I am facing an intermittent problem where iPhones are failing to pair/connect with Xcode under Xcode -> Windows -> Devices and Simulators. This happens when more than one web content filters are present, for instance, I have my web content filter (FilterSockets true, FilterGrade Firewall) and there is also Sentinel One web content filter with same configuration. Note: We are not blocking any flow from remoted / remotepairingd / core device service / MDRemoteServiceSupport etc processes. But they do get paused and resumed at times for our internal traffic verification logic. So, we are trying to understand what impact our content filter may be having on this iPhone Pairing?? If we stop either one of the filters the problem goes away. I have tracked the network traffic to the phone, and it seems to be using a ethernet interface (en5/en10) over the USB-C cable. I can see endpoints like this: localEndpoint = fe80::7:afff:fea1:edb8%en5.54442 remoteEndpoint = fe80::7:afff:fea1:ed47%en5.49813 I also see remoted process has the below ports open : sudo lsof -nP -iTCP -iUDP | grep remoted remoted 376 root 4u IPv6 0xce4a89bddba37bce 0t0 TCP [fe80:15::7:afff:fea1:edb8]:57395->[fe80:15::7:afff:fea1:ed47]:58783 (ESTABLISHED) remoted 376 root 6u IPv6 0xf20811f6922613c7 0t0 TCP [fe80:15::7:afff:fea1:edb8]:57396 (LISTEN) remoted 376 root 7u IPv6 0x2c393a52251fcc56 0t0 TCP [fe80:15::7:afff:fea1:edb8]:57397 (LISTEN) remoted 376 root 8u IPv6 0xcb9c311b0ec1d6a0 0t0 TCP [fd6e:8a96:a57d::2]:57398 (LISTEN) remoted 376 root 9u IPv6 0xc582859e0623fe4e 0t0 TCP [fd6e:8a96:a57d::2]:57399 (LISTEN) remoted 376 root 10u IPv6 0x2f7d9cee24a44c5b 0t0 TCP [fd6e:8a96:a57d::2]:57400->[fd6e:8a96:a57d::1]:60448 (ESTABLISHED) remoted 376 root 11u IPv6 0xbdb7003643659de 0t0 TCP [fd07:2e7e:2a83::2]:57419 (LISTEN) remoted 376 root 12u IPv6 0x569a5b649ff8f957 0t0 TCP [fd07:2e7e:2a83::2]:57420 (LISTEN) remoted 376 root 13u IPv6 0xa034657978a7da29 0t0 TCP [fd07:2e7e:2a83::2]:57421->[fd07:2e7e:2a83::1]:61729 (ESTABLISHED) But due to the dynamic nature of port and IPs used we are not able to decide on an effective early bypass NEFilterRule. We don't want to use a very broad bypass criteria like all link local IPs etc. Any help will be greatly appreciated.

We have a MailExtension using new Apple MailKit API. The extension returns an error from the SecurityHandler's Encode Method based on certain conditions and If an error is reported during mail send 3/4 times, even after user performed a corrective action and hits send again, the same error is is shown by Mail again for couple more times. The attached sample mail extension project returns an error after hitting send if subject line of the mail is “Show Alert”. If we repeat the error 3/4 times then even after changing the subject line the error is reported once or twice more. it is an Apple issue as per our investigation. After the subject line is changed in the mail, each time security handler’s encodeMessage is called, we return it successfully and no error is returned to Apple. Still the old error pop-up appears. I think this is a gap in sync between the remote process that loads the extension and actual Mail.app process. It takes a bit of time to reflect the status of encoding to Mail.app from the remote helper process. This is a timing issue, depends on how fast you keep bombarding the Send. After making the correction of the erroneous condition (in this sample, the subject line) if you wait for ten seconds and then hit ‘Send’ the issue doesn't happen. which suggests its a timing sync issue at Apple end. Code Sample Anyone else seeing this?

Hi, In our organisation, we create and ship a plug-in for the MacOS Mail app along with our software package. We have heard that mail plugins are not supported in Mac OS Sonoma any more. https://www.macrumors.com/2023/06/14/macos-sonoma-drops-legacy-mail-app-plug-ins/ Can anyone tell us more details about what changed, what is its impact and any way to achieve similar functionality as the mail plugins offer, going forward. We read that mailkit extensions are a new thing, we could also use any heads up on its capabilities and limitations (if known). Thanks, Tathagata

Hi, So far in my knowledge of the Mailkit API, a security handler’s encode method is the only place I can alter the RFC 822 data of an email (https://developer.apple.com/documentation/mailkit/memessageencoder/3882902-encode), Any other interface method that gives access to the message data gives a read only access. Can Please confirm if the same understanding is incorrect? Encode method, as the below documentation claims, is supposed to be called once, when the message is sent, but I can see that my extension’s encode method is being called several times during composing of an email. Is this a bug? /// @brief This is invoked when an outgoing message is sent. The supplied @c message will contain the email address of the sender, the recipient email addresses, and the message data being sent. The completion handler should be called with the @c result of applying any encoding if needed based on @c shouldSign and @c shouldEncrypt. If the @c result is not encrypted or signed and does not have any errors, it is assumed the message did not need a signature or encryption applied. In this case the @c data for the result will be ignored. /// @param message - The outgoing message to apply any security mechanisms on. /// @param composeContext - @c MEComposeContext instance which corresponds to the @c message being composed. (void)encodeMessage:(MEMessage *)message composeContext:(MEComposeContext *)composeContext completionHandler:(void (^)(MEMessageEncodingResult *result))completionHandler; I also noticed that mailComposeSessionDidBegin from ComposeSessionHandler is getting called but mailComposeSessionDidEnd isn't when I close the compose window of an email or hit send button. Is this also a bug?

I am looking into mail kit extensions and I can see that a security handler extension is the recommended way to offer encryption functionality for emails, however if user chooses to click the padlock icon in top right side of compose window, he can opt out of encryption and the security handler encode method is not called. Is there a way to force and mandate that user cannot opt out of encryption and a security handler's encode method is always called by Mail? My objective is actually to be able to inspect every mail attachment and depending on my business logic, I want to encrypt some of the mail attachments. So I need to make sure my security handler's encode method is called, always. Any other approach for achieving the same is also welcome.

I have an application that uses a FinderSync extension to show a couple of my application specific menu items when User ctrl+clicks open the context menu on a file in Finder. My Menu appears everywhere except when I move a file in my company MS Onedrive sync folder. My menu items are not visible in the context menu and only MS Onedrive menu items are visible. The same happens with other findersync menu items from other apps like dropbox for example. the menu items vanish whenever a file is moved into MS OneDrive. This didn't use to happen before. Anyone facing this? Is this expected behaviour? Is any change in Mac OS or MS Onedrive may be causing this? I am using latest Mac OS Monetary 12.6.6