in webmail & webapisrv, store bcc header in sent messages

when sending a message with bcc's, prepend the bcc header to the message we store in the sent folder. still not in the message we send to the recipients.
2025-07-10 09:14:39 +03:00 · 2024-04-16 17:57:46 +02:00
parent abd098e8c0
commit c9451d4d06
11 changed files with 42 additions and 11 deletions
--- a/webapisrv/server.go
+++ b/webapisrv/server.go
@ -615,7 +615,7 @@ func (s server) Send(ctx context.Context, req webapi.SendRequest) (resp webapi.S
 	from, fromPath := froms[0], fromPaths[0]
 	to, toPaths := xparseAddresses(m.To)
 	cc, ccPaths := xparseAddresses(m.CC)
-	_, bccPaths := xparseAddresses(m.BCC)
+	bcc, bccPaths := xparseAddresses(m.BCC)

 	recipients := append(append(toPaths, ccPaths...), bccPaths...)
 	addresses := append(append(m.To, m.CC...), m.BCC...)
@ -714,6 +714,7 @@ func (s server) Send(ctx context.Context, req webapi.SendRequest) (resp webapi.S
 	}
 	xc.HeaderAddrs("To", to)
 	xc.HeaderAddrs("Cc", cc)
+	// We prepend Bcc headers to the message when adding to the Sent mailbox.
 	if m.Subject != "" {
 		xcheckcontrol(m.Subject)
 		xc.Subject(m.Subject)
@ -1037,6 +1038,17 @@ func (s server) Send(ctx context.Context, req webapi.SendRequest) (resp webapi.S
 				modseq, err := acc.NextModSeq(tx)
 				xcheckf(err, "next modseq")

+				// If there were bcc headers, prepend those to the stored message only, before the
+				// DKIM signature. The DKIM-signature oversigns the bcc header, so this stored message
+				// won't validate with DKIM anymore, which is fine.
+				if len(bcc) > 0 {
+					var sb strings.Builder
+					xbcc := message.NewComposer(&sb, 100*1024, smtputf8)
+					xbcc.HeaderAddrs("Bcc", bcc)
+					xbcc.Flush()
+					msgPrefix = sb.String() + msgPrefix
+				}
+
 				sentm := store.Message{
 					CreateSeq:     modseq,
 					ModSeq:        modseq,