All of a sudden it seems that mailman is adding an address to the CC field. It's a bad address, of the form xxxxxx@mailman.utm.edu (this is our mailman box). It's happened to a couple of people, posting to different lists. It's normally a first name like Thomas@mailman.utm.edu I don't see anything in the mailman logs and SOMETIMES do see it in the /var/log/maillog file (but not always). Crazy behavior... We're at version 2.1.7 I've restarted the box in hopes it'll help. No changes have been made to mailman in months.
Bruce Harrison UT Martin
Not positive, but I can't find anything. Users are using outlook & exchange. We've been thru all logs, etc. the bad address is there coming into exchange. Local smtp logs on mailman box does show bad address (but not always).
Bruce utmOITS
On Mar 13, 2013, at 10:29 AM, "Carl Zwanzig" <cpz@tuunq.com> wrote:
Bruce Harrison wrote:
All of a sudden it seems that mailman is adding an address to the CC field. It's a bad address, of the form xxxxxx@mailman.utm.edu (this is our mailman box). It's happened to a couple of people, posting to different lists. It's normally a first name like Thomas@mailman.utm.edu
So this only occurs with some posts and is not always the same address?
Is the poster doing something like
Cc: Thomas, Bill <bt@example.com>
which is really two addresses, the local address Thomas and bt@example.com, and then the MTA qualifies the local address by adding the local domain.
(The correct form of the above would be
Cc: "Thomas, Bill" <bt@example.com>
or
Cc: Thomas\, Bill <bt@example.com> )
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 3/13/2013 5:04 PM, Bruce Harrison wrote:
That is true. I've seen it with 2 different users and 2 different lists. I can't reproduce it reliabley either. At this point I'm looking for ideas on where to look for data, etc.
Is the Cc: in the message in the Digest. What does it look like there? How about in the archives/private/LISTNAME.mbox/LISTNAME.mbox file?
I think the above will reproduce it.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
It's possible the user might be doing something like that, but I don't think so. If it was a good email address, it would seem more likely...
I'll keep watching it. I have a feeling outlook autocomplete might be involved. However in the outlook sent folder, the bogus address isn't shown...
Bruce utmOITS
On Mar 13, 2013, at 6:34 PM, "Mark Sapiro" <mark@msapiro.net> wrote:
Bruce Harrison wrote
I'll keep watching it. I have a feeling outlook autocomplete might be involved. However in the outlook sent folder, the bogus address isn't shown...
What exactly is in the headers in the outlook sent folder?
Does the string 'Thomas' or whatever the local part of the bogas address is appear anywhere in the headers of the message in the outlook sent folder?
I think you misunderstand what I was suggesting? I was suggesting a Cc: of the form Thomas, Bill <bill.thomas@example.com>. I.e. an address like bill.thomas@example.com with a display name of Thomas, Bill, but improperly/incompletely quoted so that it is actually two addresses; the address <bill.thomas@example.com> with display name Bill and the local address Thomas.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
OK, there are no headers in the Sent folder as the mail message gets copied in there before it goes thru the mail systems, so nothing header wise to see there.
Below is a message showing the problem and then it's headers. In this message, the bogus email address is Judy@mailman.utm.edu
MESSAGE
From: Terry Lewis <tlewis@utm.edu> Date: Wednesday, March 13, 2013 7:31 AM To: "utmcc-l@mailman.utm.edu" <utmcc-l@mailman.utm.edu> Cc: Judy Sandefer <jsandefer@utm.edu>, "Judy@mailman.utm.edu" <Judy@mailman.utm.edu>, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu> Subject: [utmcc-l] Nicholas Fortner
Good morning everyone,
Angela just sent me a text message and said that Nicholas is doing better. He has a concussion and it will just take some time to heal. They are hoping to come home this afternoon.
Terry
HEADERS
Received: from mailman.utm.edu (10.51.0.150) by EXCH2010CAS1.utm.edu (10.51.0.155) with Microsoft SMTP Server id 14.1.438.0; Wed, 13 Mar 2013 08:31:12 -0500 Received: from mailman.utm.edu (localhost [127.0.0.1]) by mailman.utm.edu (8.12.11.20060308/8.12.11) with ESMTP id r2DDVC7M000511; Wed, 13 Mar 2013 08:31:12 -0500 Received: from mxout1.utm.edu (mxout1.utm.edu [10.50.0.24]) by mailman.utm.edu (8.12.11.20060308/8.12.11) with ESMTP id r2DDVB4i000508 for <utmcc-l@mailman.utm.edu>; Wed, 13 Mar 2013 08:31:11 -0500 X-ASG-Debug-ID: 1363181471-0d4900b50000-NrrYJE X-Barracuda-URL: http://10.50.0.24:8000/cgi-bin/mark.cgi Received: from EXCH2010CAS2.utm.edu (unknown [10.51.0.157]) by mxout1.utm.edu (Spam Firewall) with ESMTP id 5668DBE2E92 for <utmcc-l@mailman.utm.edu>; Wed, 13 Mar 2013 08:31:11 -0500 (CDT) Received: from EXCH2010CAS2.utm.edu ([10.51.0.157]) by mxout1.utm.edu with ESMTP id 8N1xMQ7ytZvzT7vV (version=TLSv1 cipher=AES128-SHA bits=128 verify=NO) for <utmcc-l@mailman.utm.edu>; Wed, 13 Mar 2013 08:31:11 -0500 (CDT) Received: from EXCH2010MBOX1.utm.edu ([fe80::5961:6b87:ea8f:43d]) by EXCH2010CAS2.utm.edu ([::1]) with mapi id 14.01.0438.000; Wed, 13 Mar 2013 08:31:11 -0500 From: Terry Lewis <tlewis@utm.edu> To: "'utmcc-l@mailman.utm.edu'" <utmcc-l@mailman.utm.edu> X-ASG-Orig-Subj: Nicholas Fortner Thread-Topic: Nicholas Fortner Thread-Index: Ac4f7tbBnHG215KtSnq6fTwkikyGzA== Date: Wed, 13 Mar 2013 13:31:10 +0000 Message-ID: <987D01F3928EEA449882058E992BDE1D01027F5E5A@EXCH2010MBOX1.utm.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.51.0.150] MIME-Version: 1.0 X-Barracuda-Connect: UNKNOWN[10.51.0.157] X-Barracuda-Start-Time: 1363181471 X-Barracuda-Encrypted: AES128-SHA X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at utm.edu X-Barracuda-Spam-Score: -1002.00 X-Barracuda-Spam-Status: No, SCORE=-1002.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 CC: Sandefer <jsandefer@utm.edu>, <Judy@mailman.utm.edu>, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu> Subject: [utmcc-l] Nicholas Fortner X-BeenThere: utmcc-l@mailman.utm.edu X-Mailman-Version: 2.1.7 Precedence: list List-Id: UTM Office of Information Technology Services Mailing List <utmcc-l.mailman.utm.edu> List-Unsubscribe: <http://mailman.utm.edu/mailman/listinfo/utmcc-l>, <mailto:utmcc-l-request@mailman.utm.edu?subject=unsubscribe> List-Post: <mailto:utmcc-l@mailman.utm.edu> List-Help: <mailto:utmcc-l-request@mailman.utm.edu?subject=help> List-Subscribe: <http://mailman.utm.edu/mailman/listinfo/utmcc-l>, <mailto:utmcc-l-request@mailman.utm.edu?subject=subscribe> Sender: <utmcc-l-bounces@mailman.utm.edu> Errors-To: utmcc-l-bounces@mailman.utm.edu Return-Path: utmcc-l-bounces@mailman.utm.edu X-MS-Exchange-Organization-AuthSource: EXCH2010CAS1.utm.edu X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Organization-PRD: mailman.utm.edu X-MS-Exchange-Organization-SenderIdResult: None Received-SPF: None (EXCH2010CAS1.utm.edu: utmcc-l-bounces@mailman.utm.edu does not designate permitted sender hosts) Content-type: multipart/mixed; boundary="B_3446098742_40764905"
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.
--B_3446098742_40764905 Content-type: multipart/alternative; boundary="B_3446098742_40796425"
--B_3446098742_40796425 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit
Good morning everyone,
Angela just sent me a text message and said that Nicholas is doing better. He has a concussion and it will just take some time to heal. They are hoping to come home this afternoon.
Terry
--B_3446098742_40796425 Content-type: text/html; charset="US-ASCII" Content-transfer-encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsof= t-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m= =3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org= /TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8"> <meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif";} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"EN-US" link=3D"blue" vlink=3D"purple"> <div class=3D"WordSection1"> <p class=3D"MsoNormal">Good morning everyone,<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Angela just sent me a text message and said that Nicho= las is doing better. He has a concussion and it will just take some ti= me to heal. They are hoping to come home this afternoon.<o:p></o:p></p=
<p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Terry<o:p></o:p></p> </div> </body> </html>
--B_3446098742_40796425--
--B_3446098742_40764905 Content-type: text/plain; name="ATT00001.txt" Content-ID: <F975D7DB52227D46975B3A94262D0CDA@utm.edu> Content-disposition: attachment; filename="ATT00001.txt" Content-transfer-encoding: base64
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCnV0bWNj LWwgbWFpbGluZyBsaXN0DQp1dG1jYy1sQG1haWxtYW4udXRtLmVkdQ0KaHR0cDovL21haWxt YW4udXRtLmVkdS9tYWlsbWFuL2xpc3RpbmZvL3V0bWNjLWwNCg== --B_3446098742_40764905--
Corey Jones Sr Computer Systems Specialist IT Administrator III Information Technology Services The University of Tennessee at Martin 731-881-7872 (ph) cjones@utm.edu
-----Original Message----- From: Mark Sapiro [mailto:mark@msapiro.net] Sent: Thursday, March 14, 2013 12:38 AM To: Bruce Harrison Cc: mailman-users@python.org Subject: Re: [Mailman-Users] strange problem
Bruce Harrison wrote
I'll keep watching it. I have a feeling outlook autocomplete might be involved. However in the outlook sent folder, the bogus address isn't shown...
What exactly is in the headers in the outlook sent folder?
Does the string 'Thomas' or whatever the local part of the bogas address is appear anywhere in the headers of the message in the outlook sent folder?
I think you misunderstand what I was suggesting? I was suggesting a Cc: of the form Thomas, Bill <bill.thomas@example.com>. I.e. an address like bill.thomas@example.com with a display name of Thomas, Bill, but improperly/incompletely quoted so that it is actually two addresses; the address <bill.thomas@example.com> with display name Bill and the local address Thomas.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 3/14/2013 9:39 AM, Bruce Harrison wrote:
OK, there are no headers in the Sent folder as the mail message gets copied in there before it goes thru the mail systems, so nothing header wise to see there.
If the message in the sent folder has no Cc: information, then where does it come from?
I am not familiar with Outlook, but most MUAs compose an RFC822 compliant message with at least From:, To:, Cc:, Subject:, Date: and maybe Message-ID: headers and that's what goes in a sent folder.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 3/14/2013 9:39 AM, Bruce Harrison wrote:
Below is a message showing the problem and then it's headers. In this message, the bogus email address is Judy@mailman.utm.edu
I just noticed something else.
This Cc:, apparently shown by outlook or ?? shows "Judy Sandefer <jsandefer@utm.edu>,"
Whereas this one shows only "Sandefer <jsandefer@utm.edu>,". I.e., it appears that for some reason, something has separated the "Judy" from the display name "Judy Sandifer" and is treating it as a separate, local address.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Interesting... jsandefer@utm.edu is a good address I'm still suspecting the autocomplete in Outlook, but we can't make it repeat. We've also seen this happen on both a Mac and a PC, with 2-3 different people...
Bruce
-----Original Message----- From: Mark Sapiro [mailto:mark@msapiro.net] Sent: Thursday, March 14, 2013 12:13 PM To: Bruce Harrison Cc: mailman-users@python.org Subject: Re: [Mailman-Users] strange problem
On 3/14/2013 9:39 AM, Bruce Harrison wrote:
Below is a message showing the problem and then it's headers. In this message, the bogus email address is Judy@mailman.utm.edu
I just noticed something else.
This Cc:, apparently shown by outlook or ?? shows "Judy Sandefer <jsandefer@utm.edu>,"
Whereas this one shows only "Sandefer <jsandefer@utm.edu>,". I.e., it appears that for some reason, something has separated the "Judy" from the display name "Judy Sandifer" and is treating it as a separate, local address.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 3/14/2013 10:17 AM, Bruce Harrison wrote:
I'm still suspecting the autocomplete in Outlook, but we can't make it repeat.
If you want to see what arrives to Mailman, you can do the following:
See the FAQ at <http://wiki.list.org/x/l4A9> on custom handlers.
Code the following custom handler and save it as Mailman/Handlers/MyHandler.py.
cut here--------------------------------------------------------------- from Mailman.Logging.Syslog import syslog
def process(mlist, msg, msgdata): if msg.get('cc'): syslog('debug', 'Message to %s has Cc: %s', mlist.internal_name, msg['cc'] ) cut here---------------------------------------------------------------
Put this handler first in the pipeline by putting
GLOBAL_PIPELINE.insert(0, 'MyHandler')
in mm_cfg.py and restart Mailman.
This will log all incoming Cc: headers in Mailman's logs/debug log. When you've seen enough, you can remove
GLOBAL_PIPELINE.insert(0, 'MyHandler')
from mm_cfg.py and restart Mailman.
You could also ask those people whose good addresses are in Cc: what the headers look like in the message they received.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I see the conversation has continued as I wrote. I'll try to avoid duplication, but it would be a mess to rewrite the whole thing.
Bruce Harrison writes:
As Mark says, there must be some addressee information somewhere, otherwise the Sent folder couldn't display To and Cc information for you. That's the information we need to see.
HEADERS
I've "cleaned up" to include only information I've used, but thank you for sending the complete headers.
I don't understand why the EXCH2010CAS2 -> mxout1 field is repeated; I guess that has something to do with spam filtering since mxout1 identifies itself differently in the two fields (not shown here). Ditto the mail from mailman.utm.edu to itself.
Unfortunately, these headers are clearly from after Mailman processed the message, so it's not possible to determine where the bogus address was introduced. Looking at the Received fields, there are several candidates that might rewrite headers:
- tlewis's MUA (Outlook)
- the MTA that received the message from the user (EXCH2010MBOX1.utm.edu)
- the spam checker (Barracuda, which is evidently a piece of trash -- it inserts its trace headers out of order in a random place)
- an internal MTA (EXCH2010CAS2.utm.edu aka 10.51.0.157)
- the university's MTA on the spam firewall (mxout1.utm.edu)
- Mailman
- Mailman's outgoing MTA (mailman.utm.edu)
CC: Sandefer <jsandefer@utm.edu>, Judy, Edie Gibson <edgibson>, Thomas Rakes <trakes@utm.edu>and either Mailman or mailman.utm.edu's MTA completed "Judy" to "<Judy@mailman.utm.edu>".
You shouldn't expect it to be. You should expect just "Judy" by itself somewhere, surrounded by commas as above.
My guess is that the user entered "Sandefer, Judy" (perhaps with help from copy-and-paste or a completion feature), which Outlook completed to "Sandefer <jsandefer@utm.edu>, Judy" because it knows who "Sandefer" is, but not who "Judy" is. It might even know who "Sandefer Judy" is, but inserting a comma makes "Judy" a separate addressee. It then abandoned responsibility for the bogus data and just passed it on verbatim to the next program in the chain, and this irresponsibility continued through the entire UTM system until Mailman (or its MTA) said "hey, wait, *somebody* has to take ownership of this before it gets to the outside world and I guess that's me!"
Earlier Mark wrote:
This wouldn't produce the effect above, though, where the complete address gets the surname and the bogus address is based on the given name (the reverse of what Mark is suggesting).
Stephen,
Thanks for a good, detailed explanation. Our one remaining Barracuda boxes is an outgoing mail filter, used mainly to keep a "bad" users or malware from spamming from a utm.edu address. We'll be moving to FOPE with Microsoft in the future (currently does our in-bound mail filtering). In Outlook, you can open a mail message, then have it display the actual headers. When looking at a "Sent" message, there are no headers at all. Appears to me it just shows what's in the text, including the To:, From:, etc. no real mail headers we can find. I don't know why the headers are repeated... I'm copying our Exchange guy on this note, he may have some ideas.
My mailman box, uses it's own localhost SMTP agent to handle it's mail. SMTP then connects to our main incoming mail host (mx1.utm.edu or xmail.utm.edu). The CAS boxes are of course the CAS servers for Exchange.
I realize my info is somewhat incomplete. The next time it happens, I’m going to try and track it from start to finish, etc. We'll see what happens...
Bruce UTM
-----Original Message----- From: Stephen J. Turnbull [mailto:stephen@xemacs.org] Sent: Thursday, March 14, 2013 2:09 PM To: Bruce Harrison Cc: Mark Sapiro; mailman-users@python.org Subject: Re: [Mailman-Users] strange problem
I see the conversation has continued as I wrote. I'll try to avoid duplication, but it would be a mess to rewrite the whole thing.
Bruce Harrison writes:
OK, there are no headers in the Sent folder as the mail message > gets copied in there before it goes thru the mail systems, so > nothing header wise to see there.
As Mark says, there must be some addressee information somewhere, otherwise the Sent folder couldn't display To and Cc information for you. That's the information we need to see.
Below is a message showing the problem and then it's headers. In > this message, the bogus email address is Judy@mailman.utm.edu > > MESSAGE > ======== > From: Terry Lewis <tlewis@utm.edu> > Date: Wednesday, March 13, 2013 7:31 AM > To: "utmcc-l@mailman.utm.edu" <utmcc-l@mailman.utm.edu> > Cc: Judy Sandefer <jsandefer@utm.edu>, "Judy@mailman.utm.edu" <Judy@mailman.utm.edu>, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu> > Subject: [utmcc-l] Nicholas Fortner
HEADERS
I've "cleaned up" to include only information I've used, but thank you for sending the complete headers.
I don't understand why the EXCH2010CAS2 -> mxout1 field is repeated; I guess that has something to do with spam filtering since mxout1 identifies itself differently in the two fields (not shown here). Ditto the mail from mailman.utm.edu to itself.
Received: from mailman.utm.edu by EXCH2010CAS1.utm.edu > Received: from mailman.utm.edu by mailman.utm.edu > Received: from mxout1.utm.edu by mailman.utm.edu > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu > Received: from EXCH2010MBOX1.utm.edu by EXCH2010CAS2.utm.edu > From: Terry Lewis <tlewis@utm.edu> > To: "'utmcc-l@mailman.utm.edu'" <utmcc-l@mailman.utm.edu> > X-Barracuda-Connect: UNKNOWN[10.51.0.157] > CC: Sandefer <jsandefer@utm.edu>, <Judy@mailman.utm.edu>, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu>
Unfortunately, these headers are clearly from after Mailman processed the message, so it's not possible to determine where the bogus address was introduced. Looking at the Received fields, there are several candidates that might rewrite headers:
- tlewis's MUA (Outlook)
- the MTA that received the message from the user (EXCH2010MBOX1.utm.edu) 3. the spam checker (Barracuda, which is evidently a piece of trash -- it inserts its trace headers out of order in a random place) 4. an internal MTA (EXCH2010CAS2.utm.edu aka 10.51.0.157) 5. the university's MTA on the spam firewall (mxout1.utm.edu) 6. Mailman 7. Mailman's outgoing MTA (mailman.utm.edu)
From the choice of bogus address (@mailman.utm.edu), it's almost certainly Mailman or mailman.utm.edu. The other agents don't have the right (and probably not the knowledge) to use that address. Almost certainly Mailman received the header:
CC: Sandefer <jsandefer@utm.edu>, Judy, Edie Gibson <edgibson>, Thomas Rakes <trakes@utm.edu>and either Mailman or mailman.utm.edu's MTA completed "Judy" to "<Judy@mailman.utm.edu>".
I'll keep watching it. I have a feeling outlook autocomplete > >might be involved. However in the outlook sent folder, the bogus > >address isn't shown...
You shouldn't expect it to be. You should expect just "Judy" by itself somewhere, surrounded by commas as above.
My guess is that the user entered "Sandefer, Judy" (perhaps with help from copy-and-paste or a completion feature), which Outlook completed to "Sandefer <jsandefer@utm.edu>, Judy" because it knows who "Sandefer" is, but not who "Judy" is. It might even know who "Sandefer Judy" is, but inserting a comma makes "Judy" a separate addressee. It then abandoned responsibility for the bogus data and just passed it on verbatim to the next program in the chain, and this irresponsibility continued through the entire UTM system until Mailman (or its MTA) said "hey, wait, *somebody* has to take ownership of this before it gets to the outside world and I guess that's me!"
Earlier Mark wrote:
I think you misunderstand what I was suggesting? I was suggesting a > Cc: of the form Thomas, Bill <bill.thomas@example.com>. I.e. an > address like bill.thomas@example.com with a display name of Thomas, > Bill, but improperly/incompletely quoted so that it is actually two > addresses; the address <bill.thomas@example.com> with display name > Bill and the local address Thomas.
This wouldn't produce the effect above, though, where the complete address gets the surname and the bogus address is based on the given name (the reverse of what Mark is suggesting).
Bruce Harrison writes:
Thanks for a good, detailed explanation.
You're welcome. This kind of problem gets sadly technical really quickly.
Our one remaining Barracuda boxes is an outgoing mail filter,
I really should keep my random opinions to myself. I'm sure it does a good job, I was just annoyed that it made tracing the message harder.
Perhaps when sending a message Outlook parses those headers in the text to get the information it gives to the MTA as envelope addresses. What does the CC in the "Sent" message (any view you can get of it!) have related to "Judy", if anything?
I don't know why the headers are repeated... I'm copying our Exchange guy on this note, he may have some ideas.
Not terribly important, since we don't think the Exchange boxes are doing anything except passing on a bare "Judy" in the CC field. But without copies of the queuefiles we can't tell where it was introduced.
"Judy@mailman.utm.edu" was not in the Sent folder message at all.
Bruce
-----Original Message----- From: Stephen J. Turnbull [mailto:stephen@xemacs.org] Sent: Thursday, March 14, 2013 5:13 PM To: Bruce Harrison Cc: Terry Lewis; mailman-users@python.org; Corey Jones Subject: Re: [Mailman-Users] strange problem
Bruce Harrison writes:
Thanks for a good, detailed explanation.
You're welcome. This kind of problem gets sadly technical really quickly.
Our one remaining Barracuda boxes is an outgoing mail filter,
I really should keep my random opinions to myself. I'm sure it does a good job, I was just annoyed that it made tracing the message harder.
In Outlook, you can open a mail message, then have it display the > actual headers. When looking at a "Sent" message, there are no > headers at all. Appears to me it just shows what's in the text, > including the To:, From:, etc. no real mail headers we can find.
Perhaps when sending a message Outlook parses those headers in the text to get the information it gives to the MTA as envelope addresses. What does the CC in the "Sent" message (any view you can get of it!) have related to "Judy", if anything?
I don't know why the headers are repeated... I'm copying our > Exchange guy on this note, he may have some ideas.
Not terribly important, since we don't think the Exchange boxes are doing anything except passing on a bare "Judy" in the CC field. But without copies of the queuefiles we can't tell where it was introduced.
On 3/14/2013 3:22 PM, Bruce Harrison wrote:
"Judy@mailman.utm.edu" was not in the Sent folder message at all.
We understand that and never expected it to be. The question is in exactly what context in the Cc: in the sent folder is "Judy" found.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro writes:
To be specific, we expect something like
CC: Sandefer <jsandefer@utm.edu>, Judy, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu>or perhaps
CC: Sandefer, Judy, Edie Gibson, Thomas Rakesor some mixture of the above. The important thing is the four-letter string "Judy" being set off from other names and/or addresses by commas (and optionally white space). Even though a human would be able to infer three addressees from the second example, a standard- conforming program would not; it would see four addressees.
We could also be totally off-base, but I don't see how any of the programs farther down the pipeline (except maybe the Exchange server?) would have any information at all about "Judy" that would cause that string to appear in the header of the message later. So we're pretty sure that it has to be coming from Outlook. It would be nice to find out exactly where from and what it looks like.
I hope the voice recognition on my phone works well for this I have unusual challenges at the moment so this is the best I can do as a response .
here's my theory. outlook makes a compliant message with the CC header that happens to be folded on the white space in the middle of a display name .
some agent other than mailman, because mailman doesn't do it according to my tests at least with the email package I test it with , sees the hanging first part of the display name at the end of the first line of the CC header and interprets that as a local address and then qualifies it with the domain
whatever agent or appliance this is lives within the same domain as the mailman server.
Mark Sapiro <mark@msapiro.net> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Not positive, but I can't find anything. Users are using outlook & exchange. We've been thru all logs, etc. the bad address is there coming into exchange. Local smtp logs on mailman box does show bad address (but not always).
Bruce utmOITS
On Mar 13, 2013, at 10:29 AM, "Carl Zwanzig" <cpz@tuunq.com> wrote:
Bruce Harrison wrote:
All of a sudden it seems that mailman is adding an address to the CC field. It's a bad address, of the form xxxxxx@mailman.utm.edu (this is our mailman box). It's happened to a couple of people, posting to different lists. It's normally a first name like Thomas@mailman.utm.edu
So this only occurs with some posts and is not always the same address?
Is the poster doing something like
Cc: Thomas, Bill <bt@example.com>
which is really two addresses, the local address Thomas and bt@example.com, and then the MTA qualifies the local address by adding the local domain.
(The correct form of the above would be
Cc: "Thomas, Bill" <bt@example.com>
or
Cc: Thomas\, Bill <bt@example.com> )
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 3/13/2013 5:04 PM, Bruce Harrison wrote:
That is true. I've seen it with 2 different users and 2 different lists. I can't reproduce it reliabley either. At this point I'm looking for ideas on where to look for data, etc.
Is the Cc: in the message in the Digest. What does it look like there? How about in the archives/private/LISTNAME.mbox/LISTNAME.mbox file?
I think the above will reproduce it.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
It's possible the user might be doing something like that, but I don't think so. If it was a good email address, it would seem more likely...
I'll keep watching it. I have a feeling outlook autocomplete might be involved. However in the outlook sent folder, the bogus address isn't shown...
Bruce utmOITS
On Mar 13, 2013, at 6:34 PM, "Mark Sapiro" <mark@msapiro.net> wrote:
Bruce Harrison wrote
I'll keep watching it. I have a feeling outlook autocomplete might be involved. However in the outlook sent folder, the bogus address isn't shown...
What exactly is in the headers in the outlook sent folder?
Does the string 'Thomas' or whatever the local part of the bogas address is appear anywhere in the headers of the message in the outlook sent folder?
I think you misunderstand what I was suggesting? I was suggesting a Cc: of the form Thomas, Bill <bill.thomas@example.com>. I.e. an address like bill.thomas@example.com with a display name of Thomas, Bill, but improperly/incompletely quoted so that it is actually two addresses; the address <bill.thomas@example.com> with display name Bill and the local address Thomas.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
OK, there are no headers in the Sent folder as the mail message gets copied in there before it goes thru the mail systems, so nothing header wise to see there.
Below is a message showing the problem and then it's headers. In this message, the bogus email address is Judy@mailman.utm.edu
MESSAGE
From: Terry Lewis <tlewis@utm.edu> Date: Wednesday, March 13, 2013 7:31 AM To: "utmcc-l@mailman.utm.edu" <utmcc-l@mailman.utm.edu> Cc: Judy Sandefer <jsandefer@utm.edu>, "Judy@mailman.utm.edu" <Judy@mailman.utm.edu>, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu> Subject: [utmcc-l] Nicholas Fortner
Good morning everyone,
Angela just sent me a text message and said that Nicholas is doing better. He has a concussion and it will just take some time to heal. They are hoping to come home this afternoon.
Terry
HEADERS
Received: from mailman.utm.edu (10.51.0.150) by EXCH2010CAS1.utm.edu (10.51.0.155) with Microsoft SMTP Server id 14.1.438.0; Wed, 13 Mar 2013 08:31:12 -0500 Received: from mailman.utm.edu (localhost [127.0.0.1]) by mailman.utm.edu (8.12.11.20060308/8.12.11) with ESMTP id r2DDVC7M000511; Wed, 13 Mar 2013 08:31:12 -0500 Received: from mxout1.utm.edu (mxout1.utm.edu [10.50.0.24]) by mailman.utm.edu (8.12.11.20060308/8.12.11) with ESMTP id r2DDVB4i000508 for <utmcc-l@mailman.utm.edu>; Wed, 13 Mar 2013 08:31:11 -0500 X-ASG-Debug-ID: 1363181471-0d4900b50000-NrrYJE X-Barracuda-URL: http://10.50.0.24:8000/cgi-bin/mark.cgi Received: from EXCH2010CAS2.utm.edu (unknown [10.51.0.157]) by mxout1.utm.edu (Spam Firewall) with ESMTP id 5668DBE2E92 for <utmcc-l@mailman.utm.edu>; Wed, 13 Mar 2013 08:31:11 -0500 (CDT) Received: from EXCH2010CAS2.utm.edu ([10.51.0.157]) by mxout1.utm.edu with ESMTP id 8N1xMQ7ytZvzT7vV (version=TLSv1 cipher=AES128-SHA bits=128 verify=NO) for <utmcc-l@mailman.utm.edu>; Wed, 13 Mar 2013 08:31:11 -0500 (CDT) Received: from EXCH2010MBOX1.utm.edu ([fe80::5961:6b87:ea8f:43d]) by EXCH2010CAS2.utm.edu ([::1]) with mapi id 14.01.0438.000; Wed, 13 Mar 2013 08:31:11 -0500 From: Terry Lewis <tlewis@utm.edu> To: "'utmcc-l@mailman.utm.edu'" <utmcc-l@mailman.utm.edu> X-ASG-Orig-Subj: Nicholas Fortner Thread-Topic: Nicholas Fortner Thread-Index: Ac4f7tbBnHG215KtSnq6fTwkikyGzA== Date: Wed, 13 Mar 2013 13:31:10 +0000 Message-ID: <987D01F3928EEA449882058E992BDE1D01027F5E5A@EXCH2010MBOX1.utm.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.51.0.150] MIME-Version: 1.0 X-Barracuda-Connect: UNKNOWN[10.51.0.157] X-Barracuda-Start-Time: 1363181471 X-Barracuda-Encrypted: AES128-SHA X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at utm.edu X-Barracuda-Spam-Score: -1002.00 X-Barracuda-Spam-Status: No, SCORE=-1002.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 CC: Sandefer <jsandefer@utm.edu>, <Judy@mailman.utm.edu>, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu> Subject: [utmcc-l] Nicholas Fortner X-BeenThere: utmcc-l@mailman.utm.edu X-Mailman-Version: 2.1.7 Precedence: list List-Id: UTM Office of Information Technology Services Mailing List <utmcc-l.mailman.utm.edu> List-Unsubscribe: <http://mailman.utm.edu/mailman/listinfo/utmcc-l>, <mailto:utmcc-l-request@mailman.utm.edu?subject=unsubscribe> List-Post: <mailto:utmcc-l@mailman.utm.edu> List-Help: <mailto:utmcc-l-request@mailman.utm.edu?subject=help> List-Subscribe: <http://mailman.utm.edu/mailman/listinfo/utmcc-l>, <mailto:utmcc-l-request@mailman.utm.edu?subject=subscribe> Sender: <utmcc-l-bounces@mailman.utm.edu> Errors-To: utmcc-l-bounces@mailman.utm.edu Return-Path: utmcc-l-bounces@mailman.utm.edu X-MS-Exchange-Organization-AuthSource: EXCH2010CAS1.utm.edu X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Organization-PRD: mailman.utm.edu X-MS-Exchange-Organization-SenderIdResult: None Received-SPF: None (EXCH2010CAS1.utm.edu: utmcc-l-bounces@mailman.utm.edu does not designate permitted sender hosts) Content-type: multipart/mixed; boundary="B_3446098742_40764905"
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.
--B_3446098742_40764905 Content-type: multipart/alternative; boundary="B_3446098742_40796425"
--B_3446098742_40796425 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit
Good morning everyone,
Angela just sent me a text message and said that Nicholas is doing better. He has a concussion and it will just take some time to heal. They are hoping to come home this afternoon.
Terry
--B_3446098742_40796425 Content-type: text/html; charset="US-ASCII" Content-transfer-encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsof= t-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m= =3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org= /TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8"> <meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif";} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"EN-US" link=3D"blue" vlink=3D"purple"> <div class=3D"WordSection1"> <p class=3D"MsoNormal">Good morning everyone,<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Angela just sent me a text message and said that Nicho= las is doing better. He has a concussion and it will just take some ti= me to heal. They are hoping to come home this afternoon.<o:p></o:p></p=
<p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Terry<o:p></o:p></p> </div> </body> </html>
--B_3446098742_40796425--
--B_3446098742_40764905 Content-type: text/plain; name="ATT00001.txt" Content-ID: <F975D7DB52227D46975B3A94262D0CDA@utm.edu> Content-disposition: attachment; filename="ATT00001.txt" Content-transfer-encoding: base64
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCnV0bWNj LWwgbWFpbGluZyBsaXN0DQp1dG1jYy1sQG1haWxtYW4udXRtLmVkdQ0KaHR0cDovL21haWxt YW4udXRtLmVkdS9tYWlsbWFuL2xpc3RpbmZvL3V0bWNjLWwNCg== --B_3446098742_40764905--
Corey Jones Sr Computer Systems Specialist IT Administrator III Information Technology Services The University of Tennessee at Martin 731-881-7872 (ph) cjones@utm.edu
-----Original Message----- From: Mark Sapiro [mailto:mark@msapiro.net] Sent: Thursday, March 14, 2013 12:38 AM To: Bruce Harrison Cc: mailman-users@python.org Subject: Re: [Mailman-Users] strange problem
Bruce Harrison wrote
I'll keep watching it. I have a feeling outlook autocomplete might be involved. However in the outlook sent folder, the bogus address isn't shown...
What exactly is in the headers in the outlook sent folder?
Does the string 'Thomas' or whatever the local part of the bogas address is appear anywhere in the headers of the message in the outlook sent folder?
I think you misunderstand what I was suggesting? I was suggesting a Cc: of the form Thomas, Bill <bill.thomas@example.com>. I.e. an address like bill.thomas@example.com with a display name of Thomas, Bill, but improperly/incompletely quoted so that it is actually two addresses; the address <bill.thomas@example.com> with display name Bill and the local address Thomas.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 3/14/2013 9:39 AM, Bruce Harrison wrote:
OK, there are no headers in the Sent folder as the mail message gets copied in there before it goes thru the mail systems, so nothing header wise to see there.
If the message in the sent folder has no Cc: information, then where does it come from?
I am not familiar with Outlook, but most MUAs compose an RFC822 compliant message with at least From:, To:, Cc:, Subject:, Date: and maybe Message-ID: headers and that's what goes in a sent folder.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 3/14/2013 9:39 AM, Bruce Harrison wrote:
Below is a message showing the problem and then it's headers. In this message, the bogus email address is Judy@mailman.utm.edu
I just noticed something else.
This Cc:, apparently shown by outlook or ?? shows "Judy Sandefer <jsandefer@utm.edu>,"
Whereas this one shows only "Sandefer <jsandefer@utm.edu>,". I.e., it appears that for some reason, something has separated the "Judy" from the display name "Judy Sandifer" and is treating it as a separate, local address.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Interesting... jsandefer@utm.edu is a good address I'm still suspecting the autocomplete in Outlook, but we can't make it repeat. We've also seen this happen on both a Mac and a PC, with 2-3 different people...
Bruce
-----Original Message----- From: Mark Sapiro [mailto:mark@msapiro.net] Sent: Thursday, March 14, 2013 12:13 PM To: Bruce Harrison Cc: mailman-users@python.org Subject: Re: [Mailman-Users] strange problem
On 3/14/2013 9:39 AM, Bruce Harrison wrote:
Below is a message showing the problem and then it's headers. In this message, the bogus email address is Judy@mailman.utm.edu
I just noticed something else.
This Cc:, apparently shown by outlook or ?? shows "Judy Sandefer <jsandefer@utm.edu>,"
Whereas this one shows only "Sandefer <jsandefer@utm.edu>,". I.e., it appears that for some reason, something has separated the "Judy" from the display name "Judy Sandifer" and is treating it as a separate, local address.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 3/14/2013 10:17 AM, Bruce Harrison wrote:
I'm still suspecting the autocomplete in Outlook, but we can't make it repeat.
If you want to see what arrives to Mailman, you can do the following:
See the FAQ at <http://wiki.list.org/x/l4A9> on custom handlers.
Code the following custom handler and save it as Mailman/Handlers/MyHandler.py.
cut here--------------------------------------------------------------- from Mailman.Logging.Syslog import syslog
def process(mlist, msg, msgdata): if msg.get('cc'): syslog('debug', 'Message to %s has Cc: %s', mlist.internal_name, msg['cc'] ) cut here---------------------------------------------------------------
Put this handler first in the pipeline by putting
GLOBAL_PIPELINE.insert(0, 'MyHandler')
in mm_cfg.py and restart Mailman.
This will log all incoming Cc: headers in Mailman's logs/debug log. When you've seen enough, you can remove
GLOBAL_PIPELINE.insert(0, 'MyHandler')
from mm_cfg.py and restart Mailman.
You could also ask those people whose good addresses are in Cc: what the headers look like in the message they received.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I see the conversation has continued as I wrote. I'll try to avoid duplication, but it would be a mess to rewrite the whole thing.
Bruce Harrison writes:
As Mark says, there must be some addressee information somewhere, otherwise the Sent folder couldn't display To and Cc information for you. That's the information we need to see.
HEADERS
I've "cleaned up" to include only information I've used, but thank you for sending the complete headers.
I don't understand why the EXCH2010CAS2 -> mxout1 field is repeated; I guess that has something to do with spam filtering since mxout1 identifies itself differently in the two fields (not shown here). Ditto the mail from mailman.utm.edu to itself.
Unfortunately, these headers are clearly from after Mailman processed the message, so it's not possible to determine where the bogus address was introduced. Looking at the Received fields, there are several candidates that might rewrite headers:
- tlewis's MUA (Outlook)
- the MTA that received the message from the user (EXCH2010MBOX1.utm.edu)
- the spam checker (Barracuda, which is evidently a piece of trash -- it inserts its trace headers out of order in a random place)
- an internal MTA (EXCH2010CAS2.utm.edu aka 10.51.0.157)
- the university's MTA on the spam firewall (mxout1.utm.edu)
- Mailman
- Mailman's outgoing MTA (mailman.utm.edu)
CC: Sandefer <jsandefer@utm.edu>, Judy, Edie Gibson <edgibson>, Thomas Rakes <trakes@utm.edu>and either Mailman or mailman.utm.edu's MTA completed "Judy" to "<Judy@mailman.utm.edu>".
You shouldn't expect it to be. You should expect just "Judy" by itself somewhere, surrounded by commas as above.
My guess is that the user entered "Sandefer, Judy" (perhaps with help from copy-and-paste or a completion feature), which Outlook completed to "Sandefer <jsandefer@utm.edu>, Judy" because it knows who "Sandefer" is, but not who "Judy" is. It might even know who "Sandefer Judy" is, but inserting a comma makes "Judy" a separate addressee. It then abandoned responsibility for the bogus data and just passed it on verbatim to the next program in the chain, and this irresponsibility continued through the entire UTM system until Mailman (or its MTA) said "hey, wait, *somebody* has to take ownership of this before it gets to the outside world and I guess that's me!"
Earlier Mark wrote:
This wouldn't produce the effect above, though, where the complete address gets the surname and the bogus address is based on the given name (the reverse of what Mark is suggesting).
Stephen,
Thanks for a good, detailed explanation. Our one remaining Barracuda boxes is an outgoing mail filter, used mainly to keep a "bad" users or malware from spamming from a utm.edu address. We'll be moving to FOPE with Microsoft in the future (currently does our in-bound mail filtering). In Outlook, you can open a mail message, then have it display the actual headers. When looking at a "Sent" message, there are no headers at all. Appears to me it just shows what's in the text, including the To:, From:, etc. no real mail headers we can find. I don't know why the headers are repeated... I'm copying our Exchange guy on this note, he may have some ideas.
My mailman box, uses it's own localhost SMTP agent to handle it's mail. SMTP then connects to our main incoming mail host (mx1.utm.edu or xmail.utm.edu). The CAS boxes are of course the CAS servers for Exchange.
I realize my info is somewhat incomplete. The next time it happens, I’m going to try and track it from start to finish, etc. We'll see what happens...
Bruce UTM
-----Original Message----- From: Stephen J. Turnbull [mailto:stephen@xemacs.org] Sent: Thursday, March 14, 2013 2:09 PM To: Bruce Harrison Cc: Mark Sapiro; mailman-users@python.org Subject: Re: [Mailman-Users] strange problem
I see the conversation has continued as I wrote. I'll try to avoid duplication, but it would be a mess to rewrite the whole thing.
Bruce Harrison writes:
OK, there are no headers in the Sent folder as the mail message > gets copied in there before it goes thru the mail systems, so > nothing header wise to see there.
As Mark says, there must be some addressee information somewhere, otherwise the Sent folder couldn't display To and Cc information for you. That's the information we need to see.
Below is a message showing the problem and then it's headers. In > this message, the bogus email address is Judy@mailman.utm.edu > > MESSAGE > ======== > From: Terry Lewis <tlewis@utm.edu> > Date: Wednesday, March 13, 2013 7:31 AM > To: "utmcc-l@mailman.utm.edu" <utmcc-l@mailman.utm.edu> > Cc: Judy Sandefer <jsandefer@utm.edu>, "Judy@mailman.utm.edu" <Judy@mailman.utm.edu>, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu> > Subject: [utmcc-l] Nicholas Fortner
HEADERS
I've "cleaned up" to include only information I've used, but thank you for sending the complete headers.
I don't understand why the EXCH2010CAS2 -> mxout1 field is repeated; I guess that has something to do with spam filtering since mxout1 identifies itself differently in the two fields (not shown here). Ditto the mail from mailman.utm.edu to itself.
Received: from mailman.utm.edu by EXCH2010CAS1.utm.edu > Received: from mailman.utm.edu by mailman.utm.edu > Received: from mxout1.utm.edu by mailman.utm.edu > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu > Received: from EXCH2010MBOX1.utm.edu by EXCH2010CAS2.utm.edu > From: Terry Lewis <tlewis@utm.edu> > To: "'utmcc-l@mailman.utm.edu'" <utmcc-l@mailman.utm.edu> > X-Barracuda-Connect: UNKNOWN[10.51.0.157] > CC: Sandefer <jsandefer@utm.edu>, <Judy@mailman.utm.edu>, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu>
Unfortunately, these headers are clearly from after Mailman processed the message, so it's not possible to determine where the bogus address was introduced. Looking at the Received fields, there are several candidates that might rewrite headers:
- tlewis's MUA (Outlook)
- the MTA that received the message from the user (EXCH2010MBOX1.utm.edu) 3. the spam checker (Barracuda, which is evidently a piece of trash -- it inserts its trace headers out of order in a random place) 4. an internal MTA (EXCH2010CAS2.utm.edu aka 10.51.0.157) 5. the university's MTA on the spam firewall (mxout1.utm.edu) 6. Mailman 7. Mailman's outgoing MTA (mailman.utm.edu)
From the choice of bogus address (@mailman.utm.edu), it's almost certainly Mailman or mailman.utm.edu. The other agents don't have the right (and probably not the knowledge) to use that address. Almost certainly Mailman received the header:
CC: Sandefer <jsandefer@utm.edu>, Judy, Edie Gibson <edgibson>, Thomas Rakes <trakes@utm.edu>and either Mailman or mailman.utm.edu's MTA completed "Judy" to "<Judy@mailman.utm.edu>".
I'll keep watching it. I have a feeling outlook autocomplete > >might be involved. However in the outlook sent folder, the bogus > >address isn't shown...
You shouldn't expect it to be. You should expect just "Judy" by itself somewhere, surrounded by commas as above.
My guess is that the user entered "Sandefer, Judy" (perhaps with help from copy-and-paste or a completion feature), which Outlook completed to "Sandefer <jsandefer@utm.edu>, Judy" because it knows who "Sandefer" is, but not who "Judy" is. It might even know who "Sandefer Judy" is, but inserting a comma makes "Judy" a separate addressee. It then abandoned responsibility for the bogus data and just passed it on verbatim to the next program in the chain, and this irresponsibility continued through the entire UTM system until Mailman (or its MTA) said "hey, wait, *somebody* has to take ownership of this before it gets to the outside world and I guess that's me!"
Earlier Mark wrote:
I think you misunderstand what I was suggesting? I was suggesting a > Cc: of the form Thomas, Bill <bill.thomas@example.com>. I.e. an > address like bill.thomas@example.com with a display name of Thomas, > Bill, but improperly/incompletely quoted so that it is actually two > addresses; the address <bill.thomas@example.com> with display name > Bill and the local address Thomas.
This wouldn't produce the effect above, though, where the complete address gets the surname and the bogus address is based on the given name (the reverse of what Mark is suggesting).
Bruce Harrison writes:
Thanks for a good, detailed explanation.
You're welcome. This kind of problem gets sadly technical really quickly.
Our one remaining Barracuda boxes is an outgoing mail filter,
I really should keep my random opinions to myself. I'm sure it does a good job, I was just annoyed that it made tracing the message harder.
Perhaps when sending a message Outlook parses those headers in the text to get the information it gives to the MTA as envelope addresses. What does the CC in the "Sent" message (any view you can get of it!) have related to "Judy", if anything?
I don't know why the headers are repeated... I'm copying our Exchange guy on this note, he may have some ideas.
Not terribly important, since we don't think the Exchange boxes are doing anything except passing on a bare "Judy" in the CC field. But without copies of the queuefiles we can't tell where it was introduced.
"Judy@mailman.utm.edu" was not in the Sent folder message at all.
Bruce
-----Original Message----- From: Stephen J. Turnbull [mailto:stephen@xemacs.org] Sent: Thursday, March 14, 2013 5:13 PM To: Bruce Harrison Cc: Terry Lewis; mailman-users@python.org; Corey Jones Subject: Re: [Mailman-Users] strange problem
Bruce Harrison writes:
Thanks for a good, detailed explanation.
You're welcome. This kind of problem gets sadly technical really quickly.
Our one remaining Barracuda boxes is an outgoing mail filter,
I really should keep my random opinions to myself. I'm sure it does a good job, I was just annoyed that it made tracing the message harder.
In Outlook, you can open a mail message, then have it display the > actual headers. When looking at a "Sent" message, there are no > headers at all. Appears to me it just shows what's in the text, > including the To:, From:, etc. no real mail headers we can find.
Perhaps when sending a message Outlook parses those headers in the text to get the information it gives to the MTA as envelope addresses. What does the CC in the "Sent" message (any view you can get of it!) have related to "Judy", if anything?
I don't know why the headers are repeated... I'm copying our > Exchange guy on this note, he may have some ideas.
Not terribly important, since we don't think the Exchange boxes are doing anything except passing on a bare "Judy" in the CC field. But without copies of the queuefiles we can't tell where it was introduced.
On 3/14/2013 3:22 PM, Bruce Harrison wrote:
"Judy@mailman.utm.edu" was not in the Sent folder message at all.
We understand that and never expected it to be. The question is in exactly what context in the Cc: in the sent folder is "Judy" found.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro writes:
To be specific, we expect something like
CC: Sandefer <jsandefer@utm.edu>, Judy, Edie Gibson <edgibson@utm.edu>, Thomas Rakes <trakes@utm.edu>or perhaps
CC: Sandefer, Judy, Edie Gibson, Thomas Rakesor some mixture of the above. The important thing is the four-letter string "Judy" being set off from other names and/or addresses by commas (and optionally white space). Even though a human would be able to infer three addressees from the second example, a standard- conforming program would not; it would see four addressees.
We could also be totally off-base, but I don't see how any of the programs farther down the pipeline (except maybe the Exchange server?) would have any information at all about "Judy" that would cause that string to appear in the header of the message later. So we're pretty sure that it has to be coming from Outlook. It would be nice to find out exactly where from and what it looks like.
I hope the voice recognition on my phone works well for this I have unusual challenges at the moment so this is the best I can do as a response .
here's my theory. outlook makes a compliant message with the CC header that happens to be folded on the white space in the middle of a display name .
some agent other than mailman, because mailman doesn't do it according to my tests at least with the email package I test it with , sees the hanging first part of the display name at the end of the first line of the CC header and interprets that as a local address and then qualifies it with the domain
whatever agent or appliance this is lives within the same domain as the mailman server.
Mark Sapiro <mark@msapiro.net> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
participants (4)
-
Bruce Harrison -
Carl Zwanzig -
Mark Sapiro -
Stephen J. Turnbull