| ▲ | winstonwinston a day ago | ||||||||||||||||||||||||||||||||||||||||
> Sure, that's possible, but I doubt it and I was also unable to trigger such behavior. An oversized message is bounced directly by the receiving SMTP server. > So the theory now has to be that possible to sneak something past the edge SMTP server, past the point where the system rewrites the HME address, then bouncing, and in sending the bounce, failing to properly rewrite something on the way back out, thus disclosing the real address. I remain skeptical that's what's happening. Try figuring out the message size that the forwarding edge (icloud.com) accepts, but the receiver (the mailbox server) does not. SMTP is tricky business, because you don't really know at which point the NDR might happen. | |||||||||||||||||||||||||||||||||||||||||
| ▲ | js2 a day ago | parent [-] | ||||||||||||||||||||||||||||||||||||||||
> Try figuring out the message size that the forwarding edge (icloud.com) accepts, but the receiver (the mailbox server) does not. Is this a theory or did you test this yourself? Anything even 1 byte less than that rejected at the edge passes through. And there's not a chain of SMTP servers either. It goes through a single SMTP server into my iCloud mailbox. If you think this is the flaw, you're welcome to prove it. I'm skeptical and not spending more time on it. Edit: this is with forwarding to an icloud.com address. If forwarding to a private domain and that domain's SMTP servers have more restrictive size limits, then yes, that bounce could reveal the real address. Don't use a non-icloud.com real address with HME. But the original (vague) description of the problem says nothing about whether the real address matters. In any case, I have no way to test that scenario. | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||