From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Jul 2019 01:49:05 +0000 (-0400)
Subject: Omit User-Agent: header by default
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=82973a6ea99075b822d338c63639787bf2445a41;p=mutt

Omit User-Agent: header by default

The User-Agent: header can be fun and interesting and useful for
debugging, but it also leaks quite a bit of information about the user
and their software stack.

This represents a potential security risk (attackers can target the
particular stack) and also an anonymity risk (a user trying to
preserve their anonymity by sending mail from a non-associated account
might reveal quite a lot of information if their choice of mail user
agent is exposed).

Users who want to configure `user_agent` to `yes` can still do so, but
it makes sense to have safer defaults.

Closes: #159
---

diff --git a/init.h b/init.h
index 041806b1..28eb37ba 100644
--- a/init.h
+++ b/init.h
@@ -4142,7 +4142,7 @@ struct option_t MuttVars[] = {
   ** Normally, the default should work.
   */
 #endif /* HAVE_GETADDRINFO */
-  { "user_agent",	DT_BOOL, R_NONE, {.l=OPTXMAILER}, {.l=1} },
+  { "user_agent",	DT_BOOL, R_NONE, {.l=OPTXMAILER}, {.l=0} },
   /*
   ** .pp
   ** When \fIset\fP, mutt will add a ``User-Agent:'' header to outgoing