I played some more, if comment out 44625 and the closing } several lines
down, ASSP seems to do what I want - add the intended for line to the eml
file ALWAYS but never into the MTA stream. is there a reason we wouldn't
always want the system to work this way?
On Sat, Jun 3, 2017 at 8:43 PM, K Post <nntp.p...@gmail.com> wrote:
> With this new version, the gui says "both header lines will be added for
> all emails to all collected .eml files" The issue I'm seeing is that if
> AddIntendedForHeader is not disabled, not only does it add it to the eml
> file as expected, but it's *also adding it to the stream that the MTA
> sees*. I see the value of having this in the eml files in the mailstore,
> but putting the intended for header into the header that the recipient can
> see when the message was BCC'ed is presenting a big problem.
>
> We smart host relay from Exchange through ASSP. Exchange and lots of
> other mail clients when setup with a smarthost send a single message to the
> smarthost for multiple recipients. If some are bcc'ed, that's still a
> single message. It's not unusual for our staff to send a message to 50 bcc
> addresses. They leave the outgoing MTA just fine, but because they went
> through the ASSP relay port (or were sent directly through the standard
> port for pop/smtp clients), all of the recipients show x-assp-intended-for
> lines, negating the purpose of bcc.
>
> If I disable AddIntendedForHeader, it doesn't show, but then it's not
> recorded in the eml file either, which is better than revealing bcc
> recipients, but sub-optimal.
>
> Even if I could change the behavior of the way that Exchange sends to a
> smarthost (which I can't), we can't control how other MTA's send to us. If
> someone outside sends a single message with one to and one bcc to us, the
> recipient can see the bcc recipient in the header, which betrays the trust
> that the sender had in us - (and maybe violates RFC's ???)
>
> SO - the real question is if there's a possibility to essentially remove
> the AddIntendedForHeader from the gui *and ALWAYS add the intended for
> and envelope from to the eml file on the ASSP server but NOT send these
> lines to the receiving MTA under any circumstance.*
>
> And if this is possible, what downside is there to not having these lines
> in the email header except in the corpus. Would spam reporting be impacted?
>
> Line 44625 has if ($AddIntendedForHeader) and then it prints the
> intended for header lines. It doesn't seem to check what the value of
> AddIntendedForHeader is, so if it's not disabled, it'll print it regardless
> of inbound or outbound. I don't know if this is an oversight or if I'm
> just not understanding correctly.
>
>
>
> On Thu, Jun 1, 2017 at 8:26 PM, K Post <nntp.p...@gmail.com> wrote:
>
>> Shucks, I thought I had finally found a bug that wasn't due to my idiocy
>> (or the idiocy of other software that I'm using)
>>
>> If you don't mind,more questions / comments:
>>
>> 1) In this new version, did the code change to now insure that the
>> X-ASSP-intendedfor lines are now not in the MTA stream no matter how stupid
>> the sending MTA is? I ask because I definitely wasn't seeing that behavior
>> before, the intended for line was in the header that the MTA delivers to
>> the inbox.
>>
>> 2) I think the problem is that if using a smarthost with Exchange, it
>> routes single messages to the smarthost as one, regardless of the domain(s)
>> of the recipients. Have you seen this before? My gut says that ASSP has
>> never considered this before and we've probably been giving away bcc info
>> for years.
>>
>>
>>
>> On Thu, Jun 1, 2017 at 1:10 AM, Thomas Eckardt <
>> thomas.ecka...@thockar.com> wrote:
>>
>>> >Thank you for this. Does this mean that I wasn't crazy at least on
>>> this one point? Hurray!
>>>
>>> No - it works around your bad mail server config.
>>> Your MTA should send the mail as it was created (except local
>>> recipients) - or a single mail to each recipient - not sending it to each
>>> external recipient (also bcc) in a single mail.
>>>
>>> >1) What does All Adds (option 3) mean? Is that like incoming and
>>> outgoing (or what was previously just what the check box did)?
>>>
>>>
>>> yes
>>>
>>> >2) Might you be able to change functionality so that we have the option
>>> to :
>>> > a) add this info to the eml files for admin use and resents but *NOT
>>> write them to the stream that the MTA sees (so that it doesn't show up in
>>> the received mail header and users can't see this?) *and
>>>
>>> What else is this function doing?
>>>
>>> b) remove these lines from files that are resent (for the same reason)
>>>
>>>
>>> This was already done.
>>>
>>> >My big fear is internal mail where a single message might be from
>>> internal user 1 to internal user 2 with a bcc to user 2's boss. If it's a
>>> bcc, user 2 shohuldn't know that the boss was included, and looking at the
>>> header will show that.
>>>
>>> done
>>>
>>> Thomas
>>>
>>>
>>>
>>>
>>> Von: K Post <nntp.p...@gmail.com>
>>> An: ASSP development mailing list <assp-test@lists.sourceforge.n
>>> et>
>>> Datum: 31.05.2017 23:56
>>> Betreff: Re: [Assp-test] fixes in assp 2.5.6 build 17151
>>> ------------------------------
>>>
>>>
>>>
>>> Thank you for this. Does this mean that I wasn't crazy at least on this
>>> one point? Hurray!
>>>
>>> You're going to be shocked by this, but I have questions :)
>>>
>>> 1) What does All Adds (option 3) mean? Is that like incoming and
>>> outgoing (or what was previously just what the check box did)?
>>>
>>> 2) Might you be able to change functionality so that we have the option
>>> to :
>>> a) add this info to the eml files for admin use and resents but *NOT
>>> write them to the stream that the MTA sees (so that it doesn't show up in
>>> the received mail header and users can't see this?) *and
>>> b) remove these lines from files that are resent (for the same reason)
>>>
>>> My big fear is internal mail where a single message might be from
>>> internal user 1 to internal user 2 with a bcc to user 2's boss. If it's a
>>> bcc, user 2 shohuldn't know that the boss was included, and looking at the
>>> header will show that.
>>>
>>> Interested in your thoughts.
>>>
>>> On Wed, May 31, 2017 at 1:50 AM, Thomas Eckardt <
>>> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
>>> Hi all,
>>>
>>> fixed in assp 2.5.6 build 17151:
>>>
>>>
>>> changed:
>>>
>>> AddIntendedForHeader is switched from a checkbox to a listbox in the GUI
>>> to support additionally options
>>>
>>> 'AddIntendedForHeader','Add Envelope-Recipient
>>> Header','0:disabled|1:outgoing|2:incoming and local|3:all'
>>> 'Adds (according to the setting) two lines to the email header:
>>> "X-Assp-Intended-For: user@domain" and "X-Assp-Envelope-From:
>>> user@domain".
>>> If not disabled, both header lines will be added for all emails to all
>>> collected .eml files.
>>>
>>>
>>> Thomas
>>>
>>>
>>> DISCLAIMER:
>>> *******************************************************
>>> This email and any files transmitted with it may be confidential,
>>> legally privileged and protected in law and are intended solely for the use
>>> of the
>>> individual to whom it is addressed.
>>> This email was multiple times scanned for viruses. There should be no
>>> known virus in this email!
>>> *******************************************************
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
>>> <http://sdm.link/slashdot>
>>> _______________________________________________
>>> Assp-test mailing list
>>> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
>>> *https://lists.sourceforge.net/lists/listinfo/assp-test*
>>> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______
>>> _________________________________________
>>> Assp-test mailing list
>>> Assp-test@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>>
>>>
>>>
>>>
>>> DISCLAIMER:
>>> *******************************************************
>>> This email and any files transmitted with it may be confidential,
>>> legally privileged and protected in law and are intended solely for the use
>>> of the
>>> individual to whom it is addressed.
>>> This email was multiple times scanned for viruses. There should be no
>>> known virus in this email!
>>> *******************************************************
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Assp-test mailing list
>>> Assp-test@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>>
>>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
