[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vps-mail] mail to unknown user delivered to local mailbox
- Subject: Re: [vps-mail] mail to unknown user delivered to local mailbox
- From: Scott Wiersdorf <scottw@xxxxxxxxxxxx>
- Date: Fri, 2 Dec 2005 09:47:10 -0700
On Fri, Dec 02, 2005 at 05:15:05PM +0100, Andy McKell, FOCUS Internet wrote:
> At 09:06 AM 12/2/2005 -0700, Scott Wiersdorf wrote:
>
> >If he means "read the bcc line" the answer is "no", of course: it's
> >stripped out when the mail is *sent*.
> 
> Unless the user on his machine is the recipient of the blind copy?
Nope, bcc is always stripped out by RFC compliant mail servers
(including sendmail). The only time the receiving server will ever see
the address is at connection time in the SMTP handshake.
The only place you might be able to find the bcc user is in the
maillog "to=root@xxxxxxxxxxxxxxx":
     Dec  2 16:35:45 thursday sm-mta[57003]: jB2GZBZq056947: to=root@xxxxxxxxxxxxxxx, \
     delay=00:00:16, xdelay=00:00:02, mailer=local, pri=30361, relay=local, dsn=2.0.0, stat=Sent
and in the message you might have this:
 1     From scottw@xxxxxxxxxxxx  Fri Dec  2 16:35:43 2005
 2     Return-Path: <scottw@xxxxxxxxxxxx>
 3     Received: from localhost (localhost [127.0.0.1])
3a            by securesites.net (8.13.1/8.12.11) with SMTP id jB2GZBZq056947
3b            for root@xxxxxxxxxxxxxxx; Fri, 2 Dec 2005 16:35:29 GMT
 4     Date: Fri, 2 Dec 2005 16:35:11 GMT
 5     Message-Id: <200512021635.jB2GZBZq056947@xxxxxxxxxxxxxxx>
 6     Subject: foo
 7     To: you
 8     From: me
 9
10    This is the message.
Lines 1 and 2 are where the receiving sendmail inserts the envelope
sender's address ("MAIL FROM" during SMTP handshake). The MAIL FROM
handshake token can be forged, like everything else. The only thing
you know for *sure* is the last server to connect to your server
(sendmail adds this as the last contiguous Received header (some
spammers insert additional Received headers to throw off Received
diggers, but they're not contiguous with the natural Received headers).
Line 3b is where the receiving sendmail *might* (depending on
configuration) insert the envelope recipient ("RCPT TO" during SMTP
handshake).
Scott
-- 
Scott Wiersdorf
scottw@xxxxxxxxxxxx
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).
Main Index |
Thread Index