Re: [Full-Disclosure] a question about e-mails

[Nico Golde <nion@xxxxxxx>]

Hallo Dave,

* Dave Sherohman <esper@xxxxxxxxxxxxx> [2004-02-27 22:28]:
> > OK,you tell me who this was bcc'ed to, and I'll believe you.  I can't
> > get the bcc to show in the headers even if I sit at the command line of
> > the mail server and type "mail foo -b bar" when both foo and bar are
> > local addresses.  I can see the bcc info in the message when it's in the
> > Postfix queue, but not once it is delivered.
> > 
> > Maybe what you did only works when you are using sendmail and reading
> > the mail on the same machine it was composed on.
> 
> No, actually I suspect that it works (or, rather, doesn't work)
> because he _isn't_ using sendmail.  Note in Nico's headers that he is
> using mutt on a Debian system.  Debian's default MTA is exim.
> According to my (Debian-supplied) /etc/Muttrc,
> 
> # Exim does not remove Bcc headers
> unset write_bcc
> 
> Therefore, if he is using exim and has customized his /etc/Muttrc and
> ~/.muttrc such that write_bcc is being left at its apparent default
> of being on, then, yes, he probably is leaking Bcc information.  This
> is, however, a flaw in his particular combination of MUA and MTA, not
> standard behaviour.

as you can see in the header i used smail for the test.
regards nico

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html