Re: dcc exposure

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
MTim Patterson, mensaje del <-
MNigel Metheringham, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Philip Hazel
Fecha:  
A: Tim Patterson
Cc: exim-users
Temas nuevos: relay rejects override
Asunto: Re: dcc exposure
On Mon, 2 Jun 1997, Tim Patterson wrote:

> The following post is from a test by one of our customers. I have had a
> number of reports about the bcc list exposure since comverting from
> sendmail 8.x to exim, but I have but unable to personally duplicate. I
> have read the docs re bcc, but still do not see the problem.

Exim does not in general remove bcc lines from incoming messages. Is the
complaint that it should? I don't think this is right. My view is that
the control of the bcc header should rest with the initiating MUA. The
only handling Exim does is when it is called with the -t option; then it
takes the addresses from the bcc and removes it. In this case, it is
acting as part of the MUA, rather than as an MTA.

RFC 822 has this to say about bcc: 

     4.5.3.  BCC / RESENT-BCC                                  


        This field contains the identity of additional  recipients  of
        the  message.   The contents of this field are not included in
        copies of the message sent to the primary and secondary  reci-
        pients.   Some  systems  may choose to include the text of the
        "Bcc" field only in the author(s)'s  copy,  while  others  may
        also include it in the text sent to all those indicated in the
        "Bcc" list.


In other words, an MTA that receives a message from some remote system
has no mandate for messing with a bcc header.

The draft revision of RFC 822 contains this, which is essentially the same:

The "Bcc:" field (where the "Bcc" means "Blind Carbon Copy) contains
addresses of recipients of the message whose addresses should not be revealed
to other recipients of the message. There are two ways in which the "Bcc:"
field is used. In the first case, when a message containing a "Bcc:" field is
prepared to be sent, the "Bcc:" line is removed even though all of the
recipients (including those specified in the "Bcc:" field) are sent a copy of
the message. In the second case, recipients specified in the "To:" and "Cc:"
lines each are sent a copy of the message with the "Bcc:" line removed as
above, but the recipients on the "Bcc:" line get a seperate copy of the
message containing a "Bcc:" line. (When there are multiple recipient
addresses in the "Bcc:" field, some implementations actually send a seperate
copy of the message to each recipient with a "Bcc:" containing only the
address of that particular recipient.)

Philip 

-- 
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714




Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-dcc exposureRe: dcc exposure->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)