personal Firewalls" may also be applicable. Because of the need to authenticate TCP/IP access by Application EXE program, this is the only class of firewalls that can do the job of controlling OE. By the time a request would reach a Network-level firewall or proxy, it's too late because then the originating EXE can not be identified. In that regard, OE must be restricted like a "trojan" process on any port not specifically dedicated to Email (25,110,119,143). ---------------------------------------------------------------------- Comment By: Hal Burgiss (hal9) Date: 2002-10-27 13:52 Message: Logged In: YES user_id=322640 Excellent information, thanks! Zonealarm does the same kind of thing, what does Kerio do better (I am not familiar with it)? [PS -- I am going to link this thread from FAQ, so feel free to be verbose :) ] ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2002-10-27 13:19 Message: Logged In: NO Unfortunately there's no way for a proxy (any proxy) to difference between OE and IE. This is because OE actually uses IE modules to format HTML and IE then fetches HTML requests. The HTTP headers are identical. This is why OE "uses" the Internet Explorer proxy settings -- in fact it uses IE itself which then uses its own settings. The only way is to use a firewall that restricts access for each particular Application. I use Kerio v2.1.4 and have been very pleased with it. I permit OE to access ports 110=pop3, 25=smtp, 119=nntp, 143=imap, and I specifically prohibit OE from using ANYTHING else - and especially not access to the proxy port 8118. This allows me to see & send formatted messages -- and also to view imbedded images that are sent as part of the Email. But none of the other referenced items in the HTML (CSS, JS, JPG, etc) will ever be retrieved from any other source. Unfortunately, firewalls may require a learning curve to set up - especially for casual internet users. Some help for Kerio may be found at http://www.dslreports.com/forum/kerio . Other firewalls may also be able to accomplish this -- but the key is that the firewall must be able to distinguish which application program (EXE) originates a TCP/IP request. This also means the firewall must be running in the same PC that is making the request. Once the request has been made by the program then there is no way to differentiate fetching Email WebBugs from any other IE browser usage. Hal - Sorry but transparent proxying won't help, and the User-Agent is identical whether it originates from OE or the browser. The problem is caused by M$ choice of software architecture. ---------------------------------------------------------------------- Comment By: Hal Burgiss (hal9) Date: 2002-10-27 12:03 Message: Logged In: YES user_id=322640 A couple of questions, coming from someone that has never used OE ... First off, I would strongly recommend to anyone that is concerned about privacy and security not to accept HTML formatted email. For the reasons as stated in your links, and because other mischief is possible via js or viruses. It is an accident waiting to happen, unless you use extreme caution on who/where you get mail. If OE cannot disable the acceptance of HTML, I would personally uninstall it, or just not use it. .02. Of course, OE is not going away. Now questions... Does OE have native support for rendering HTML, or does it just invoke IE to do it? If native support, can it be configured to use a proxy for http? Sorry, but I am ignorant on this. If the support is native, and there is no way to configure a proxy, then there is no way to use privoxy with it (at present). Privoxy does not know where/how the request comes. Which is anything that comes through the configured port. Hence, the requirement for being able to set a proxy address/port for the application in question. In the future, there will (hopefully) be 'transparent' proxying, which then would be possible to trap any request to port 80 (or other configured ports). This is not necessarily foolproof either since conceivably the URL could specify any random port, but would probably stop a lot of this. But would also require appropriate configuration, since Privoxy still would not necessarily know where the request came from, and the blocking would have to be based on destination rather than origin. I think there is a feature request for actions that are 'user-agent' aware, which would be helpful in this kind of scenario. You might check feature requests for that, and either add to it, or open a new one. Andreas: We need a FAQ on this! Sorry, just now see your follow up. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2002-10-27 11:45 Message: Logged In: NO As a follow up, I do know about the latest Security options in OE6 which allow you to read every email in plain text. I don't want to take advantage of that. There is no harm in displaying inline images as long as they were part of the email message as attachments, however, I DO want to block any image requests that have to go the web for getting the image. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2002-10-27 11:44 Message: Logged In: NO As a follow up, I do know about the latest Security options in OE6 which allow you to read every email in plain text. I don't want to take advantage of that. There is no harm in displaying inline images as long as they were part of the email message as attachments, however, I DO want to block any image requests that have to go the web for getting the image. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=211118&aid=629518&group_id=11118 |