Delta Chat / Disroot expose IP and machine name on headers

Versions
Delta Chat 1.8.1 for Android (F-Droid)
Delta Chat 1.4.3. Desktop (AppImage)

Header messages coming from DC clients with provider Disroot are leaking IP number and machine name on desktop and IP number on Android.

Expected behavior:
The IP and machine name on the headers should be stripped or masked as it actually happens with other providers like Posteo, mailbox. org, vivaldi…

On the other hand, Messages sent from Disroot webmail service do not expose the IP nor the machine name.

Actual behavior:
Please, see the following headers fragments I’m pasting

From Delta Chat 1.4.3. AppImage Ubuntu 18.04.4 LTS<<
Received: from knopi. disroot. org ([127.0.0.1])
by localhost (disroot. org [127.0.0.1]) (amavisd-new, port 10024)
with UTF8SMTP id ZjUl4FmQxxxx for <xxx@strato. com>;
Thu, 16 Jul 2020 11:03:21 +0200 (CEST)
Received: from My Machine Name (unknown [My Public IP])
by disroot. org (Postfix) with UTF8SMxxxx id BDEB05xxxx

From Delta Chat 1.8.1 Android 10<<
Received: from knopi. disroot. org ([127.0.0.1])
by localhost (disroot. org [127.0.0.1]) (amavisd-new, port 10024)
with UTF8SMTP id SGtmVn-Axxxx for <xxx @ strato. com>;
Thu, 16 Jul 2020 10:28:15 +0200 (CEST)
Received: from localhost (unknown [My Public IP])
by disroot. org (Postfix) with UTF8SMxxxx id CCF075xxxx

From Disroot webmail service<<
Received: from knopi. disroot. org ([127. 0. 0. 1])
by localhost (disroot. org [127. 0. 0. 1]) (amavisd-new, port 10024)
with ESMTP id Fba4iDA8xxxx for <xxx @ strato. com>;
Thu, 16 Jul 2020 10:24:04 +0200 (CEST)

Posteo from Delta Chat 1.8.1 Android 10<<
Received: from customer (localhost [127. 0. 0. 1])
by submission (posteo. de) with ESMTPSA id 4B6nVM0HfYzxxxx
for <xxx @ strato. com>; Thu, 16 Jul 2020 10:29:30 +0200 (CEST)

Steps to reproduce the problem:
Sending messages from Delta Chat App with disroot. org as provider to any available email client where you can read headers should do the trick.

Thanks in advance and best regards to you all!

1 Like

I believe there is nothing Delta Chat could do against. I have a mail account from Posteo, too. They always state my personal IP address as 127.0.0.1, it does not matter which mailer I use. (I can confirm this with Delta Chat and Outlook.)

The reason why your personal IP address is not submitted by Webmail is because the message is sent by the Webmail server (where you write the message) to the next mail server in the row. So this procedure remains in the infrastructure of your mail provider.

I would call Disroot and ask them if it is possible to submit 127.0.0.1, just as Posteo do. Either you can set this feature in your Webmail settings/customer zone, or it is an extra you might have to pay for.

Just tested with a few clients and devices on my disroot dot org account,…
DeltaChat-Desktop - Dev.Name with Pub.IP
DeltaChat-Android - Only Pub.IP
K9-Mail with Autocrypt - Localhost with 127.0.0.1
NeoMutt with manual/forced encryption - Localhost with 127.0.0.1

This is sent from a Posteo account when using Delta Chat:

Received: from customer (localhost [127.0.0.1])

Filed a bug on github: https://github.com/deltachat/deltachat-core-rust/issues/1728

1 Like

OK, it seems that Posteo fills in the term “customer” for the hostname by default, that is why I cannot reproduce it. However, this filed issue does not affect the IP address, am I right?