Wanted to make a new post but didn't work, so why not post it here: we've encountered that the standard setting in the OVA, to append the "X-Assp-Intended-For"-Header both to incoming and outgoing mails, is HUGELY insecure and also might violate privacy rules in Europe in some setups regarding BCC:
If you have an Exchange Server before you relay through ASSP, the Exchange Server will split the mail into one mail to the original recipient and one mail to the BCC'd recipients. But it will (of course) remove the BCC header line from both mails. So what this means is ASSP now does not know anymore that some of these addresses have been BCC addresses, other than looking if they appear somewhere in the header lines (To or CC). ASSP currently only doesn't add the intended-for header lines if there is a corresponding BCC entry, if I'm correct. So in the end, if you do not strip the X-Assp-Intended-For header lines after ASSP, the BCC'd users will see each other. -- Sent from: http://anti-spam-smtp-proxy-server.996265.n3.nabble.com/assp-test-f3.html ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
