[Mailman-Users] Wrong "From" in header, Why?
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Tue Sep 20 14:47:41 EDT 2016
This almost certainly has nothing to do with Mailman, if I'm reading
the spamassassin reports correctly. It says that the DKIM signature
validated on the way out of Mailman, which means that the From that
you all received is the From that Trent sent.
Gao writes:
> Hi,
>
> I have a strange thing happened and I could not figure it out what is going on. Here is what happened:
> 1. Syd V <sydv at mydomain.com> sent an email to our mailing list sjv-geosupport at mydomain.com
> 2. Trent replied to the list
> 3. All list members received Trent's reply, BUT with wrong FROM address. It appears Trent's reply is from Syd. ???
> 4. I talked to Trent and asked him to do another reply to list, and this time everything is correct. He can not re-produce this error.
>
> I post the header section from Trent's reply as well as the maillog here.
>
> I am using mailman 2.1.15 on a CentOS7+Postfix.
>
> Could someone give me some hints on how this happened and how to fix it?
>
> Thanks.
>
> Gao
>
> ================
> header:
> ----------------
> Return-Path: <sjv-geosupport-bounces at mydomain.com>
> X-Original-To: gao at mydomain.com
> Delivered-To: gao at mydomain.com
> Received: by zeta.mydomain.com (Postfix, from userid 5001)
> id D92DA2015FD6E; Tue, 20 Sep 2016 09:18:18 -0700 (PDT)
> Received: from zeta.mydomain.com (localhost [IPv6:::1])
> by zeta.mydomain.com (Postfix) with ESMTP id E3B7120158EC5;
> Tue, 20 Sep 2016 09:18:11 -0700 (PDT)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain.com;
> s=szeta; t=1474388291;
> bh=tiwZ4VEiU1RZzIFTSx2DZbnLAXPUQDkUd1sc9ss5YiM=;
> h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:
> List-Post:List-Help:List-Subscribe:Reply-To;
> b=jq8Dilf8Kcjca3CTkC/LVSrii3G2RTO6z6TYQXPhWWqDlM1Q0DNS3WSco0TgV6PPY
> 7p/AObLxO/cOyvDbtf9ejQ7XDTipWhCicV7Qq/7fi+7q2J9p/xPqIweTqci0gBeIQR
> sXE1AvP7V7e94W+FGQoYsBnQBV6jmHsGo4shrRp4=
> X-Original-To: sjv-geosupport at zeta.mydomain.com
> Delivered-To: sjv-geosupport at zeta.mydomain.com
> Received: by zeta.mydomain.com (Postfix, from userid 5001)
> id EB63E20158EC6; Tue, 20 Sep 2016 09:18:04 -0700 (PDT)
> Received: from [192.168.123.87] (vpn.mydomain.com [111.111.111.111])
> (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
> (No client certificate requested)
> by zeta.mydomain.com (Postfix) with ESMTPSA id 36FFF20158EC6
> for <sjv-geosupport at mydomain.com>; Tue, 20 Sep 2016 09:18:02 -0700 (PDT)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain.com;
> s=szeta; t=1474388282;
> bh=ABUiYP5lz8c1gfzYye+PUoTjcGicHkgvhh6PstHMBZ4=;
> h=From:Subject:Reply-To:To:Date;
> b=tHH79YeXgMzTwDugmsEGJ6yIIaTYOjjbse4jy1P99gW8AE7cvd8SEWqiC/xEcShZc
> RlvFvIrL3Bub8w7RfL+4k+JURE0YHRIhKlEx4LHo+TSic2tBEY06oXUrZuvQEMcn3T
> r9VpzkEcV5BWytqZgYvxRarJOv7Huh2vP8LuZBGE=
> From: Syd V <sydv at mydomain.com>
> To: sjv-geosupport at mydomain.com
> Message-ID: <f403fa07-76de-98d9-6796-16570519b9b3 at mydomain.com>
> Date: Tue, 20 Sep 2016 09:17:56 -0700
> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
> Thunderbird/45.2.0
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="------------677E4034B35AA62A233129E2"
> X-mydomain-MailScanner: Found to be clean, Found to be clean
> X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> score=-6.095, required 4, autolearn=not spam, ALL_TRUSTED -1.00,
> BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10,
> DKIM_VALID_AU -0.10, HTML_MESSAGE 0.00, RP_MATCHES_RCVD -3.10), not spam, SpamAssassin (not cached,
> score=-6.095, required 4, ALL_TRUSTED -1.00, BAYES_00 -1.90,
> DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10,
> HTML_MESSAGE 0.00, RP_MATCHES_RCVD -3.10)
> X-Spam-Status: No, No
> Subject: [Sjv-geosupport] Update on timing and instrumentation files
> X-BeenThere: sjv-geosupport at mydomain.com
> X-Mailman-Version: 2.1.15
> Precedence: list
> List-Id: <sjv-geosupport.mydomain.com>
> List-Unsubscribe: <http://zeta.mydomain.com/mailman/options/sjv-geosupport>,
> <mailto:sjv-geosupport-request at mydomain.com?subject=unsubscribe>
> List-Archive: <http://zeta.mydomain.com/mailman/private/sjv-geosupport/>
> List-Post: <mailto:sjv-geosupport at mydomain.com>
> List-Help: <mailto:sjv-geosupport-request at mydomain.com?subject=help>
> List-Subscribe: <http://zeta.mydomain.com/mailman/listinfo/sjv-geosupport>,
> <mailto:sjv-geosupport-request at mydomain.com?subject=subscribe>
> Reply-To: Syd Visser <sydv at mydomain.com>
> Errors-To: sjv-geosupport-bounces at mydomain.com
> Sender: "Sjv-geosupport" <sjv-geosupport-bounces at mydomain.com>
> X-mydomain-MailScanner-Information: Please contact the IT Administrator for more information
> X-mydomain-MailScanner-ID: E3B7120158EC5.ABE01
> X-mydomain-MailScanner-From: sjv-geosupport-bounces at mydomain.com
>
>
> =============================
> maillog:
> -----------------------------
> Sep 20 09:18:02 zeta postfix/smtpd[24662]: connect from vpn.mydomain.com[111.111.111.111]
> Sep 20 09:18:02 zeta postfix/smtpd[24662]: Anonymous TLS connection established from vpn.mydomain.com[111.111.111.111]: TLSv1.2 with ciphe
> r ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
> Sep 20 09:18:02 zeta postfix/smtpd[24662]: 36FFF20158EC6: client=vpn.mydomain.com[111.111.111.111], sasl_method=PLAIN, sasl_username=trent at mydomain.com
> Sep 20 09:18:02 zeta postfix/cleanup[24538]: 36FFF20158EC6: hold: header Received: from [192.168.123.87] (vpn.mydomain.com [111.111.111.111])??(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))??(No client certificate requested)??by zeta.mydomain. from vpn.mydomain.com[111.111.111.111]; from=<trent at mydomain.com> to=<sjv-geosupport at mydomain.com> proto=ESMTP helo=<[192.168.123.87]>
> Sep 20 09:18:02 zeta postfix/cleanup[24538]: 36FFF20158EC6: message-id=<f403fa07-76de-98d9-6796-16570519b9b3 at mydomain.com>
> Sep 20 09:18:02 zeta opendkim[3099]: 36FFF20158EC6: DKIM-Signature field added (s=szeta, d=mydomain.com)
> Sep 20 09:18:02 zeta postfix/smtpd[24662]: disconnect from vpn.mydomain.com[111.111.111.111]
> Sep 20 09:18:02 zeta MailScanner[20657]: New Batch: Scanning 1 messages, 18122 bytes
> Sep 20 09:18:02 zeta MailScanner[20657]: Virus and Content Scanning: Starting
> Sep 20 09:18:02 zeta MailScanner[20657]: Spam Checks: Starting
> Sep 20 09:18:04 zeta MailScanner[20657]: Message 36FFF20158EC6.A07F8 from 111.111.111.111 (trent at mydomain.com) to mydomain.com is not spam, SpamAssassin (not cached, score=-6.095, required 4, autolearn=not spam, ALL_TRUSTED -1.00, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_MESSAGE 0.00, RP_MATCHES_RCVD -3.10)
> Sep 20 09:18:04 zeta MailScanner[20657]: Requeue: 36FFF20158EC6.A07F8 to 3603320158ECB
> Sep 20 09:18:04 zeta postfix/qmgr[6820]: 3603320158ECB: from=<trent at mydomain.com>, size=16818, nrcpt=1 (queue active)
> Sep 20 09:18:04 zeta MailScanner[20657]: Uninfected: Delivered 1 messages
> Sep 20 09:18:04 zeta MailScanner[20657]: Deleted 1 messages from processing-database
> Sep 20 09:18:04 zeta MailScanner[20657]: Logging message 36FFF20158EC6.A07F8 to SQL
> Sep 20 09:18:04 zeta MailScanner[22108]: 36FFF20158EC6.A07F8: Logged to MailWatch SQL
> Sep 20 09:18:04 zeta postfix/pickup[21381]: EB63E20158EC6: uid=5001 from=<trent at mydomain.com>
> Sep 20 09:18:04 zeta postfix/pipe[24825]: 3603320158ECB: to=<sjv-geosupport at zeta.mydomain.com>, orig_to=<sjv-geosupport at mydomain.com>, relay=autoresponder, delay=2.7, delays=2.7/0/0/0.02, dsn=2.0.0, status=sent (delivered via autoresponder service)
> Sep 20 09:18:04 zeta postfix/qmgr[6820]: 3603320158ECB: removed
> Sep 20 09:18:04 zeta postfix/cleanup[24407]: EB63E20158EC6: hold: header Received: by zeta.mydomain.com (Postfix, from userid 5001)??id EB63E20158EC6; Tue, 20 Sep 2016 09:18:04 -0700 (PDT) from local; from=<trent at mydomain.com> to=<sjv-geosupport at zeta.mydomain.com>
> Sep 20 09:18:04 zeta postfix/cleanup[24407]: EB63E20158EC6: message-id=<f403fa07-76de-98d9-6796-16570519b9b3 at mydomain.com>
> Sep 20 09:18:10 zeta MailScanner[22098]: New Batch: Scanning 1 messages, 18148 bytes
> Sep 20 09:18:10 zeta MailScanner[22098]: Requeue: EB63E20158EC6.A4FB8 to BE0D320158ECB
> Sep 20 09:18:10 zeta MailScanner[22098]: Unscanned: Delivered 1 messages
> Sep 20 09:18:10 zeta postfix/qmgr[6820]: BE0D320158ECB: from=<trent at mydomain.com>, size=17844, nrcpt=1 (queue active)
> Sep 20 09:18:10 zeta MailScanner[22098]: Spam Checks: Starting
> Sep 20 09:18:10 zeta MailScanner[22098]: Deleted 1 messages from processing-database
> Sep 20 09:18:10 zeta MailScanner[22098]: Logging message EB63E20158EC6.A4FB8 to SQL
> Sep 20 09:18:10 zeta MailScanner[22108]: EB63E20158EC6.A4FB8: Logged to MailWatch SQL
> Sep 20 09:18:10 zeta postfix/local[25085]: BE0D320158ECB: to=<sjv-geosupport at zeta.mydomain.com>, relay=local, delay=5.5, delays=5.4/0.01/0/0.1, dsn=2.0.0, status=sent (delivered to command: /usr/lib/mailman/mail/mailman post sjv-geosupport)
> Sep 20 09:18:10 zeta postfix/qmgr[6820]: BE0D320158ECB: removed
> Sep 20 09:18:11 zeta postfix/smtpd[24800]: connect from localhost[::1]
> Sep 20 09:18:11 zeta postfix/smtpd[24800]: E3B7120158EC5: client=localhost[::1]
> Sep 20 09:18:11 zeta postfix/cleanup[24538]: E3B7120158EC5: hold: header Received: from zeta.mydomain.com (localhost [IPv6:::1])??by zeta.mydomain.com (Postfix) with ESMTP id E3B7120158EC5;??Tue, 20 Sep 2016 09:18:11 -0700 (PDT) from localhost[::1]; from=<sjv-geosupport-bounces at mydomain.com> to=<katie.dodd at mydomain.com> proto=ESMTP helo=<zeta.mydomain.com>
> Sep 20 09:18:11 zeta postfix/cleanup[24538]: E3B7120158EC5: message-id=<f403fa07-76de-98d9-6796-16570519b9b3 at mydomain.com>
> Sep 20 09:18:11 zeta opendkim[3099]: E3B7120158EC5: DKIM-Signature field added (s=szeta, d=mydomain.com)
> Sep 20 09:18:12 zeta postfix/smtpd[24800]: disconnect from localhost[::1]
> Sep 20 09:18:16 zeta MailScanner[22098]: Virus and Content Scanning: Starting
> Sep 20 09:18:16 zeta MailScanner[22098]: Spam Checks: Starting
> Sep 20 09:18:16 zeta MailScanner[22098]: Message E3B7120158EC5.ABE01 from ::1 (sjv-geosupport-bounces at mydomain.com) ignored whitelist, had 33 recipients (>20)
> Sep 20 09:18:18 zeta MailScanner[22098]: Message E3B7120158EC5.ABE01 from ::1 (sjv-geosupport-bounces at mydomain.com) to mydomain.com is not spam, SpamAssassin (not cached, score=-6.095, required 4, ALL_TRUSTED -1.00, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_MESSAGE 0.00, RP_MATCHES_RCVD -3.10)
> Sep 20 09:18:18 zeta MailScanner[22098]: Requeue: E3B7120158EC5.ABE01 to 0233620158EC0
> Sep 20 09:18:18 zeta MailScanner[22098]: Uninfected: Delivered 1 messages
> Sep 20 09:18:18 zeta postfix/qmgr[6820]: 0233620158EC0: from=<sjv-geosupport-bounces at mydomain.com>, size=19224, nrcpt=33 (queue active)
> Sep 20 09:18:18 zeta MailScanner[22098]: Deleted 1 messages from processing-database
> .....
>
>
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/turnbull.stephen.fw%40u.tsukuba.ac.jp
>
>
More information about the Mailman-Users
mailing list