[Mailman-Users] Finding list user in redacted FBL reports

Scott Neader scott at qth.com
Tue Aug 13 13:42:08 EDT 2019


On Fri, Aug 9, 2019 at 2:55 AM Stephen J. Turnbull <
turnbull.stephen.fw at u.tsukuba.ac.jp> wrote:

> Have you had any luck with this in the last couple of days?
>

Hi Stephen (and all).  Indeed, I am having MUCH luck with this!  First, the
option to base64 encode the recipient's email as a new header with the
RCPT_BASE64_HEADER_NAME config setting (discussed in my last post) is
working great!  In addition, as you mentioned, I am ALSO getting lucky in
reviewing the headers for the queue id... and I am using this successfully
on one older server that has an older version of Mailman (which does not
have the base64 option).

So, I am in really good shape at this point... thank you!!!

- Scott

Scott Neader writes:
>
>  > I have Personalization enabled, and have the subscriber's email
>  > address in the footer, but Comcast redacts the email address.
>  > Unfortunately, there are quite a few comcast.net users on this
>  > list, making this really difficult to find the offender.
>
> Does the returned mail contain the full trace of "Received" fields?
> If you're very lucky, one of them may contain the offender's address.
>
> Otherwise, the oldest one frequently has an MTA queue id from your MTA
> (and depending on your network, there may be a couple of these under
> your control in the Received chain), and that can be matched with the
> queue id in the MTA's log, which will typically tell you who it was
> sent to.  Since you have full personalization enabled, there should be
> one such queue id per message.  Here is an example of my own:
>
> Received: from steve by turnbull.sk.tsukuba.ac.jp with local (Exim 4.92)
>         (envelope-from <steve at turnbull.sk.tsukuba.ac.jp>)
>         id 1htOUc-0000Rx-F5; Fri, 02 Aug 2019 12:44:34 +0900
>
> 2019-08-02 12:44:39 1htOUc-0000Rx-F5 => mailman-developers at python.org
> R=dn...
>
> The log line is truncated by me since the rest is irrelevant, the MTA
> is Exim.  Note that some MTAs don't do this, some MTAs don't do it by
> default, but you can reconfigure the log message and the Received
> header this way.  And some MTAs that do it change the prefix or suffix
> of the queue id at various stages, so you may need to search on a
> truncated portion of the full id.
>
>  > I've read through the Mailman Users archives and have seen others with
> this
>  > problem, and it seems some of you have come up with your own creative
>  > solutions, but no solutions have been posted,
>
> Here's a partial solution from Mailman-Developers:
>
> https://mail.python.org/pipermail/mailman-developers/2012-June/022200.html
>
> (the "partial" is because you'll have to come up with your own way to
> iterate over the mailing list and match MD5s).  I suspect you can get
> the same effect by base64- or base85-encoding the email address, or
> even simply %-encoding (or removing!) all the punctuation, instead of
> MD5-ing.  Those are easily reversible, and the punctuation-munging
> solutions can be "decoded" by eye!
>
> Note that it's barely possible you're using the Sendmail.py module, in
> which case you will have the line "DELIVERY_MODULE = 'Sendmail'" in
> mm_cfg.py.  If so, come back and we can discuss the "cons" (there are
> no "pros") of that module, and what to do next.
>
>


More information about the Mailman-Users mailing list