If this option is enabled, the Content-Language header will not be set,
to avoid leaking the user's dictionary, which could be used for
fingerprinting.
Now we support ISPs who only serve .well-known over SSL.
This slightly increases defenses against passive attackers (who could
snoop your username [0]), but for active attackers the "downgrade"
attack that forces plaintext is trivial: just block all SSL traffic
and then manipulate the HTTP traffic. In other words, a
Man-in-the-middle can easily get full control over the client
configuration.
It would be reasonable to only do SSL by default, but it is not an
option in certain enterprise deployments, so instead we allow
security-focused distributions (and extensions like TorBirdy) to
control the behavior via a new boolean pref:
mailnews.auto_config.fetchFromISP.sslOnly
When set to true ISP fetches are done using SSL only, but it defaults
to false which allows insecure fetches as well.
[0] See the mailnews.auto_config.fetchFromISP.sendEmailAddress pref.
The static 10 seconds is not enough for Tor users (delay spikes of 10
seconds is not uncommon), so let's make it possible for the TorBirdy
extension to override this timeout.
This implements TCP keepalive for IMAP protocol, as it is already used for HTTP.
Three new preferences are added, mirroring these in
"network.http.tcp_keepalive" namespace:
1) "mail.imap.tcp_keepalive.enabled",
2) "mail.imap.tcp_keepalive.idle_time",
3) "mail.imap.tcp_keepalive.retry_interval".
For the two last ones setting any of them to -1 means to use the relevant
value from "network.tcp.keepalive" namespace.
--HG--
extra : rebase_source : a976ec35c0689392974a4e60d070b19f0bba8d83
Summary:
* Parallelize network calls
* Exchange AutoDiscover protocol implementation
* Try to find IMAP servers in the server response
* Offer to install an extension which supports the Exchange protocol to get mails
Runs all the ISP config lookup network calls in parallel. Class
PriorityOrderAbortable (subclass of ParallelAbortable) implements a
policy that waits until one of the calls returns successfully, then takes
that result and cancels all pending less desirable calls.
Implements the Exchange AutoDiscover protocol to detect Exchange servers.
If the server gives an IMAP configuration, we offer that to the user.
Alternatively, we offer a compatible verified extension that implements the
specific Exchange protocol that the Exchange server returned.
Exchange has at least 7 protocols, and we show extensions that support the
protocols that the server listed and that are known to work well and actively
maintained. The setup process then continues without interruption.
Test plan:
Exchange autoconfig:
1. To test Exchange AutoDiscover with an hotmail/outlook.com account
(which has an IMAP config in our ISPDB), set these prefs:
mailnews.auto_config.guess.enabled = false
mailnews.auto_config_url = ""
mailnews.mx_service_url = ""
2. Enter you@outlook.com and a valid password (it will not work without
valid password, due to the Exchange AutoDiscover protocol design)
3. [Continue]
4. -> TB should find an Exchange server with hostname
5. -> TB will offer you to install an extension that supports this protocol type,
with explanatory text and a link
6. Click [Install]
7. -> The password is checked, the dialog closes, and the account appears,
and your emails are downloaded.
Parallel network calls:
1. Open account creation dialog
2. Enter "foo@gmail.com", "foo@yahoo.com", "foo@sys4.de",
"foo@example.com", or any other domain
3. -> It works functionally as before, see https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration
4. -> It's faster than before
Differential Revision: https://phabricator.services.mozilla.com/D9215
Removes advance server option to force IMAP select and allows automatic
detection based on identifier string in the IMAP ID response from
servers. All control is now done via config editor: force an extra
select for server, preclude extra select for server, or automatically
decide based on configured strings compared to ID response.
Daniel Fraser
Geoff Lankow
segfault
Kai Engert
Ian Neal
Kai Engert
aceman
Jorg K
Paul Morris
Nomis101
Kent James
anonym
u@451f.org
Maciej S. Szmigiero
Magnus Melin
Ben Bucksch
Ryan ext:(%20and%20Jorg%20K%20%3Cjorgk%40jorgk.com%3E)
Andrei Hajdukewycz
Anindya-Pandey
Frank-Rainer Grahl
rene
Patrick Brunschwig
Gene Smith
Thomas Düllmann