[Mailman-Users] Wrong "From" in header, Why?

Gao gao at pztop.com
Tue Sep 20 15:42:33 EDT 2016 


On 2016-09-20 11:48 AM, Mark Sapiro wrote:
>
> Since I can think of no way that Mailman would rewrite these headers and
> even if it did, I would think the two headers would have the same
> display name, I have to think the somehow Trent's MUA
> (Thunderbird/45.2.0) is responsible. I can't say how this happened, but
> I think the message arrived with those headers, and even if they were
> somehow changed in your server, there are other, more likely suspects
> than Mailman.
I thought this too but Trent can't re-produce this issue through the 
same Thunderbird while I watched him made the 2nd reply to list. So I 
ruled out Thunderbird.
>  From your mail log, I see the message arrives with ID 36FFF20158EC6, is
> scanned by MailScanner, requeued with ID 3603320158ECB and '(delivered
> via autoresponder service)'. Then a message is received, presumably from
> the autoresponder service, with ID EB63E20158EC6, scanned by
> MailScanner, requeued with ID BE0D320158ECB and delivered to Mailman.
>
> I.e., the message has been through MailScanner twice and "autoresponder
> service" before it ever gets to Mailman.
autoresponse is a perl script which postfix pipe in to handle vacation 
replies. I know it is not a perfect solution and no longer supported. 
But I've use this for quite a while without issue, until today.

> Both 36FFF20158EC6.A07F8 and EB63E20158EC6.A4FB8 were logged to
> MailWatch. I don't use MailWatch and don't know what's in those logs,
> but perhaps there is a clue there.
>
What MailWatch does is just get information from maillog and save in 
mysql, then present as web page report. In this case MailWatch correctly 
shows the email is from Trent.

I also looked mailman log files:
[root at zeta mailman]# grep "Sep 20 09:18" post
Sep 20 09:18:12 2016 (2929) post to sjv-geosupport from 
sydv at mydomain.com, size=18655, 
message-id=<f403fa07-76de-98d9-6796-16570519b9b3 at sjgeophysics.com>, success

[root at zeta mailman]# grep "Sep 20 09:18" smtp
Sep 20 09:18:12 2016 (2929) 
<f403fa07-76de-98d9-6796-16570519b9b3 at mydomain.com> smtp to 
sjv-geosupport for 33 recips, completed in 0.131 seconds

So I see here in log file "post" it's already from Syd. If MailMan did 
not change the header, then I think the autoreponse script is highly 
suspicious.

My problem now is I can't re-produce this. In fact, we have other 
people(include me) replied Syd's original email, all seems correct.

Thank you for the help.

Gao

More information about the Mailman-Users mailing list