Page MenuHomeDevCentral

Encrypt IP in Snappymail for a custom header instead of X-Originating-IP
Open, HighPublic

Description

Snappymail offers a plugin to include the IP address of the sender under the X-Originating-IP header.

Source: https://github.com/the-djmaze/snappymail/blob/master/plugins/add-x-originating-ip-header/index.php

Meanwhile, Google and Microsoft uses instead a custom header with an encrypted identifier.

Probably best to avoid to share more PII than those two?


Plan:

  • Provision a AES key to Vault to encrypt the field
  • Write a message with the key version and the IP address, base64 encoded, then encrypted
  • Allow to rotate that credential:
    • Script to rotate the key at regular intervals (every month?)
      • Write new version of the Vault secret
      • Write it also on disk for Snappymail
    • Script to destroy old revisions of the key after N months (N=12 ?)
  • Update with all that information https://agora.nasqueron.org/Privacy/Mail

Ideally, the encoded payload should be different each time, to avoid to guess it's the same IP or not, so no hash here.

Example of message for first key:

{"key": 1, "ip": "1.2.3.4"}

After one year, this message wouldn't be readable anymore.
After one month, this message can only be decrypted with Vault access.
During the first month, it's possible to read it with Hervil access, including potential security issues on Snappymail allowing remote execution.

Event Timeline

dereckson triaged this task as High priority.Nov 20 2024, 22:46
dereckson created this task.