| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040227221718.GJ1582@pomo.hostsharing.net> From: nion at gmx.net (Nico Golde) Subject: a question about e-mails Hallo Dave, * Dave Sherohman <esper@...rohman.org> [2004-02-27 22:28]: > > OK,you tell me who this was bcc'ed to, and I'll believe you. I can't > > get the bcc to show in the headers even if I sit at the command line of > > the mail server and type "mail foo -b bar" when both foo and bar are > > local addresses. I can see the bcc info in the message when it's in the > > Postfix queue, but not once it is delivered. > > > > Maybe what you did only works when you are using sendmail and reading > > the mail on the same machine it was composed on. > > No, actually I suspect that it works (or, rather, doesn't work) > because he _isn't_ using sendmail. Note in Nico's headers that he is > using mutt on a Debian system. Debian's default MTA is exim. > According to my (Debian-supplied) /etc/Muttrc, > > # Exim does not remove Bcc headers > unset write_bcc > > Therefore, if he is using exim and has customized his /etc/Muttrc and > ~/.muttrc such that write_bcc is being left at its apparent default > of being on, then, yes, he probably is leaking Bcc information. This > is, however, a flaw in his particular combination of MUA and MTA, not > standard behaviour. as you can see in the header i used smail for the test. regards nico
Powered by blists - more mailing lists