[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
zmailer smtp information disclosure
Hi,
I have the following setup:
Internet -> zmailer gateway (ZG) -> internal mail server (IM)
ZG is the MX for example.com and using routes/smtp delivers
messages to IM.
The problem is that if a message is generated from
for example Hotmail or another zmailer to
u1@example.com and Bcc to u2@example.com
the headers in the mail which u1 receives are:
Received: from somehost ([29.9.24.28]:52383 "EHLO
somehost") by ZG. with ESMTP
id S1245225AbUEMS32 (ORCPT <rfc822;u2@example.com>
+ 1 other); Thu, 13 May 2004 15:29:28 -0300
disclosing the bcc destination.
I think that this is wrong.
This was tested, with equal results on Fedora linux
CVS 30/11/2003 and CVS 12/03/2004
The same situation was verified from a local zmailer
to some remote location using:
mail a@dom.com -b b@dom.com
and a@dom.com received a header saying that ORCPT was b.com + 1 other
Regards,
Nico
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi