[Mailman-Users] appended email addresses on probe?
Stephen J. Turnbull
stephen at xemacs.org
Tue Apr 26 06:09:53 CEST 2005
>>>>> "Thomas" == Thomas Hochstein <ml at ancalagon.inka.de> writes:
Thomas> Brad Knowles wrote:
>> No, bounces for a mailing list should not contain more than one
>> failed address, especially if it's a probe message -- those are
>> always sent out to just one specific user.
Thomas> As far as I see, Mailman was sending out non-VERPed
Thomas> messages to that list's users. When those messages are
Thomas> non-deliverable, the MTA will send a bounce back to the
Thomas> listname-bounces address, and that bounce will contain
Thomas> many or all non-deliverable addresses, as it's only one
Thomas> outgoing message delivered to many recipients. That's just
Thomas> how it works.
I think this analysis is correct. But notice what that means---the
bounces are happening with many addresses at the level of Michael's
hort or ISP: either Michael's list of addresses is badly broken
(unlikely since many of the bounces were "AOL is unroutable" rather
than "no such user"), or his host/ISP is broken (or fingered as a spam
source), or his list has been fingered as a spam source or something
Since it looks like Michael is running a fairly small, opt-in list,
with that number of bounces I think Michael's list has big problems
beyond a few addresses leaking to other list members.
To catch these other problems, I wonder if it would be reasonable for
mailman to check for "large" numbers of bounces on a single post, and
send mail to the list admin in that case?
Thomas> This bounce does not only contain the one failed address
Thomas> the probe is send to, but also other failed addresses.
Yup. So what's the right thing to do? I see four possibilities:
1. (safest) don't attach the bounce message, but save it off
somewhere so that a human can vette it before sending it to a user
on specific request
2. attach only the headers of the bounce message, and save off the
message as in 1.
3. attach the text, but sanitize everything that looks like an email
address or domain name
4. attach the text, but sanitize all email addresses and domain names
except relevant one.
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
More information about the Mailman-Users