Project

General

Profile

Actions

Defect #1904

closed

MIME headers are not fully correct

Added by Alon Bar-Lev over 15 years ago. Updated about 15 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Email notifications
Target version:
-
Start date:
2008-09-15
Due date:
% Done:

0%

Estimated time:
Resolution:
Wont fix
Affected version:

Description

Hello,

I noticed that gmail does not recognize redmine emails as directed to me.

This is due to the following headers:
From:
Bcc: , , , ,

1. Please notice that I can see the Bcc, which I should not usually be allowed to see.
2. There is no To: header.

I think that every time you send an email message you should add only To: header which should contain the destination address, and drop the Bcc header.

Thanks!

Actions #1

Updated by Dan Cameron about 15 years ago

  • File SproutVenture_Mail_-__Redmine_-_Help__RE__gmail_and_email.yml_-.png added
  • File sproutventure.com.txt added

I can verify this issue.

Attached is an image of what is shown in gmail (I use Google Apps) and the raw email.

Actions #2

Updated by Paul Rivier about 15 years ago

Hi Dan,

this is a public internet page therefore it is discouraged to publish other people email adresses. Harvesting is a fast and automated operation, so please remove at least the text file. Thank you.

Actions #3

Updated by Jean-Philippe Lang about 15 years ago

  • Status changed from New to Closed
  • Resolution set to Wont fix

If you want Redmine to use the "To" field, uncheck "Blind carbon copy recipients (bcc)" in application settings.

Actions #4

Updated by Jean-Philippe Lang about 15 years ago

  • File deleted (sproutventure.com.txt)
Actions #5

Updated by Jean-Philippe Lang about 15 years ago

  • File deleted (SproutVenture_Mail_-__Redmine_-_Help__RE__gmail_and_email.yml_-.png)
Actions #6

Updated by Anonymous about 15 years ago

Hi Jean-Philippe, one point mentioned in the description hasn't been addressed. When I receive an e-mail from Redmine, I can see the 'bcc' field with everyone's e-mail addresses in. This field should not be visible in mail clients. When I send e-mails from my mail client (Mail.app on OS X), the recipients can't see the bcc field.

The point of using BCC fields is so that e-mail addresses aren't disclosed, but Redmine is disclosing them even when set to use 'bcc'.

Please can this be re-opened as a security issue? Because it means my e-mail address has been disclosed to many users as Redmine has sent out e-mails about tickets I'm interested in.

Thank you

Russell Hind

Actions

Also available in: Atom PDF