Author: Eli Date: To: 'Marc Perkel', exim-users CC: Subject: RE: [exim] BCC Leakage
Marc Perkel said,
> I just had an interesting spam get through. It had exactly 10,000 bcc:
> lines and the bcc was exposed. I don't know what the limit is - but this
> spammer found it. Apparently at some point the bcc lists make it through.
10000 individual Bcc: headers? Or 10000 recipients in one Bcc: header?
Besides that question, I believe there have been discussions before about
who should remove the Bcc: headers in a message - the sending MTA, or the
receiving MTA. If I'm not mistaken, it was supposedly said that the sending
MTA should be the one responsible for removing the Bcc: header in a message
once sending it to it's destination. This would mean that if some joe
spammer sends a message and includes a Bcc: header, it's not going to be
stripped from the message by Exim.
I could be totally wrong though - I'm going off memory from a while back,
and also based on a situation where a client of mine complained about seeing
a Bcc: header in a message that was sent to an Exim system.