Reply to topic

KMail and URL's

grat
Registered Member
Posts
2
Karma
0

KMail and URL's

Thu May 16, 2019 3:53 pm
I've found a behavior in KMail (I think) that I don't know if it's configurable (I haven't found anything that looks like the right option), or a bug, or just expected behavior, so I post here, in hopes someone can point me in the right direction.

My workplace uses Trend Micro URL protection-- any email sent from outside our organization (or that appears to be outside), the URL's are scanned, encoded, and re-routed through Trend's server when you click on the URL, as a last, desperate defense against users who can't read phishing URL's.

So something like http://www.google.com becomes https://<trendserver>/query?http%3a%2f%2fgoogle.com&auth=<indecipherable hex strings>

This is OK-- you click on the link, Trend has theoretically scanned the page (or scans it on demand), and puts up a warning page if they don't trust it, or a blocking page if they know it's a bad page. For someone who's been looking at the actual URL before clicking on it for decades, it's mildly irritating, but a lot of my coworkers genuinely can't tell a good URL from a bad URL.

The issue I'm having is that when KMail opens, or copies, the link, it does some sanitizing on the URL, specifically, it upper-cases the hex characters in the URL encoded characters. "%3a" becomes "%3A", "%2f" becomes "%2F", and this apparently breaks a checksum hidden in the indecipherable hex string for the "auth" parameter (I admit-- I'm guessing about this). End result, Trend's servers reject the URL from KMail as broken / tampered with.

So the questions are:
* Is this expected, or reasonable, behavior for KMail?
* Is there a way to turn it on or off?

I appreciate any information or guidance on this problem. I'm reporting it to Trend as well, since I'm guessing KMail isn't the only client that does this, but if there's a workaround for KMail, that would be fantastic.

KMail Version 5.11.0, KDE PIM libraries v. 19.04.0-1 (Arch Linux), using EWS to Exchange 2016.
airdrik
Registered Member
Posts
1698
Karma
4
OS

Re: KMail and URL's

Thu May 16, 2019 8:19 pm
I don't know what it does behind the scenes. It may be that it is decoding and then re-encoding the url which results in the changes you are seeing. I'm not aware of any option to configure this behavior either.

When you hover over the link in kmail, does it show the correct url in the status bar?
Does it make a difference if you view the e-mail in plain text vs. html?

You might just go ahead and create a ticket in bugs.kde.org to get this fixed.


airdrik, proud to be a member of KDE forums since 2008-Dec.
grat
Registered Member
Posts
2
Karma
0

Re: KMail and URL's

Fri May 17, 2019 1:34 pm
airdrik wrote:I don't know what it does behind the scenes. It may be that it is decoding and then re-encoding the url which results in the changes you are seeing. I'm not aware of any option to configure this behavior either.

When you hover over the link in kmail, does it show the correct url in the status bar?
Does it make a difference if you view the e-mail in plain text vs. html?

You might just go ahead and create a ticket in bugs.kde.org to get this fixed.


Hover: Shows modified (upper-cased) URL.

Message isn't HTML, and I default to plain-text.

Will file bug. Thanks!

--John

 
Reply to topic

Bookmarks



Who is online

Registered users: Baidu [Spider], Bing [Bot], claydoh, DarkFoss1, davis, doranwen, Google [Bot], Majestic-12 [Bot], mperryman, Sogou [Bot], Stephen Leibowitz, vinnywright