I see the conversation has continued as I wrote. I'll try to avoid duplication, but it would be a mess to rewrite the whole thing.
Bruce Harrison writes: > OK, there are no headers in the Sent folder as the mail message > gets copied in there before it goes thru the mail systems, so > nothing header wise to see there. As Mark says, there must be some addressee information somewhere, otherwise the Sent folder couldn't display To and Cc information for you. That's the information we need to see. > Below is a message showing the problem and then it's headers. In > this message, the bogus email address is [email protected] > > MESSAGE > ======== > From: Terry Lewis <[email protected]> > Date: Wednesday, March 13, 2013 7:31 AM > To: "[email protected]" <[email protected]> > Cc: Judy Sandefer <[email protected]>, "[email protected]" > <[email protected]>, Edie Gibson <[email protected]>, Thomas Rakes > <[email protected]> > Subject: [utmcc-l] Nicholas Fortner > HEADERS > ======== I've "cleaned up" to include only information I've used, but thank you for sending the complete headers. I don't understand why the EXCH2010CAS2 -> mxout1 field is repeated; I guess that has something to do with spam filtering since mxout1 identifies itself differently in the two fields (not shown here). Ditto the mail from mailman.utm.edu to itself. > Received: from mailman.utm.edu by EXCH2010CAS1.utm.edu > Received: from mailman.utm.edu by mailman.utm.edu > Received: from mxout1.utm.edu by mailman.utm.edu > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu > Received: from EXCH2010MBOX1.utm.edu by EXCH2010CAS2.utm.edu > From: Terry Lewis <[email protected]> > To: "'[email protected]'" <[email protected]> > X-Barracuda-Connect: UNKNOWN[10.51.0.157] > CC: Sandefer <[email protected]>, <[email protected]>, Edie Gibson > <[email protected]>, Thomas Rakes <[email protected]> Unfortunately, these headers are clearly from after Mailman processed the message, so it's not possible to determine where the bogus address was introduced. Looking at the Received fields, there are several candidates that might rewrite headers: 1. tlewis's MUA (Outlook) 2. the MTA that received the message from the user (EXCH2010MBOX1.utm.edu) 3. the spam checker (Barracuda, which is evidently a piece of trash -- it inserts its trace headers out of order in a random place) 4. an internal MTA (EXCH2010CAS2.utm.edu aka 10.51.0.157) 5. the university's MTA on the spam firewall (mxout1.utm.edu) 6. Mailman 7. Mailman's outgoing MTA (mailman.utm.edu) >From the choice of bogus address (@mailman.utm.edu), it's almost certainly Mailman or mailman.utm.edu. The other agents don't have the right (and probably not the knowledge) to use that address. Almost certainly Mailman received the header: CC: Sandefer <[email protected]>, Judy, Edie Gibson <edgibson>, Thomas Rakes <[email protected]> and either Mailman or mailman.utm.edu's MTA completed "Judy" to "<[email protected]>". > >I'll keep watching it. I have a feeling outlook autocomplete > >might be involved. However in the outlook sent folder, the bogus > >address isn't shown... You shouldn't expect it to be. You should expect just "Judy" by itself somewhere, surrounded by commas as above. My guess is that the user entered "Sandefer, Judy" (perhaps with help from copy-and-paste or a completion feature), which Outlook completed to "Sandefer <[email protected]>, Judy" because it knows who "Sandefer" is, but not who "Judy" is. It might even know who "Sandefer Judy" is, but inserting a comma makes "Judy" a separate addressee. It then abandoned responsibility for the bogus data and just passed it on verbatim to the next program in the chain, and this irresponsibility continued through the entire UTM system until Mailman (or its MTA) said "hey, wait, *somebody* has to take ownership of this before it gets to the outside world and I guess that's me!" Earlier Mark wrote: > I think you misunderstand what I was suggesting? I was suggesting a > Cc: of the form Thomas, Bill <[email protected]>. I.e. an > address like [email protected] with a display name of Thomas, > Bill, but improperly/incompletely quoted so that it is actually two > addresses; the address <[email protected]> with display name > Bill and the local address Thomas. This wouldn't produce the effect above, though, where the complete address gets the surname and the bogus address is based on the given name (the reverse of what Mark is suggesting). ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
