Thomas,
Would you consider changing the options (really just the descriptions) for
the AddIntendedForHeader? Maybe something like:
Disabled
Include only in the stored .eml file
Include in both the stored .eml file and the stream
and add the note that inserting this stream may inadvertently expose BCC
recipients?
Daniel,
For the mail from gmail (where I also tested), I'm not surprised that the
bcc intended for header is included for the mail to the bcc recipient, but
not for the non-bcc recipient. Gmail's server send individual messages to
each bcc recipient. That's not required by the RFC, but it's not
prohibited either. The issue at hand is that we can't guarantee that mail
servers will do this (Exchange doesn't, maybe postfix doesn't either). If
they send one message with multiple bcc recipients in the envelope and the
AddIntendedForHeader option is set to ALL, those bcc recipients will be
exposed.
I know I've dodged a big bullet having had ASSP running like this for
years. I guess no one ever looked, or no one ever said anything. I'm
super relieved that ASSP has the in the middle option now - record only for
.eml and not to the stream.
On Tue, Jun 6, 2017 at 3:29 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> >But what is being tested for "outgoing" vs "incoming and local"
>
> Nothing is tested using these header lines - these headers are recorded
> for future processing like rebuildspamdb, analyzing, resend, reports, GUI
> actions ....
>
> >2) ... I don't see a problem with this
>
> me too
> But it may confuse some admins, if they see different content in the mail
> stream (client received mail) and the stored .eml file.
>
> Thomas
>
>
>
> Von: K Post <nntp.p...@gmail.com>
> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> Datum: 05.06.2017 17:35
> Betreff: Re: [Assp-test] fixes in assp 2.5.6 build 17151
> ------------------------------
>
>
>
> Your last email was quite helpful and is helping me to understand better.
> Thank you again for that. *And I found a mistake in my
> testing/understanding by retrying some things and re-reading what you've
> already said multiple times.*
>
> Please, bear with me through just a few more questions and point and then
> I think we'll be done.
>
> It's no question that Exchange is sending this info in the envelope, but
> it's allowed to do so, we can't change that, nor can we change what other
> external SMTP servers do.
> And it's worse than "just" Exchange, email clients that send through
> ASSP's smtp port also send a single message for multiple bcc recipients.
>
> But, and this is important, *I must not have tested incorrectly*, because
> when now *when I set AddIntendedFor to incoming and local, I get exactly
> what you describe, the intended for line does NOT appear in the email
> client, but does show up in the eml files.*
> *17151 resolves the issue with Exchange and clients sending a single
> message for multiple bcc recipients.* That's exactly what I want.
> Maybe I didn't apply the changes when testing or something. Whatever the
> case, this is quite relieving.
>
> Just 2 more quick questions:
>
> 1) I think there's going to be serious misunderstanding by people reading
> the GUI as to the AddIntendedFor options. Option 0, disabled, is clear,
> don't ever add the headers. Option 3, all is also clear, always add the
> headers.
> But what is being tested for "outgoing" vs "incoming and local" I'm
> sure this question sounds completely stupid to you, but I don't understand
> your options.
>
> 2) You previously mentioned that having the mail stream differ from the
> stored eml is bad, or at least I interpreted it that way. It seems like
> with the incoming/local only option for AddIntendedFor, the stream and
> stored file could be different. I don't see a problem with this, but I'm
> worried that you said there could be. Could you explain?
>
> Thanks again for your patience.
> Ken
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______
> _________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
