[Mailman-Users] strange problem

Stephen J. Turnbull stephen at xemacs.org
Thu Mar 14 20:08:56 CET 2013 

I see the conversation has continued as I wrote.  I'll try
to avoid duplication, but it would be a mess to rewrite the whole thing.

Bruce Harrison writes:

 > OK, there are no headers in the Sent folder as the mail message
 > gets copied in there before it goes thru the mail systems, so
 > nothing header wise to see there.

As Mark says, there must be some addressee information somewhere,
otherwise the Sent folder couldn't display To and Cc information for
you.  That's the information we need to see.

 > Below is a message showing the problem and then it's headers.  In
 > this message, the bogus email address is Judy at mailman.utm.edu
 > 
 > MESSAGE
 > ========
 > From: Terry Lewis <tlewis at utm.edu>
 > Date: Wednesday, March 13, 2013 7:31 AM
 > To: "utmcc-l at mailman.utm.edu" <utmcc-l at mailman.utm.edu>
 > Cc: Judy Sandefer <jsandefer at utm.edu>, "Judy at mailman.utm.edu" <Judy at mailman.utm.edu>, Edie Gibson <edgibson at utm.edu>, Thomas Rakes <trakes at utm.edu>
 > Subject: [utmcc-l] Nicholas Fortner

 > HEADERS
 > ========

I've "cleaned up" to include only information I've used, but thank you
for sending the complete headers.

I don't understand why the EXCH2010CAS2 -> mxout1 field is repeated; I
guess that has something to do with spam filtering since mxout1
identifies itself differently in the two fields (not shown here).
Ditto the mail from mailman.utm.edu to itself.

 > Received: from mailman.utm.edu by EXCH2010CAS1.utm.edu
 > Received: from mailman.utm.edu by mailman.utm.edu
 > Received: from mxout1.utm.edu by mailman.utm.edu
 > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu
 > Received: from EXCH2010CAS2.utm.edu by mxout1.utm.edu
 > Received: from EXCH2010MBOX1.utm.edu by EXCH2010CAS2.utm.edu
 > From: Terry Lewis <tlewis at utm.edu>
 > To: "'utmcc-l at mailman.utm.edu'" <utmcc-l at mailman.utm.edu>
 > X-Barracuda-Connect: UNKNOWN[10.51.0.157]
 > CC: Sandefer <jsandefer at utm.edu>, <Judy at mailman.utm.edu>, Edie Gibson
 > 	<edgibson at utm.edu>, Thomas Rakes <trakes at utm.edu>

Unfortunately, these headers are clearly from after Mailman processed
the message, so it's not possible to determine where the bogus address
was introduced.  Looking at the Received fields, there are several
candidates that might rewrite headers:

1. tlewis's MUA (Outlook)
2. the MTA that received the message from the user (EXCH2010MBOX1.utm.edu)
3. the spam checker (Barracuda, which is evidently a piece of trash --
   it inserts its trace headers out of order in a random place)
4. an internal MTA (EXCH2010CAS2.utm.edu aka 10.51.0.157)
5. the university's MTA on the spam firewall (mxout1.utm.edu)
6. Mailman
7. Mailman's outgoing MTA (mailman.utm.edu)

>From the choice of bogus address (@mailman.utm.edu), it's almost
certainly Mailman or mailman.utm.edu.  The other agents don't have the
right (and probably not the knowledge) to use that address.  Almost
certainly Mailman received the header:

    CC: Sandefer <jsandefer at utm.edu>, Judy, Edie Gibson <edgibson>, Thomas Rakes <trakes at utm.edu>

and either Mailman or mailman.utm.edu's MTA completed "Judy" to
"<Judy at mailman.utm.edu>".

 > >I'll keep watching it.  I have a feeling outlook autocomplete
 > >might be involved.  However in the outlook sent folder, the bogus
 > >address isn't shown...

You shouldn't expect it to be.  You should expect just "Judy" by
itself somewhere, surrounded by commas as above.

My guess is that the user entered "Sandefer, Judy" (perhaps with help
from copy-and-paste or a completion feature), which Outlook completed
to "Sandefer <jsandefer at utm.edu>, Judy" because it knows who
"Sandefer" is, but not who "Judy" is.  It might even know who
"Sandefer Judy" is, but inserting a comma makes "Judy" a separate
addressee.  It then abandoned responsibility for the bogus data and
just passed it on verbatim to the next program in the chain, and this
irresponsibility continued through the entire UTM system until Mailman
(or its MTA) said "hey, wait, *somebody* has to take ownership of this
before it gets to the outside world and I guess that's me!"

Earlier Mark wrote:

 > I think you misunderstand what I was suggesting? I was suggesting a
 > Cc: of the form Thomas, Bill <bill.thomas at example.com>. I.e. an
 > address like bill.thomas at example.com with a display name of Thomas,
 > Bill, but improperly/incompletely quoted so that it is actually two
 > addresses; the address <bill.thomas at example.com> with display name
 > Bill and the local address Thomas.

This wouldn't produce the effect above, though, where the complete
address gets the surname and the bogus address is based on the given
name (the reverse of what Mark is suggesting).

More information about the Mailman-Users mailing list