Mailinglist Archive: opensuse (1103 mails)
| < Previous | Next > |
Re: [opensuse] Re: Is there a leak?
- From: Anders Johansson <ajh@xxxxxxxx>
- Date: Sat, 14 Jan 2012 13:12:50 +0100
- Message-id: <3547007.zljqKmj7SD@carolin>
On Saturday 14 January 2012 12:59:10 Werner Flamme wrote:
No, the bcc line is not visible to any server at any point. It is only used by
the client. It goes through the list of addresses in the bcc field, and sends
them one by one to the server in the envelope only. No mail server sees the
bcc contents at any time
The mail server is not allowed to use the header fields for routing. Doing so
is a major bug (we see it for example with certain older versions of Lotus
Domino, they will resend emails based on header information, causing mail
loops. This is a violation of the protocol)
The server is only supposed to look at the envelope information. The header
To: and cc: fields should be plain text only and not used for relay or routing
information in the SMTP protocol.
Anders
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
[14.01.2012 12:06] [Anders Johansson]:
On Friday 13 January 2012 07:32:49 Werner Flamme wrote:
When reading <http://en.wikipedia.org/wiki/Blind_carbon_copy>, I do not
get the impression that is is inteded to have this been solved by the
receiving client. However, the text is vague, as are the RFCs.
There are two recipient fields. One that is in the body of the email, and
one that is used when talking to the receiving mail server. The first is
typically referred to as "header to:" and the second as the "envelope
to:".
You're confusing me by by putting together body and header of the mail
as body. But OK, as a difference to the envelope, that's clear.
When you send an email, you connect to the receiving mail server, and send
the command RCPT TO: followed by all the addresses on that server that is
supposed to have the email.
When you put an address in bcc, what this means is that the address is not
put into the header, so it is not in the text body of the email. It is in
the envelope to: but *only* when sending to that particular address. This
means that other recipients of the email don't know it also went to the
bcc address. They have no way of knowing about it. The information simply
isn't there, so the filtering cannot be up to them.
As I understand this, the (first) server reads the RCPT TO: line and
compares it with the to:, cc:, and bcc: lines in the header, since it
must know how to forward the mail. Is this correct?
No, the bcc line is not visible to any server at any point. It is only used by
the client. It goes through the list of addresses in the bcc field, and sends
them one by one to the server in the envelope only. No mail server sees the
bcc contents at any time
But what does the next mailserver do? Example: userd@xxxxx sends a mail
to his local mail server (outgoing mail relay) that is addressed TO:
usera@xxxxx, CC: userb@xxxxx, and BCC: userc@xxxxx. This first mail
server removes the BCC line, and sends the mail with the remaining TO
and CC entries to the MX of c.com - this server may not compare the
envelope recipient with TO: and CC: - or what? Do the servers compare
with Bcc: only?
The mail server is not allowed to use the header fields for routing. Doing so
is a major bug (we see it for example with certain older versions of Lotus
Domino, they will resend emails based on header information, causing mail
loops. This is a violation of the protocol)
The server is only supposed to look at the envelope information. The header
To: and cc: fields should be plain text only and not used for relay or routing
information in the SMTP protocol.
Anders
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
| < Previous | Next > |