• Avoiding BCC Leaks with Exim

    This issue is, by no means, Joomla specific - but Joomla's mass mail functionality provides a good example of what can go wrong.

    The expectation that most users have, is that the list of recipients BCC'd on an email will never be visible to any of those recipients.

    Unfortunately, whether or not that's the case may well depend on the Mail Transport Agent (MTA) that you are using.

    Those familiar with Joomla's Mass Mail feature will know that by default, recipients are BCC'd - unfortunately, if you're using Exim (which most CPanel servers, for example, are) then you may in fact find that those receiving your message can see exactly who it was sent to.

    Whether or not this BCC Leak is visible to the recipients will depend on what mail client they use (assuming they're not in the habit of looking at the mail headers anyway....), but those using Google Apps/Google Mail will have the list clearly presented to them when viewing the mail.

  • Installing iRedMail on Debian (Jessie) 8

    I've run my own mail server for quite some time, but it's started to reach the point where a refresh is probably in order.

    Normally, I'd prefer to build from scratch, but I thought, this time, I'd have a look at some of the "off-the-shelf" solutions that now exist. Mailinabox was quickly discounted because there's no real configurability, which doesn't sit well with me (it does simplify installation, but makes long-term management that much harder).

    iRedMail seems to have a reasonable following, and a scan of it's website and documentation suggested that it is, at least, reasonably sane.

    This documentation details the process I followed to install iRedMail on Debian 8 (Jessie). I used Jessie rather than Stretch (9) because that's what the VM I was repurposing was imaged with.