Bug#496720: kmail sends unwanted MDN
Package: kmail
Version: 4:3.5.9-5
Severity: important
kmail with spamassasin is a security hole regarding to privacity.
I have kmail configured to _ask_ about sending MDN. When I receive legitimate
messages asking for confirmation, kmail correctly asks me wheter to send it or
not. But when the message asking for confirmation is classified as spam by
spamassasin, kmail sends _unwanted_ MDN about message deletion like the one
below.
This kind of unwanted MDN are lethal for privacity since they can reach the
spammer (if the From: is correct) or unwanted people (if it is forged).
Start of unwanted MDN:
--------------------------------------------------------------------------------
From: Noel David Torres =?iso-8859-1?q?Ta=F1o?= <envite@rolamasao.org>
X-KMail-Fcc: sent-mail
To: "Elijah morgenthaler" <fumoir_1964@2clean4home.com>
Subject: Message Disposition Notification
Date: Tue, 26 Aug 2008 22:27:32 +0200
User-Agent: KMail/1.9.9
MIME-Version: 1.0
Content-Type: Multipart/report;
boundary="Boundary-00=_0cGtIq98r+nRXFc";
report-type="disposition-notification"
In-Reply-To: <000901c907bc$777fa570$1bdac155@Szef>
References: <000901c907bc$777fa570$1bdac155@Szef>
Message-Id: <200808262227.32379.envite@rolamasao.org>
Status: RO
X-Status: RSC
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:
--Boundary-00=_0cGtIq98r+nRXFc
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Se ha eliminado sin verlo el mensaje para webmaster@rolamasao.org enviado e=
l 26-08-08 22:43 con el asunto =ABRamming deep into her=BB. No se garantiza=
que el mensaje se recupere y se vuelve a leer m=E1s tarde.
--Boundary-00=_0cGtIq98r+nRXFc
Content-Type: Message/disposition-notification
Content-Transfer-Encoding: 7bit
Reporting-UA: quevedo; KMime 0.1.0
Final-Recipient: rfc822; Noel David Torres =?utf-8?B?VGHDsW8=?= <envite@rolamasao.org>
Original-Message-ID: <000901c907bc$777fa570$1bdac155@Szef>
Disposition: automatic-action/MDN-sent-automatically; deleted
--Boundary-00=_0cGtIq98r+nRXFc--
-------------------------------------------------------------------------------------
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages kmail depends on:
ii kdebase-kio-plugins 4:3.5.9.dfsg.1-5 core I/O slaves for KDE
ii kdelibs4c2a 4:3.5.9.dfsg.1-6 core libraries and binaries for al
ii kdepim-kio-plugins 4:3.5.9-5 KDE pim I/O Slaves
ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi
ii libaudio2 1.9.1-4 Network Audio System - shared libr
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libfontconfig1 2.6.0-1 generic font configuration library
ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib
ii libgcc1 1:4.3.1-2 GCC support library
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libidn11 1.8+20080606-1 GNU libidn library, implementation
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libkcal2b 4:3.5.9-5 KDE calendaring library
ii libkdepim1a 4:3.5.9-5 KDE PIM library
ii libkleopatra1 4:3.5.9-5 KDE GnuPG interface libraries
ii libkmime2 4:3.5.9-5 KDE MIME interface library
ii libkpimidentities1 4:3.5.9-5 KDE PIM user identity information
ii libksieve0 4:3.5.9-5 KDE mail/news message filtering li
ii libmimelib1c2a 4:3.5.9-5 KDE mime library
ii libpng12-0 1.2.27-1 PNG library - runtime
ii libqt3-mt 3:3.3.8b-5 Qt GUI Library (Threaded runtime v
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libstdc++6 4.3.1-2 The GNU Standard C++ Library v3
ii libx11-6 2:1.1.4-2 X11 client-side library
ii libxcursor1 1:1.1.9-1 X cursor management library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxft2 2.1.12-3 FreeType-based font drawing librar
ii libxi6 2:1.1.3-1 X11 Input extension library
ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library
ii libxrandr2 2:1.2.3-1 X11 RandR extension library
ii libxrender1 1:0.9.4-2 X Rendering Extension client libra
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii perl 5.10.0-13 Larry Wall's Practical Extraction
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages kmail recommends:
ii kmailcvt 4:3.5.9-5 KDE KMail mail folder converter
ii procmail 3.22-16 Versatile e-mail processor
Versions of packages kmail suggests:
pn clamav | f-prot-installer <none> (no description available)
ii gnupg 1.4.9-3 GNU privacy guard - a free PGP rep
ii gnupg-agent 2.0.9-3 GNU privacy guard - password agent
ii kaddressbook 4:3.5.9-5 KDE NG addressbook application
ii kleopatra 4:3.5.9-5 KDE Certificate Manager
ii pinentry-qt [pinentry-x11] 0.7.5-2 Qt-based PIN or pass-phrase entry
ii spamassassin 3.2.5-1 Perl-based spam filter using text
-- no debconf information
Reply to: