Bug#485751: When invoked as sendmail, exim4 should keep sendmail compatibility concerning Bcc header
Vincent Lefevre
vincent at vinc17.org
Wed Jun 11 08:17:07 UTC 2008
Package: exim4
Version: 4.69-5
Severity: important
(Setting as important as this bug can reveal addresses to spammers and
other recipients who should not see them, and most users are probably
not aware of this problem.)
First, in the case the MUA wants to send a mail by executing a program
(the MTA), this interface between the MUA and the MTA is out of the
scope of the RFC's. The MTA defines an interface, and the MUA has to
stick with it.
When the MUA is configured to invoke the MTA as sendmail, it uses the
sendmail interface. Since sendmail strips Bcc out of the messages,
exim4 should do the same. (When exim4 is invoked as exim or exim4,
it can still do whatever it wants.)
BTW, the MUA cannot necessarily even know what the "real" MTA is, e.g.
if it shared across machines (via NFS, with the user's configuration
on NFS too), whereas machines can use different MTA's.
There had been a bug report saying that this bug was fixed in exim4[*],
but I've just done the test and the Bcc was in the message received by
the recipient in the header "To:". So, it is definitely not fixed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304718
FYI, here Mutt invokes the MTA as "/usr/sbin/sendmail -oem -oi".
-- Package-specific info:
Exim version 4.69 #1 built 02-May-2008 12:47:18
Copyright (c) University of Cambridge 2006
Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='internet'
dc_other_hostnames='vin.lip.ens-lyon.fr'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='maildir_home'
mailname:vin.lip.ens-lyon.fr
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25.4-20080521 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages exim4 depends on:
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii exim4-base 4.69-5+b1 support files for all Exim MTA (v4
ii exim4-daemon-light 4.69-5+b1 lightweight Exim MTA (v4) daemon
exim4 recommends no packages.
-- debconf information:
exim4/drec:
More information about the Pkg-exim4-maintainers
mailing list