“cid:” URL in email signatures breaks SSL?

  • Resolved halfacre

    (@halfacre)


    2 years, 8 months ago

    Certain emails are posted with images in their signatures that reference “cid:[id]”. In Safari only, this triggers an error on site load (“unsupported URL”), and the site fails to load securely with the lock icon. This being the sole error, I strongly suspect the “cid” url as the culprit. Site loads securely in both Chrome and FF.

    Unfortunately the page is private and I’m unable to share the URL publicly.

    I’ve actually set signatures to be dropped from mails, but they’re still appearing –?at least in some instances, e.g. with this sender, who apparently uses Outlook (thus the “cid” link, if I’m not mistaken).

    Looking deeper, it appears that I’m seeing a number of sigs from authorized posters showing up in posts, with or without “cid:” in the URL. I’m hoping that if I can strip all images from signatures entirely using regex (which I’m far from an expert in so any suggestions are welcome), this will resolve the issue –?though with sigs already set to be dropped entirely, I suspect these instances aren’t recognized by Postie as signatures at all for whatever reason, and any regex would fail regardless.

    Failing that, maybe there’s a way to strip or nullify “cid:” urls, which might be a start. I’ve even tested the cert/URL at Qualys and it gets an “A” grade.

    I’d love to be able to shut Safari up about this. Any suggestions would be appreciated. Many thanks!`

    • This topic was modified 2 years, 8 months ago by halfacre.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Wayne Allen

    (@wayneallen-1)

    CID images are just images that are embedded in the email. Postie typically transforms these into WordPress image attachments. If you’re seeing CID image references in the the final post, then likely the image wasn’t included in the original email.

    WRT signature stripping you may need to add additional rules to the Signature Patterns setting.

    If you want additional assistance please install and activate the Support AddOn. https://www.ads-software.com/support/plugin/postie and send in the logs when one of these emails comes through.

    Thread Starter halfacre

    (@halfacre)

    Good call, Wayne –?thanks. Indeed, checked this sender’s original email and the image in the signature is broken there (as it is in the post, which I failed to mention), which makes me wonder if there’s a way to filter out broken images entirely.

    For now I’ve activated the Support plug. It may take a bit for me to get a good snapshot of the logs, as this individual posts somewhat infrequently (though just frequently enough to keep the security consistently broken, it seems). Hopefully if I set the number of captures to ~5 or so I can catch her next post.

    Thanks for the assistance and the killer plug, Wayne. I’ll be in touch once I get the necessary capture.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘“cid:” URL in email signatures breaks SSL?’ is closed to new replies.