Bug 282536

Summary: Kmail2 leaves BCC addresses in the DATA section of the smtp transmission
Product: [Applications] kmail2 Reporter: John King <john>
Component: generalAssignee: kdepim bugs <pim-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: normal CC: john
Priority: NOR    
Version First Reported In: 4.7   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description John King 2011-09-22 07:39:04 UTC 
Version:           4.7 (using KDE 4.7.1) 
OS:                Linux


Several kmail2 users have reported that BCC recipients are displayed in the
headers of the To: recipient. (See Bugs 263587, 278014) when using certain SMTP
servers, whereas they should be stripped out.  Kmail1, on the other hand,
correctly strips out the BCC recipients when sending to an SMTP server.

One SMTP server I use where I had noticed this problem allows plain text
unencrypted SMTP. This provided an opportunity to use a protocol analyser (in
this case Wireshark) to see if there was any difference between Kmail1 and
Kmail2

In RFC 2821, Appendix B.1, it states:
 1. Each recipient address from a TO, CC, or BCC header field SHOULD
      be copied to a RCPT command (generating multiple message copies if
      that is required for queuing or delivery).  This includes any
      addresses listed in a RFC 822 "group".  Any BCC fields SHOULD then
      be removed from the headers.....

I take this to mean that the RCPT section of the transmission to the SMTP
server should contain the BCC addresses, but that the DATA section should not.

In each test case I emailed a To: recipient on yahoo.co.uk, with a BCC to a
recipient on bluebottle.com.

1	KMAIL1
The emails from Kmail1 behaved as expected. The To: recipient on Yahoo could
only see the To: address. The BCC recipient on Bluebottle similarly could only
see the To address.

The relevant sections from the wireshark dump show that the RCPT command
identifies all the recipients, including the BCC one, but the DATA section that
follows only contains the primary To: recipient. This is in line with RFC 2821

0000  00 09 5b ce 95 10 00 1b fc b6 e3 70 08 00 45 00   ..[........p..E.
0010  00 ad 47 b5 40 00 40 06 20 a5 c0 a8 00 0d c3 ad   ..G.@.@. .......
0020  4d 8e a1 c1 00 19 c4 6c 55 2a 77 e9 d9 c6 80 18   M......lU*w.....
0030  00 5c d2 90 00 00 01 01 08 0a 06 27 12 bf 09 a9   .\.........'....
0040  0c bb 4d 41 49 4c 20 46 52 4f 4d 3a 3c 6a 6f 68   ..MAIL FROM:<joh
0050  6e 40 6b 69 6e 67 73 68 6f 6d 65 2e 63 6f 2e 75   n@kingshome.co.u
0060  6b 3e 20 53 49 5a 45 3d 34 39 36 0d 0a 52 43 50   k> SIZE=496..RCP
0070  54 20 54 4f 3a 3c 6a 6f 68 6e 6d 6b 69 6e 67 5f   T TO:<johnmking_
0080  75 6b 40 79 61 68 6f 6f 2e 63 6f 2e 75 6b 3e 0d   uk@yahoo.co.uk>.
0090  0a 52 43 50 54 20 54 4f 3a 3c 6a 6f 68 6e 6d 6b   .RCPT TO:<johnmk
00a0  69 6e 67 40 62 6c 75 65 62 6f 74 74 6c 65 2e 63   ing@bluebottle.c
00b0  6f 6d 3e 0d 0a 44 41 54 41 0d 0a                  om>..DATA..

0000  00 1b fc b6 e3 70 00 09 5b ce 95 10 08 00 45 00   .....p..[.....E.
0010  00 90 7f 04 40 00 3b 06 ee 72 c3 ad 4d 8e c0 a8   ....@.;..r..M...
0020  00 0d 00 19 a1 c1 77 e9 d9 c6 c4 6c 55 a3 80 18   ......w....lU...
0030  c4 e0 81 66 00 00 01 01 08 0a 09 a9 0c da 06 27   ...f...........'
0040  12 bf 32 35 30 20 4f 4b 0d 0a 32 35 30 20 41 63   ..250 OK..250 Ac
0050  63 65 70 74 65 64 0d 0a 32 35 30 20 41 63 63 65   cepted..250 Acce
0060  70 74 65 64 0d 0a 33 35 34 20 45 6e 74 65 72 20   pted..354 Enter 
0070  6d 65 73 73 61 67 65 2c 20 65 6e 64 69 6e 67 20   message, ending 
0080  77 69 74 68 20 22 2e 22 20 6f 6e 20 61 20 6c 69   with "." on a li
0090  6e 65 20 62 79 20 69 74 73 65 6c 66 0d 0a         ne by itself..

0000  00 09 5b ce 95 10 00 1b fc b6 e3 70 08 00 45 00   ..[........p..E.
0010  02 1e 47 b6 40 00 40 06 1f 33 c0 a8 00 0d c3 ad   ..G.@.@..3......
0020  4d 8e a1 c1 00 19 c4 6c 55 a3 77 e9 da 22 80 18   M......lU.w.."..
0030  00 5c d4 01 00 00 01 01 08 0a 06 27 13 0e 09 a9   .\.........'....
0040  0c da 46 72 6f 6d 3a 20 4a 6f 68 6e 20 4b 69 6e   ..From: John Kin
0050  67 20 3c 6a 6f 68 6e 40 6b 69 6e 67 73 68 6f 6d   g <john@kingshom
0060  65 2e 63 6f 2e 75 6b 3e 0d 0a 52 65 70 6c 79 2d   e.co.uk>..Reply-
0070  54 6f 3a 20 6a 6f 68 6e 40 6b 69 6e 67 73 68 6f   To: john@kingsho
0080  6d 65 2e 63 6f 2e 75 6b 0d 0a 54 6f 3a 20 4a 6f   me.co.uk..To: Jo
0090  68 6e 20 59 61 68 6f 6f 20 3c 6a 6f 68 6e 6d 6b   hn Yahoo <johnmk
00a0  69 6e 67 5f 75 6b 40 79 61 68 6f 6f 2e 63 6f 2e   ing_uk@yahoo.co.
00b0  75 6b 3e 0d 0a 53 75 62 6a 65 63 74 3a 20 74 65   uk>..Subject: te
00c0  73 74 31 20 2d 20 6b 6d 61 69 6c 31 20 74 6f 20   st1 - kmail1 to 
00d0  79 20 62 63 63 20 62 0d 0a 44 61 74 65 3a 20 54   y bcc b..Date: T
00e0  68 75 2c 20 32 32 20 53 65 70 20 32 30 31 31 20   hu, 22 Sep 2011 
00f0  30 36 3a 32 30 3a 35 33 20 2b 30 31 30 30 0d 0a   06:20:53 +0100..
0100  55 73 65 72 2d 41 67 65 6e 74 3a 20 4b 4d 61 69   User-Agent: KMai
0110  6c 2f 31 2e 31 32 2e 34 20 28 4c 69 6e 75 78 2f   l/1.12.4 (Linux/
0120  32 2e 36 2e 33 31 2e 31 34 2d 30 2e 38 2d 70 61   2.6.31.14-0.8-pa
0130  65 3b 20 4b 44 45 2f 34 2e 33 2e 35 3b 20 69 36   e; KDE/4.3.5; i6
0140  38 36 3b 20 3b 20 29 0d 0a 44 69 73 70 6f 73 69   86; ; )..Disposi
0150  74 69 6f 6e 2d 4e 6f 74 69 66 69 63 61 74 69 6f   tion-Notificatio
0160  6e 2d 54 6f 3a 20 6a 6f 68 6e 40 6b 69 6e 67 73   n-To: john@kings
0170  68 6f 6d 65 2e 63 6f 2e 75 6b 0d 0a 4d 49 4d 45   home.co.uk..MIME
0180  2d 56 65 72 73 69 6f 6e 3a 20 31 2e 30 0d 0a 43   -Version: 1.0..C
0190  6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 54 65 78   ontent-Type: Tex
01a0  74 2f 50 6c 61 69 6e 3b 0d 0a 20 20 63 68 61 72   t/Plain;..  char
01b0  73 65 74 3d 22 75 73 2d 61 73 63 69 69 22 0d 0a   set="us-ascii"..
01c0  43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72   Content-Transfer
01d0  2d 45 6e 63 6f 64 69 6e 67 3a 20 37 62 69 74 0d   -Encoding: 7bit.
01e0  0a 4d 65 73 73 61 67 65 2d 49 64 3a 20 3c 32 30   .Message-Id: <20
01f0  31 31 30 39 32 32 30 36 32 30 2e 35 33 35 36 32   1109220620.53562
0200  2e 6a 6f 68 6e 40 6b 69 6e 67 73 68 6f 6d 65 2e   .john@kingshome.
0210  63 6f 2e 75 6b 3e 0d 0a 0d 0a 6b 6d 61 69 6c 31   co.uk>....kmail1
0220  20 74 65 73 74 0d 0a 0d 0a 2e 0d 0a                test.......


I subsequently repeated the same test with Thunderbird for comparison and got
the same result: BCC recipient in RCPT section, no BCC in DATA section.

KMAIL2

Kmail2 on the other hand, gives a different result. The email sent from kmail2
to a primary To: recipient on Yahoo and a BCC recipient on Bluebottle results
in the Yahoo To: recipient also seeing the BCC recipient.

The dump from wireshark shows that the RCPT section contains all addresses, as
it should, but also that the DATA section contains all addresses. The BCC
address has not been stripped out, as required by RFC 2821.

0000  00 09 5b ce 95 10 08 00 27 8b cc 93 08 00 45 00   ..[.....'.....E.
0010  00 b3 00 67 40 00 40 06 67 e3 c0 a8 00 07 c3 ad   ...g@.@.g.......
0020  4d 9e e7 8e 00 19 7a e3 bf 72 ea 08 8a 51 80 18   M.....z..r...Q..
0030  00 45 d2 a0 00 00 01 01 08 0a 00 00 bf 50 53 af   .E...........PS.
0040  8c 52 4d 41 49 4c 20 46 52 4f 4d 3a 3c 6a 6f 68   .RMAIL FROM:<joh
0050  6e 40 67 72 65 65 6e 6b 69 6e 67 2e 64 65 6d 6f   n@greenking.demo
0060  6e 2e 63 6f 2e 75 6b 3e 20 53 49 5a 45 3d 34 37   n.co.uk> SIZE=47
0070  37 0d 0a 52 43 50 54 20 54 4f 3a 3c 6a 6f 68 6e   7..RCPT TO:<john
0080  6d 6b 69 6e 67 5f 75 6b 40 79 61 68 6f 6f 2e 63   mking_uk@yahoo.c
0090  6f 2e 75 6b 3e 0d 0a 52 43 50 54 20 54 4f 3a 3c   o.uk>..RCPT TO:<
00a0  6a 6f 68 6e 6d 6b 69 6e 67 40 62 6c 75 65 62 6f   johnmking@bluebo
00b0  74 74 6c 65 2e 63 6f 6d 3e 0d 0a 44 41 54 41 0d   ttle.com>..DATA.

0000  08 00 27 8b cc 93 00 09 5b ce 95 10 08 00 45 00   ..'.....[.....E.
0010  00 90 f8 2e 40 00 3a 06 76 3e c3 ad 4d 9e c0 a8   ....@.:.v>..M...
0020  00 07 00 19 e7 8e ea 08 8a 51 7a e3 bf f1 80 18   .........Qz.....
0030  c4 e0 88 22 00 00 01 01 08 0a 53 af 8c 66 00 00   ..."......S..f..
0040  bf 50 32 35 30 20 4f 4b 0d 0a 32 35 30 20 41 63   .P250 OK..250 Ac
0050  63 65 70 74 65 64 0d 0a 32 35 30 20 41 63 63 65   cepted..250 Acce
0060  70 74 65 64 0d 0a 33 35 34 20 45 6e 74 65 72 20   pted..354 Enter 
0070  6d 65 73 73 61 67 65 2c 20 65 6e 64 69 6e 67 20   message, ending 
0080  77 69 74 68 20 22 2e 22 20 6f 6e 20 61 20 6c 69   with "." on a li
0090  6e 65 20 62 79 20 69 74 73 65 6c 66 0d 0a         ne by itself..


0000  00 09 5b ce 95 10 08 00 27 8b cc 93 08 00 45 00   ..[.....'.....E.
0010  01 fd 00 68 40 00 40 06 66 98 c0 a8 00 07 c3 ad   ...h@.@.f.......
0020  4d 9e e7 8e 00 19 7a e3 bf f1 ea 08 8a ad 80 18   M.....z.........
0030  00 45 d3 ea 00 00 01 01 08 0a 00 00 bf 84 53 af   .E............S.
0040  8c 66 46 72 6f 6d 3a 20 4a 6f 68 6e 20 4b 69 6e   .fFrom: John Kin
0050  67 20 3c 6a 6f 68 6e 40 67 72 65 65 6e 6b 69 6e   g <john@greenkin
0060  67 2e 64 65 6d 6f 6e 2e 63 6f 2e 75 6b 3e 0d 0a   g.demon.co.uk>..
0070  54 6f 3a 20 6a 6f 68 6e 6d 6b 69 6e 67 5f 75 6b   To: johnmking_uk
0080  40 79 61 68 6f 6f 2e 63 6f 2e 75 6b 0d 0a 52 65   @yahoo.co.uk..Re
0090  70 6c 79 2d 54 6f 3a 20 6a 6f 68 6e 40 67 72 65   ply-To: john@gre
00a0  65 6e 6b 69 6e 67 2e 64 65 6d 6f 6e 2e 63 6f 2e   enking.demon.co.
00b0  75 6b 0d 0a 42 63 63 3a 20 6a 6f 68 6e 6d 6b 69   uk..Bcc: johnmki
00c0  6e 67 40 62 6c 75 65 62 6f 74 74 6c 65 2e 63 6f   ng@bluebottle.co
00d0  6d 0d 0a 53 75 62 6a 65 63 74 3a 20 74 65 73 74   m..Subject: test
00e0  32 20 2d 20 6b 6d 61 69 6c 32 20 74 6f 20 79 20   2 - kmail2 to y 
00f0  62 63 63 20 62 0d 0a 44 61 74 65 3a 20 54 68 75   bcc b..Date: Thu
0100  2c 20 32 32 20 53 65 70 20 32 30 31 31 20 30 36   , 22 Sep 2011 06
0110  3a 33 30 3a 32 36 20 2b 30 31 30 30 0d 0a 4d 65   :30:26 +0100..Me
0120  73 73 61 67 65 2d 49 44 3a 20 3c 33 34 31 35 34   ssage-ID: <34154
0130  30 35 2e 78 58 5a 59 52 48 44 56 70 33 40 6c 69   05.xXZYRHDVp3@li
0140  6e 75 78 2d 61 64 6f 31 3e 0d 0a 55 73 65 72 2d   nux-ado1>..User-
0150  41 67 65 6e 74 3a 20 4b 4d 61 69 6c 2f 34 2e 37   Agent: KMail/4.7
0160  2e 31 20 28 4c 69 6e 75 78 2f 32 2e 36 2e 33 37   .1 (Linux/2.6.37
0170  2e 36 2d 30 2e 37 2d 64 65 66 61 75 6c 74 3b 20   .6-0.7-default; 
0180  4b 44 45 2f 34 2e 37 2e 31 3b 20 69 36 38 36 3b   KDE/4.7.1; i686;
0190  20 3b 20 29 0d 0a 4d 49 4d 45 2d 56 65 72 73 69    ; )..MIME-Versi
01a0  6f 6e 3a 20 31 2e 30 0d 0a 43 6f 6e 74 65 6e 74   on: 1.0..Content
01b0  2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69   -Transfer-Encodi
01c0  6e 67 3a 20 37 42 69 74 0d 0a 43 6f 6e 74 65 6e   ng: 7Bit..Conten
01d0  74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61   t-Type: text/pla
01e0  69 6e 3b 20 63 68 61 72 73 65 74 3d 22 75 73 2d   in; charset="us-
01f0  61 73 63 69 69 22 0d 0a 0d 0a 74 65 73 74 32 20   ascii"....test2 
0200  6b 6d 61 69 6c 32 0d 0a 2e 0d 0a                  kmail2.....


I would suggest that this difference in behaviour is the reason for the BCC
addresses appearing in the To: recipient's email.


Reproducible: Always

Steps to Reproduce:
email from kmail2 via 3 different smtp servers resulted in BCC appearing in the headers of the To: recipient. Email form kmail1 worked satisfactorily

Actual Results:  
as described above

Expected Results:  
no BCC appearing in To: recipient's email
Comment 1 Christophe Marin 2011-09-22 10:26:16 UTC 
There was no need to open a new report for the same issue.

*** This bug has been marked as a duplicate of bug 263587 ***