Hi!
We're running postfix-users@postfix.org and we're encountering an odd problem: A system is sending mailing list messages that were posted on postfix-users@postfix.org BACK to postfix-users@postfix.org
And these mails simply pass moderation (which is set to the following): Default action to take when a member posts to the list: Default processing Default action to take when a non-member posts to the list: discard (no notification)
The headers of the mail (which I put on hold, based on the IP of the sending system):
Date: Thu, 24 Oct 2024 11:13:01 +0200 To: postfix-users@postfix.org Message-ID: <ZxoPneroJAID0LOm@castor.ghen.be> In-Reply-To: <ZxoMla6S1LugyQ9j@chardros.imrryr.org> X-MailFrom: geert@hendrickx.be X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-postfix-users.postfix.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9 Precedence: list Content-Type: text/plain; charset="us-ascii" Message-ID-Hash: Z6I2WZCEBC6PUKLVOEVAW3ZU2CDR47AW X-Message-ID-Hash: Z6I2WZCEBC6PUKLVOEVAW3ZU2CDR47AW X-MailFrom: tech@turbopush.cn X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-postfix-users.postfix.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header Subject: =?utf-8?B?W+WklumDqOmCruS7tl1bcGZ4XSBb5aSW6YOo6YKu5Lu2XVvlpJbpg6jpgq7ku7ZdUmU6IE9wZW5TU0wgY29tcGlsZSB2cy4gcnVudGltZSB2ZXJzaW9uIHdhcm5pbmc=?= From: Geert Hendrickx via Postfix-users via Postfix-users <postfix-users@postfix.org> Reply-To: Geert Hendrickx <geert@hendrickx.be>, Geert Hendrickx via Postfix-users <postfix-users@postfix.org>
So, it's the mail from "Geert Hendrickx" being resent from tech@turbopush.cn -- the headers have both
"X-MailFrom: tech@turbopush.cn" (not a member of the list) and "X-MailFrom: geert@hendrickx.be" (definitely a member of the list)
Why is the mail being accepted? From: doesn't look right (since it says "postfix-users@postfix.org")
We're currently stopping these mails, but I think mm3 is not acting correctly here (unless we're missing something)
-- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155 ralf.hildebrandt@charite.de https://www.charite.de