commit 688e1ac015bcfe5a826032e207f9a0f671cd6174 Author: Philipp Winter <phw@nymity.ch> Date: Thu Jun 6 09:25:07 2019 -0700 Remove Yahoo from our whitelisted email domains. Yahoo allows you to create up to 500 disposable email addresses, which BridgeDB interprets as unique: <https://bugs.torproject.org/28496#comment:8> We could address this issue in BridgeDB but at this point we seem better off dropping support for Yahoo because the provider likely also fell behind in Sybil protection. This fixes bug 28496: <https://bugs.torproject.org/28496> --- CHANGELOG | 9 +++++++++ README.rst | 7 +++---- bridgedb.conf | 3 +-- bridgedb/distributors/https/templates/base.html | 3 +-- bridgedb/strings.py | 2 +- bridgedb/test/test_email_autoresponder.py | 2 +- 6 files changed, 16 insertions(+), 10 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index f45f56f..dd460ab 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,14 @@ Changes in version 0.6.X - YYYY-MM-DD + * FIXES #28496 https://bugs.torproject.org/28496 + Remove Yahoo from the list of allowed email domains. Yahoo allows you + to create up to 500 disposable email addresses, which BridgeDB + interprets as unique: + https://bugs.torproject.org/28496#comment:8 + We could address this issue in BridgeDB but at this point we seem better + off dropping support for Yahoo because the provider likely also fell + behind in Sybil protection. + * FIXES #28655 https://bugs.torproject.org/28655 When a bridge supports an active probing-resistant transport, it should not give out flavors that are vulnerable to active probing. For diff --git a/README.rst b/README.rst index feb5227..ea4bc7c 100644 --- a/README.rst +++ b/README.rst @@ -401,10 +401,9 @@ Accessing the Email User Interface ---------------------------------- Any mail sent to the ``EMAIL_PORT`` with a destination username as defined by -the ``EMAIL_USERNAME`` configuration option (the default is ``'bridge'``, -e.g. bridges@...) and sent from an ``@riseup.net``, ``@gmail.com``, or -``@yahoo.com`` address (by default, but configurable with the -``EMAIL_DOMAINS`` option). +the ``EMAIL_USERNAME`` configuration option (the default is ``'bridge'``, e.g. +bridges@...) and sent from an ``@riseup.net`` or ``@gmail.com`` address (by +default, but configurable with the ``EMAIL_DOMAINS`` option). You can email our BridgeDB instance `here <mailto:bridges@torproject.org>`__. diff --git a/bridgedb.conf b/bridgedb.conf index 73b65b8..900ead1 100644 --- a/bridgedb.conf +++ b/bridgedb.conf @@ -561,7 +561,7 @@ EMAIL_SMTP_PORT = 25 EMAIL_USERNAME = "bridges" # Canonical versions of domains that we will reply to. -EMAIL_DOMAINS = ["gmail.com", "yahoo.com", "riseup.net"] +EMAIL_DOMAINS = ["gmail.com", "riseup.net"] # Map from unofficial domain to canonical domain. EMAIL_DOMAIN_MAP = { @@ -582,7 +582,6 @@ EMAIL_DOMAIN_MAP = { # Note that unrecognized options are ignored; be sure to spell them right! EMAIL_DOMAIN_RULES = { 'gmail.com': ["ignore_dots", "dkim"], - 'yahoo.com': ["dkim"], 'riseup.net': ["ignore_dots", "dkim"], } diff --git a/bridgedb/distributors/https/templates/base.html b/bridgedb/distributors/https/templates/base.html index 93eb2b5..d7b6045 100644 --- a/bridgedb/distributors/https/templates/base.html +++ b/bridgedb/distributors/https/templates/base.html @@ -60,8 +60,7 @@ ${next.body(strings, rtl=rtl, lang=lang, **kwargs)} ${_(strings.OTHER_DISTRIBUTORS[1]) % \ ("""<a href="mailto:bridges@torproject.org">bridges@torproject.org</a>""", """<a href="https://riseup.net/">Riseup</a>""", - """<a href="https://mail.google.com/">Gmail</a>""", - """<a href="https://mail.yahoo.com/">Yahoo</a>""")} + """<a href="https://mail.google.com/">Gmail</a>""")} </p> <h4>${_(strings.HELP[0])}</h4> diff --git a/bridgedb/strings.py b/bridgedb/strings.py index 49bb933..569f339 100644 --- a/bridgedb/strings.py +++ b/bridgedb/strings.py @@ -108,7 +108,7 @@ OTHER_DISTRIBUTORS = { 1: _("""\ Another way to get bridges is to send an email to %s. Please note that you must send the email using an address from one of the following email providers: -%s, %s or %s."""), +%s or %s."""), } HELP = { diff --git a/bridgedb/test/test_email_autoresponder.py b/bridgedb/test/test_email_autoresponder.py index a1e376f..f59e5ef 100644 --- a/bridgedb/test/test_email_autoresponder.py +++ b/bridgedb/test/test_email_autoresponder.py @@ -520,7 +520,7 @@ class SMTPAutoresponderTests(unittest.TestCase): reported being from an email address at one supported domain and the email's 'From:' header reported another domain. """ - smtpFrom = 'not.an.evil.bot@yahoo.com' + smtpFrom = 'not.an.evil.bot@riseup.net' emailFrom = Address('not.an.evil.bot@gmail.com') self._getIncomingLines(str(emailFrom)) self._setUpResponder()