lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: esper at sherohman.org (Dave Sherohman) Subject: a question about e-mails On Fri, Feb 27, 2004 at 10:16:43AM -0500, Pamela Patterson wrote: > OK,you tell me who this was bcc'ed to, and I'll believe you. I can't > get the bcc to show in the headers even if I sit at the command line of > the mail server and type "mail foo -b bar" when both foo and bar are > local addresses. I can see the bcc info in the message when it's in the > Postfix queue, but not once it is delivered. > > Maybe what you did only works when you are using sendmail and reading > the mail on the same machine it was composed on. No, actually I suspect that it works (or, rather, doesn't work) because he _isn't_ using sendmail. Note in Nico's headers that he is using mutt on a Debian system. Debian's default MTA is exim. According to my (Debian-supplied) /etc/Muttrc, # Exim does not remove Bcc headers unset write_bcc Therefore, if he is using exim and has customized his /etc/Muttrc and ~/.muttrc such that write_bcc is being left at its apparent default of being on, then, yes, he probably is leaking Bcc information. This is, however, a flaw in his particular combination of MUA and MTA, not standard behaviour. -- The freedoms that we enjoy presently are the most important victories of the White Hats over the past several millennia, and it is vitally important that we don't give them up now, only because we are frightened. - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)
Powered by blists - more mailing lists