Stephen, Thanks for a good, detailed explanation. Our one remaining Barracuda boxes is an outgoing mail filter, used mainly to keep a "bad" users or malware from spamming from a utm.edu address. We'll be moving to FOPE with Microsoft in the future (currently does our in-bound mail filtering). In Outlook, you can open a mail message, then have it display the actual headers. When looking at a "Sent" message, there are no headers at all. Appears to me it just shows what's in the text, including the To:, From:, etc. no real mail headers we can find. I don't know why the headers are repeated... I'm copying our Exchange guy on this note, he may have some ideas.
My mailman box, uses it's own localhost SMTP agent to handle it's mail. SMTP then connects to our main incoming mail host (mx1.utm.edu or xmail.utm.edu). The CAS boxes are of course the CAS servers for Exchange. I realize my info is somewhat incomplete. The next time it happens, I’m going to try and track it from start to finish, etc. We'll see what happens... Bruce UTM -----Original Message----- From: Stephen J. Turnbull [mailto:step...@xemacs.org] Sent: Thursday, March 14, 2013 2:09 PM To: Bruce Harrison Cc: Mark Sapiro; mailman-users@python.org Subject: Re: [Mailman-Users] strange problem I see the conversation has continued as I wrote. I'll try to avoid duplication, but it would be a mess to rewrite the whole thing. Bruce Harrison writes: > OK, there are no headers in the Sent folder as the mail message > gets > copied in there before it goes thru the mail systems, so > nothing header > wise to see there. As Mark says, there must be some addressee information somewhere, otherwise the Sent folder couldn't display To and Cc information for you. That's the information we need to see. > Below is a message showing the problem and then it's headers. In > this > message, the bogus email address is j...@mailman.utm.edu > > MESSAGE > > ======== > From: Terry Lewis <tle...@utm.edu> > Date: Wednesday, March 13, > 2013 7:31 AM > To: "utmc...@mailman.utm.edu" <utmc...@mailman.utm.edu> > > Cc: Judy Sandefer <jsande...@utm.edu>, "j...@mailman.utm.edu" > <j...@mailman.utm.edu>, Edie Gibson <edgib...@utm.edu>, Thomas Rakes > <tra...@utm.edu> > Subject: [utmcc-l] Nicholas Fortner > HEADERS > ======== I've "cleaned up" to include only information I've used, but thank you for sending the complete headers. I don't understand why the EXCH2010CAS2 -> mxout1 field is repeated; I guess that has something to do with spam filtering since mxout1 identifies itself differently in the two fields (not shown here). Ditto the mail from mailman.utm.edu to itself. > Received: from mailman.utm.edu by EXCH2010CAS1.utm.edu > Received: from > mailman.utm.edu by mailman.utm.edu > Received: from mxout1.utm.edu by > mailman.utm.edu > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu > > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu > Received: from > EXCH2010MBOX1.utm.edu by EXCH2010CAS2.utm.edu > From: Terry Lewis > <tle...@utm.edu> > To: "'utmc...@mailman.utm.edu'" > <utmc...@mailman.utm.edu> > X-Barracuda-Connect: UNKNOWN[10.51.0.157] > > CC: Sandefer <jsande...@utm.edu>, <j...@mailman.utm.edu>, Edie Gibson > <edgib...@utm.edu>, Thomas Rakes <tra...@utm.edu> Unfortunately, these headers are clearly from after Mailman processed the message, so it's not possible to determine where the bogus address was introduced. Looking at the Received fields, there are several candidates that might rewrite headers: 1. tlewis's MUA (Outlook) 2. the MTA that received the message from the user (EXCH2010MBOX1.utm.edu) 3. the spam checker (Barracuda, which is evidently a piece of trash -- it inserts its trace headers out of order in a random place) 4. an internal MTA (EXCH2010CAS2.utm.edu aka 10.51.0.157) 5. the university's MTA on the spam firewall (mxout1.utm.edu) 6. Mailman 7. Mailman's outgoing MTA (mailman.utm.edu) From the choice of bogus address (@mailman.utm.edu), it's almost certainly Mailman or mailman.utm.edu. The other agents don't have the right (and probably not the knowledge) to use that address. Almost certainly Mailman received the header: CC: Sandefer <jsande...@utm.edu>, Judy, Edie Gibson <edgibson>, Thomas Rakes <tra...@utm.edu> and either Mailman or mailman.utm.edu's MTA completed "Judy" to "<j...@mailman.utm.edu>". > >I'll keep watching it. I have a feeling outlook autocomplete > >might be > >involved. However in the outlook sent folder, the bogus > >address isn't > >shown... You shouldn't expect it to be. You should expect just "Judy" by itself somewhere, surrounded by commas as above. My guess is that the user entered "Sandefer, Judy" (perhaps with help from copy-and-paste or a completion feature), which Outlook completed to "Sandefer <jsande...@utm.edu>, Judy" because it knows who "Sandefer" is, but not who "Judy" is. It might even know who "Sandefer Judy" is, but inserting a comma makes "Judy" a separate addressee. It then abandoned responsibility for the bogus data and just passed it on verbatim to the next program in the chain, and this irresponsibility continued through the entire UTM system until Mailman (or its MTA) said "hey, wait, *somebody* has to take ownership of this before it gets to the outside world and I guess that's me!" Earlier Mark wrote: > I think you misunderstand what I was suggesting? I was suggesting a > Cc: > of the form Thomas, Bill <bill.tho...@example.com>. I.e. an > address like > bill.tho...@example.com with a display name of Thomas, > Bill, but > improperly/incompletely quoted so that it is actually two > addresses; the > address <bill.tho...@example.com> with display name > Bill and the local > address Thomas. This wouldn't produce the effect above, though, where the complete address gets the surname and the bogus address is based on the given name (the reverse of what Mark is suggesting). ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
