[ mailman-Bugs-1437581 ] Mailman Auto-unsubscribes Bad Addresses?

SourceForge.net noreply at sourceforge.net
Fri Feb 24 01:36:29 CET 2006 

Bugs item #1437581, was opened at 2006-02-23 10:01
Message generated for change (Comment added) made by msapiro
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1437581&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: (un)subscribing
Group: 2.1 (stable)
>Status: Closed
>Resolution: Invalid
Priority: 5
Submitted By: Bruce Scherzinger (bascherz)
Assigned to: Nobody/Anonymous (nobody)
Summary: Mailman Auto-unsubscribes Bad Addresses?

Initial Comment:
I haven't seen any settings for this, and I can only 
describe it based on the information that I have. But 
today I received bounce notices identically 
timestamped for three separate email addresses in the 
same domain. The notices all indicated the addresses 
had been unsubscribed from a specific Mailman list. I 
don't know what initiated the action, and these same 
addresses are still subscribed to other, less-
frequently used lists.

I sent emails directly to the three addresses to 
notify them of the issue, and I got back a response 
from their email server as follows (actual email 
addresses omitted or replaced for privacy reasons):

- - - - - - - - - - - - - - - -
Return-Path: <>
X-Envelope-To: <my_email_address>
X-Spam-Status: No, hits=2.4 required=5.0
	tests=AWL: -0.181,HTML_30_40: 
0.879,HTML_MESSAGE: 0.001,
	MIME_HTML_MOSTLY: 1.54,VIRUS_WARNING268B: 0.2
X-Spam-Level: **
Return-Path: <>
Delivered-To: <my_email_address>
Received: (qmail 29847 invoked by uid 399); 23 Feb 
2006 17:21:13 -0000
X-Virus-Scan: Scanned by clamdmail 0.15 (no viruses);
  Thu, 23 Feb 2006 11:21:13 -0600
Received: from unknown (HELO eastrmmtao06.cox.net) 
(68.230.240.33)
  by mail.opentransfer.com with SMTP; 23 Feb 2006 
17:21:13 -0000
To: <my_email_address> 
From: Mail Administrator <Postmaster at cox.net> 
Reply-To: <Postmaster at cox.net>
Subject: Mail System Error - Returned Mail
Date: Thu, 23 Feb 2006 12:21:06 -0500
Message-ID: <omitted>
MIME-Version: 1.0
Content-Type: multipart/report;
		report-type=delivery-status;
	
	Boundary="===========================_ _= 
9638061(9108)1140715266"


--===========================_ _= 9638061(9108)
1140715266
Content-Type: text/plain 
  
 This Message was undeliverable due to the following 
reason: 
  
 Each of the following recipients was rejected by a 
remote mail server. The reasons given by the server 
are included to help you determine why each recipient 
was rejected.

    Recipient: <addr1 at erols.com>
    Reason:    #5.1.1 bad address addr1 at erols.com

    Recipient: <addr2 at erols.com>
    Reason:    #5.1.1 bad address addr2 at erols.com

    Recipient: <addr3 at erols.com>
    Reason:    #5.1.1 bad address addr3 at erols.com
- - - - - - - - - - - - - - - -

So, all three addresses are bad. Does Mailman 
automatically unsubscribe addresses if it can't 
deliver to them? Or, is there a way to spoof it to 
get it to delete addresses? Is it possible the email 
server (erols.com in this case) can determine that 
there are messages being sent from a Mailman email 
list and send unsubscribe requests to the Mailman 
server to make them stop?

----------------------------------------------------------------------

>Comment By: Mark Sapiro (msapiro)
Date: 2006-02-23 16:36

Message:
Logged In: YES 
user_id=1123998

I am closing this because mailman is doing what it should.
The users were unsubscribed by bounce processing. The
settings for this are list by list on the Bounce processing
page of the admin web interface.

Mailman registers the bounce notices that it receives in
response to post deliveries and handles them according to
bounce settings. The remote server has no direct involvement
with the unsubscribe. It just returns a notice to mailman
just like the notice returned to you when you mailed these
addresses directly. The process is described on the Bounce
processing page.

And yes, bounce notifications can be spoofed, but with
normal default settings, the spoofer would have to send 5
spoofed notices on different days, and then the member would
have list delivery disabled and be sent a warning, and be
sent two more warnings at one week intervals before being
unsubscribed. Also, you can select the option to notify the
list owner when the subscription is disabled, so
unsubscribing a user by spoofing bounces is not likely to be
successful if the user actually has any interest in the list.


----------------------------------------------------------------------

Comment By: Bruce Scherzinger (bascherz)
Date: 2006-02-23 10:10

Message:
Logged In: YES 
user_id=1415850

I failed to mention that the webhosting company has 
Mailman v2.1.6 installed.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1437581&group_id=103

More information about the Mailman-coders mailing list