[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#496720: kmail sends unwanted MDN

Package: kmail
Version: 4:3.5.9-5
Severity: important


kmail with spamassasin is a security hole regarding to privacity.

I have kmail configured to _ask_ about sending MDN. When I receive legitimate
messages asking for confirmation, kmail correctly asks me wheter to send it or
not. But when the message asking for confirmation is classified as spam by
spamassasin, kmail sends _unwanted_ MDN about message deletion like the one
below.

This kind of unwanted MDN are lethal for privacity since they can reach the
spammer (if the From: is correct) or unwanted people (if it is forged).

Start of unwanted MDN:
--------------------------------------------------------------------------------
From: Noel David Torres =?iso-8859-1?q?Ta=F1o?= <envite@rolamasao.org>
X-KMail-Fcc: sent-mail
To: "Elijah morgenthaler" <fumoir_1964@2clean4home.com>
Subject: Message Disposition Notification
Date: Tue, 26 Aug 2008 22:27:32 +0200
User-Agent: KMail/1.9.9
MIME-Version: 1.0
Content-Type: Multipart/report;
  boundary="Boundary-00=_0cGtIq98r+nRXFc";
  report-type="disposition-notification"
In-Reply-To: <000901c907bc$777fa570$1bdac155@Szef>
References: <000901c907bc$777fa570$1bdac155@Szef>
Message-Id: <200808262227.32379.envite@rolamasao.org>
Status: RO
X-Status: RSC
X-KMail-EncryptionState:  
X-KMail-SignatureState:  
X-KMail-MDN-Sent:  

--Boundary-00=_0cGtIq98r+nRXFc
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Se ha eliminado sin verlo el mensaje para webmaster@rolamasao.org enviado e=
l 26-08-08 22:43 con el asunto =ABRamming deep into her=BB. No se garantiza=
 que el mensaje se recupere y se vuelve a leer m=E1s tarde.
--Boundary-00=_0cGtIq98r+nRXFc
Content-Type: Message/disposition-notification
Content-Transfer-Encoding: 7bit

Reporting-UA: quevedo; KMime 0.1.0
Final-Recipient: rfc822; Noel David Torres =?utf-8?B?VGHDsW8=?= <envite@rolamasao.org>
Original-Message-ID: <000901c907bc$777fa570$1bdac155@Szef>
Disposition: automatic-action/MDN-sent-automatically; deleted

--Boundary-00=_0cGtIq98r+nRXFc--

-------------------------------------------------------------------------------------


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kmail depends on:
ii  kdebase-kio-plugins    4:3.5.9.dfsg.1-5  core I/O slaves for KDE
ii  kdelibs4c2a            4:3.5.9.dfsg.1-6  core libraries and binaries for al
ii  kdepim-kio-plugins     4:3.5.9-5         KDE pim I/O Slaves
ii  libart-2.0-2           2.3.20-2          Library of functions for 2D graphi
ii  libaudio2              1.9.1-4           Network Audio System - shared libr
ii  libc6                  2.7-13            GNU C Library: Shared libraries
ii  libfontconfig1         2.6.0-1           generic font configuration library
ii  libfreetype6           2.3.7-2           FreeType 2 font engine, shared lib
ii  libgcc1                1:4.3.1-2         GCC support library
ii  libice6                2:1.0.4-1         X11 Inter-Client Exchange library
ii  libidn11               1.8+20080606-1    GNU libidn library, implementation
ii  libjpeg62              6b-14             The Independent JPEG Group's JPEG 
ii  libkcal2b              4:3.5.9-5         KDE calendaring library
ii  libkdepim1a            4:3.5.9-5         KDE PIM library
ii  libkleopatra1          4:3.5.9-5         KDE GnuPG interface libraries
ii  libkmime2              4:3.5.9-5         KDE MIME interface library
ii  libkpimidentities1     4:3.5.9-5         KDE PIM user identity information 
ii  libksieve0             4:3.5.9-5         KDE mail/news message filtering li
ii  libmimelib1c2a         4:3.5.9-5         KDE mime library
ii  libpng12-0             1.2.27-1          PNG library - runtime
ii  libqt3-mt              3:3.3.8b-5        Qt GUI Library (Threaded runtime v
ii  libsm6                 2:1.0.3-2         X11 Session Management library
ii  libstdc++6             4.3.1-2           The GNU Standard C++ Library v3
ii  libx11-6               2:1.1.4-2         X11 client-side library
ii  libxcursor1            1:1.1.9-1         X cursor management library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  libxft2                2.1.12-3          FreeType-based font drawing librar
ii  libxi6                 2:1.1.3-1         X11 Input extension library
ii  libxinerama1           2:1.0.3-2         X11 Xinerama extension library
ii  libxrandr2             2:1.2.3-1         X11 RandR extension library
ii  libxrender1            1:0.9.4-2         X Rendering Extension client libra
ii  libxt6                 1:1.0.5-3         X11 toolkit intrinsics library
ii  perl                   5.10.0-13         Larry Wall's Practical Extraction 
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages kmail recommends:
ii  kmailcvt                      4:3.5.9-5  KDE KMail mail folder converter
ii  procmail                      3.22-16    Versatile e-mail processor

Versions of packages kmail suggests:
pn  clamav | f-prot-installer     <none>     (no description available)
ii  gnupg                         1.4.9-3    GNU privacy guard - a free PGP rep
ii  gnupg-agent                   2.0.9-3    GNU privacy guard - password agent
ii  kaddressbook                  4:3.5.9-5  KDE NG addressbook application
ii  kleopatra                     4:3.5.9-5  KDE Certificate Manager
ii  pinentry-qt [pinentry-x11]    0.7.5-2    Qt-based PIN or pass-phrase entry 
ii  spamassassin                  3.2.5-1    Perl-based spam filter using text 

-- no debconf information
Reply to: