lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040227221718.GJ1582@pomo.hostsharing.net>
From: nion at gmx.net (Nico Golde)
Subject: a question about e-mails

Hallo Dave,

* Dave Sherohman <esper@...rohman.org> [2004-02-27 22:28]:
> > OK,you tell me who this was bcc'ed to, and I'll believe you.  I can't
> > get the bcc to show in the headers even if I sit at the command line of
> > the mail server and type "mail foo -b bar" when both foo and bar are
> > local addresses.  I can see the bcc info in the message when it's in the
> > Postfix queue, but not once it is delivered.
> > 
> > Maybe what you did only works when you are using sendmail and reading
> > the mail on the same machine it was composed on.
> 
> No, actually I suspect that it works (or, rather, doesn't work)
> because he _isn't_ using sendmail.  Note in Nico's headers that he is
> using mutt on a Debian system.  Debian's default MTA is exim.
> According to my (Debian-supplied) /etc/Muttrc,
> 
> # Exim does not remove Bcc headers
> unset write_bcc
> 
> Therefore, if he is using exim and has customized his /etc/Muttrc and
> ~/.muttrc such that write_bcc is being left at its apparent default
> of being on, then, yes, he probably is leaking Bcc information.  This
> is, however, a flaw in his particular combination of MUA and MTA, not
> standard behaviour.

as you can see in the header i used smail for the test.
regards nico


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ