[Mailman-Users] where is mailman-bounces address defined?
douglas repetto
douglas at music.columbia.edu
Fri Jul 20 17:44:54 CEST 2007
I found the problem. The address was defined correctly in mm_config.py,
but for some reason it was truncated in Defaults.py. I don't really
understand the mechanism by which changes in mm_config.py are propagate
to Defaults.py...but something went wrong!
I edited Defaults.py and restarted MM and am monitoring our logs. So far
I don't see any more errors.
thanks,
douglas
Mark Sapiro wrote:
> douglas repetto wrote:
>> We've been getting many many strange mailman-bounces. It seems that
>> somewhere the mailman-bounces address is mis-configured. It should be
>> mailman-bounces at music.columbia.edu, but mail seems to be sent as
>> mailman-bounces at music.columbia.ed (note missing "u"). That's causing
>> bounces to bounce all over the place...in our mail log we get messages like:
>>
>>
>>
>> Jul 19 12:02:50 roar postfix/smtp[18535]: 9F86883BE24:
>> to=<mailman-bounces at music.columbia.ed>, relay=none, delay=0,
>> status=bounced (Host or domain name not found. Name service error for
>> name=music.columbia.ed type=A: Host not found)
>>
>> but also:
>>
>> Jul 19 12:02:54 roar postfix/qmgr[10647]: E969F83BE2C:
>> from=<mailman-bounces at music.columbia.edu>, size=4419, nrcpt=1 (queue active)
>>
>>
>>
>>
>> So both the correct address and the incorrect address are being
>> used...I've poked around in all of our configs and I can't find the
>> incorrect address anywhere.
>
>
> The domain comes from the host_name attribute of the mailman list
> (visible on the mailman list's admin->General Options page).
>
>
>> My suspicion at this point is that there's a
>> virus somewhere on a users computer that is propagating the incorrect
>> address and that many of the messages are the result of spoofed mail.
>
>
> I think this is likely. Presumably the mail that causes this
>
>> Jul 19 12:02:50 roar postfix/smtp[18535]: 9F86883BE24:
>> to=<mailman-bounces at music.columbia.ed>, relay=none, delay=0,
>> status=bounced (Host or domain name not found. Name service error for
>> name=music.columbia.ed type=A: Host not found)
>
> originates from within your network from someone or some thing
> connecting to postfix on your server to send this mail. If it came
> from outside, it would never get to your domain in the first place.
> What are the other log entries with the same 9F86883BE24 id. They may
> give you a clue as to the source of this message.
>
> It is not at all unusual for 'harvested' email addresses to be
> truncated.
>
--
............................................... http://artbots.org
.....douglas.....irving........................ http://dorkbot.org
.......................... http://music.columbia.edu/cmc/music-dsp
.......... repetto....... http://works.music.columbia.edu/organism
............................... http://music.columbia.edu/~douglas
More information about the Mailman-Users
mailing list