I have not made any changes (intentionally) to mailman in many months but suddenly mail from the list has listname-bounces as the from header rather then the original poster. I have to assume that one of my CentOS updates changed something, although I don't recall seeing any automatic updates to mailman. I can't seem to find where to set that header. In any case wherever I set it before must have been wrong for an update to overwrite it (assuming that is what caused this).
Also, I'm guessing this is related, bounced messages are now being handled as uncaught bounces.
The attached message was received as a bounce, but either the bounce format was not recognized, or no member addresses could be extracted from it. This mailing list has been configured to send all unrecognized bounce messages to the list administrator(s).
This is in spite of the fact that the reason for the bounce and the bad address are quite clear in the bounced message (sanitized).
Sorry, we were unable to deliver your message to the following address.
<******@aol.com>: Remote host said: 550 5.1.1 <*******@aol.com>: Recipient address rejected: aol.com [RCPT_TO]
If the reason is because that address is not a recognized member address, then how did it get sent there in the first place? The content was indeed a list message.
Can someone help sort out what is wrong and how to prevent it in the future? Thanks.
On 2/13/2013 6:11 AM, Dennis Putnam wrote:
See the FAQ at <http://wiki.list.org/x/RoA9>.
What does the sender look like in the archived messages?
The reason is no address can be parsed from the message. It has nothing to do with whether or not the address is that of a list member.
This could be something broken in Mailman (not likely related to the From: issue), or it could be some new bounce format not currently recognized.
Please send me a copy of the raw unrecognized bounce attachment and tell me what Mailman version this is.
Also, if the FAQ linked above doesn't explain the From: issue, send me a copy of a complete, raw message received from the list.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
It turns out that the OP is using a Yahoo server as a smarthost to relay Mailman's mail. It is Yahoo that is rewriting the From: header.
I finally did some experimentation with sending via a Yahoo server. This is what I found
I connect to smtp.mail.yahoo.com:465 (SSL) and authenticate with my Yahoo address.
I issue a MAIL FROM. If the address is not a verified address on my Yahoo account, the MAIL FROM is rejected with '553 From address not verified - see http://help.yahoo.com/l/us/yahoo/mail/original/manage/sendfrom-07.html' (note, this URL doesn't exist, but other help indicates you have to send from addresses which are verified for your account. It seems the OP has realized this and has verified the listname-bounces address on his Yahoo account so Mailman's mail will be accepted.
If the address is verified, I can proceed and send the mail. The result depends on whether the From: address in the mail is or is not a verified address on my Yahoo account.
If the From: is a verified address, the From: header is not rewritten, but the envelope sender address is rewritten to the From: header address. In the case of Mailman, this will break bounce processing as bounces will return to the poster and not to Mailman.
If the From: is not a verified address, the entire From: is replaced with one containing only the verified envelope sender address, i.e., the listname-bounces address in the Mailman case. This is what is apparently happening in the OP's case and appears to be a change at Yahoo.
The implication of this is that Yahoo is simply not viable as a smarthost relay for Mailman's outgoing mail.
Note that Gmail/googlemail is not a viable alternative either as Gmail/googlemail always rewrites both the envelope sender address and the From: header address to the Gmail/googlemail address used to authenticate to the server. Gmail/googlemail at least leaves the original display name in the From: header, but that's all.
This turned out to be a bounce format from Yahoo that wasn't recognized by Mailman. The recognizer will be updated for this.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 2/24/2013 12:48 PM, Dennis Putnam wrote:
It appears that hotmail offers a free relay. Is that a viable alternative?
I tested two more freemail servers, AOL (smtp.aim.com) and Hotmail (smtp.live.com). Neither of these is viable as a Mailman outbound relay.
AOL refuses to accept the mail unless both the envelope sender and the From: header address are addresses associated with the authenticating AOL/AIM account. In addition, AOL's server says this in it's reply to the connect:
220-mtaout-ma03.r1000.mx.aol.com ESMTP MUA/Third Party Client Interface 220-AOL and its affiliated companies do not 220-authorize the use of its proprietary computers and computer 220-networks to accept, transmit, or distribute unsolicited bulk 220-e-mail sent from the internet. 220-Effective immediately: 220-AOL may no longer accept connections from IP addresses 220 which no reverse-DNS (PTR record) assigned.
If you have an appropriate reverse-DNS, you probably should just be sending directly and not through a smarthost.
Hotmail is a bit worse than Gmail. It accepts the mail but rewrites both the envelope sender and the From: including display name to the address and display name associated with the authenticating Hotmail/Live Mail/Outlook.com account. This differs from Gmail in that Gmail rewrites only the address in From: and not the display name.
None of this is surprising to me. I think all large ISPs take similar measures in an attempt to avoid relaying spam with spoofed senders.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 25 Feb 2013, at 8:26, Dennis Putnam wrote:
I guess I'm not surprised either. Unfortunately with ISPs blocking outgoing SMTP there are few alternatives.
That is generally a function of what sort of access you buy. The sad reality is that blocking port 25 helps limit the scale & cost of abuse desk and retail tech support operations, so ISPs block port 25 by default on their cheapest access accounts. Depending on your provider, you may be able to get port 25 unblocked just by asking for it or by paying a premium for a "business grade" account, but it can be difficult to run a mailing list from anywhere in the address space of a "consumer" ISP because of receiver-side filtering.
I wonder if any of the pay SMTP servers would work any better.
Intentional providers of paid SMTP smarthost service do exist in the market. Freemail operations exist to muster users for operations that sell their aggregated eyeballs or for "upselling" into revenue-producing services. Mail smarthost service, especially for anything of a "bulk" nature, is a costly and risky service to provide which doesn't provide much opportunity for a freemail operator to resell eyeballs or lead users to paid services, so it is natural that they are intentionally closing off the ability to use them as smarthosts for free.
If you're willing & able to be a small-scale sysadmin, it may be worth the trouble to forget about buying SMTP smarthost service and instead get a small virtual private server with a reputable provider. Just as being on a consumer ISP network can mean that you share the aggregate reputation of everyone else on that network, routing mail through a shared smarthost (even one charging for service) throws your lot in with all of the customers of that service and buying a VPS on the cheap (e.g. Amazon EC2) means you end up at least partially sharing the reputation of everyone else using the same low-rent provider. It's unfortunate, but as the net has matured it has taken on some of the same features as the real world; the market value your home (real or presumed) is a source of prejudices made tangible in how likely strangers are to trust you.
On 2/13/2013 6:11 AM, Dennis Putnam wrote:
See the FAQ at <http://wiki.list.org/x/RoA9>.
What does the sender look like in the archived messages?
The reason is no address can be parsed from the message. It has nothing to do with whether or not the address is that of a list member.
This could be something broken in Mailman (not likely related to the From: issue), or it could be some new bounce format not currently recognized.
Please send me a copy of the raw unrecognized bounce attachment and tell me what Mailman version this is.
Also, if the FAQ linked above doesn't explain the From: issue, send me a copy of a complete, raw message received from the list.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
It turns out that the OP is using a Yahoo server as a smarthost to relay Mailman's mail. It is Yahoo that is rewriting the From: header.
I finally did some experimentation with sending via a Yahoo server. This is what I found
I connect to smtp.mail.yahoo.com:465 (SSL) and authenticate with my Yahoo address.
I issue a MAIL FROM. If the address is not a verified address on my Yahoo account, the MAIL FROM is rejected with '553 From address not verified - see http://help.yahoo.com/l/us/yahoo/mail/original/manage/sendfrom-07.html' (note, this URL doesn't exist, but other help indicates you have to send from addresses which are verified for your account. It seems the OP has realized this and has verified the listname-bounces address on his Yahoo account so Mailman's mail will be accepted.
If the address is verified, I can proceed and send the mail. The result depends on whether the From: address in the mail is or is not a verified address on my Yahoo account.
If the From: is a verified address, the From: header is not rewritten, but the envelope sender address is rewritten to the From: header address. In the case of Mailman, this will break bounce processing as bounces will return to the poster and not to Mailman.
If the From: is not a verified address, the entire From: is replaced with one containing only the verified envelope sender address, i.e., the listname-bounces address in the Mailman case. This is what is apparently happening in the OP's case and appears to be a change at Yahoo.
The implication of this is that Yahoo is simply not viable as a smarthost relay for Mailman's outgoing mail.
Note that Gmail/googlemail is not a viable alternative either as Gmail/googlemail always rewrites both the envelope sender address and the From: header address to the Gmail/googlemail address used to authenticate to the server. Gmail/googlemail at least leaves the original display name in the From: header, but that's all.
This turned out to be a bounce format from Yahoo that wasn't recognized by Mailman. The recognizer will be updated for this.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 2/24/2013 12:48 PM, Dennis Putnam wrote:
It appears that hotmail offers a free relay. Is that a viable alternative?
I tested two more freemail servers, AOL (smtp.aim.com) and Hotmail (smtp.live.com). Neither of these is viable as a Mailman outbound relay.
AOL refuses to accept the mail unless both the envelope sender and the From: header address are addresses associated with the authenticating AOL/AIM account. In addition, AOL's server says this in it's reply to the connect:
220-mtaout-ma03.r1000.mx.aol.com ESMTP MUA/Third Party Client Interface 220-AOL and its affiliated companies do not 220-authorize the use of its proprietary computers and computer 220-networks to accept, transmit, or distribute unsolicited bulk 220-e-mail sent from the internet. 220-Effective immediately: 220-AOL may no longer accept connections from IP addresses 220 which no reverse-DNS (PTR record) assigned.
If you have an appropriate reverse-DNS, you probably should just be sending directly and not through a smarthost.
Hotmail is a bit worse than Gmail. It accepts the mail but rewrites both the envelope sender and the From: including display name to the address and display name associated with the authenticating Hotmail/Live Mail/Outlook.com account. This differs from Gmail in that Gmail rewrites only the address in From: and not the display name.
None of this is surprising to me. I think all large ISPs take similar measures in an attempt to avoid relaying spam with spoofed senders.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 25 Feb 2013, at 8:26, Dennis Putnam wrote:
I guess I'm not surprised either. Unfortunately with ISPs blocking outgoing SMTP there are few alternatives.
That is generally a function of what sort of access you buy. The sad reality is that blocking port 25 helps limit the scale & cost of abuse desk and retail tech support operations, so ISPs block port 25 by default on their cheapest access accounts. Depending on your provider, you may be able to get port 25 unblocked just by asking for it or by paying a premium for a "business grade" account, but it can be difficult to run a mailing list from anywhere in the address space of a "consumer" ISP because of receiver-side filtering.
I wonder if any of the pay SMTP servers would work any better.
Intentional providers of paid SMTP smarthost service do exist in the market. Freemail operations exist to muster users for operations that sell their aggregated eyeballs or for "upselling" into revenue-producing services. Mail smarthost service, especially for anything of a "bulk" nature, is a costly and risky service to provide which doesn't provide much opportunity for a freemail operator to resell eyeballs or lead users to paid services, so it is natural that they are intentionally closing off the ability to use them as smarthosts for free.
If you're willing & able to be a small-scale sysadmin, it may be worth the trouble to forget about buying SMTP smarthost service and instead get a small virtual private server with a reputable provider. Just as being on a consumer ISP network can mean that you share the aggregate reputation of everyone else on that network, routing mail through a shared smarthost (even one charging for service) throws your lot in with all of the customers of that service and buying a VPS on the cheap (e.g. Amazon EC2) means you end up at least partially sharing the reputation of everyone else using the same low-rent provider. It's unfortunate, but as the net has matured it has taken on some of the same features as the real world; the market value your home (real or presumed) is a source of prejudices made tangible in how likely strangers are to trust you.
participants (3)
-
Bill Cole -
Dennis Putnam -
Mark Sapiro