Ralf Hauser:
> Since certain MUAs such as MS Outlook allow the user to label messages as
> "confidential" which according to http://www.faqs.org/rfcs/rfc1327.html gets
> translated into MIME header "Sensitivity=Company-Confidential", quite some
> secure mail gateways ensure higher transmission secrecy (e.g.
> "smtp_enforce_tls") for such messages.
>
> To not loose such labeling, some MUAs also set this MIME-Header upon
> replies/forwards.
>
> Unfortunately, if such a message causes a bounce (e.g. inexistent
> recipient), postfix sends such a bounce without the sensitivity header.
Just to be clear about this, Postfix is an MTA, not a security
gateway. For this reason, Postfix has no code that recognizes
message headers that control behavior of security gateways. It's
not like I deliberately deleted the ability to do this. The whole
question simply never came up so the code was never implemented.
> This can cause contents to be disclosed since not treated properly by
> above-mentioned gateways (in particular, if the main.cf doesn't say
> bounce_size_limit=1 [the value 0 is not permitted??]).
Normally, "zero" means "no limit" in Postfix. I did not think that
that would be desirable in the case of bounce messages.
> Is there any reason for postfix not to keep the sensitivity mime header even
> on DSNs?
Postfix implements RFCs, to avoid re-inventing the wheel poorly.
Can you refer me to an RFC that requires MTAs to copy header fields
from an original message to the message header of a delivery status
notification? The only RFC that I am aware of is propagation of
the MIME 7bit/8bit content transfer encoding.
It would also help if you could point to an RFC that requires MTAs
to the change delivery method depending on the content of a message
header.
Wietse
