[Tickets #13041] Re: Posibillity to diabled the Received from ... (Horde Framework) with HTTP header line injection to the e-Mail header lines.
noreply at bugs.horde.org
noreply at bugs.horde.org
Tue Mar 18 21:54:12 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/13041
------------------------------------------------------------------------------
Ticket | 13041
Updated By | klaus at tachtler.net
Summary | Posibillity to diabled the Received from ... (Horde
| Framework) with HTTP header line injection to the
| e-Mail header lines.
Queue | Horde Framework Packages
Version | Git master
Type | Enhancement
State | Rejected
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
klaus at tachtler.net (2014-03-18 21:54) wrote:
> #2: RFC 5321:
>
> 7.6. Information Disclosure in Trace Fields
>
> In some circumstances, such as when mail originates from within a LAN
> whose hosts are not directly on the public Internet, trace
> ("Received") header fields produced in conformance with this
> specification may disclose host names and similar information that
> would not normally be available. This ordinarily does not pose a
> problem, but sites with special concerns about name disclosure should
> be aware of it.
Thank you for the detailed RFC desciption. I will read it in the whole
to understand it right.
You can close this enhancement, and thank you for the advise.
Klaus.
More information about the bugs
mailing list