[Mailman-Users] Finding list user in redacted FBL reports
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Fri Aug 9 03:20:44 EDT 2019
Have you had any luck with this in the last couple of days?
Scott Neader writes:
> I have Personalization enabled, and have the subscriber's email
> address in the footer, but Comcast redacts the email address.
> Unfortunately, there are quite a few comcast.net users on this
> list, making this really difficult to find the offender.
Does the returned mail contain the full trace of "Received" fields?
If you're very lucky, one of them may contain the offender's address.
Otherwise, the oldest one frequently has an MTA queue id from your MTA
(and depending on your network, there may be a couple of these under
your control in the Received chain), and that can be matched with the
queue id in the MTA's log, which will typically tell you who it was
sent to. Since you have full personalization enabled, there should be
one such queue id per message. Here is an example of my own:
Received: from steve by turnbull.sk.tsukuba.ac.jp with local (Exim 4.92)
(envelope-from <steve at turnbull.sk.tsukuba.ac.jp>)
id 1htOUc-0000Rx-F5; Fri, 02 Aug 2019 12:44:34 +0900
2019-08-02 12:44:39 1htOUc-0000Rx-F5 => mailman-developers at python.org R=dn...
The log line is truncated by me since the rest is irrelevant, the MTA
is Exim. Note that some MTAs don't do this, some MTAs don't do it by
default, but you can reconfigure the log message and the Received
header this way. And some MTAs that do it change the prefix or suffix
of the queue id at various stages, so you may need to search on a
truncated portion of the full id.
> I've read through the Mailman Users archives and have seen others with this
> problem, and it seems some of you have come up with your own creative
> solutions, but no solutions have been posted,
Here's a partial solution from Mailman-Developers:
https://mail.python.org/pipermail/mailman-developers/2012-June/022200.html
(the "partial" is because you'll have to come up with your own way to
iterate over the mailing list and match MD5s). I suspect you can get
the same effect by base64- or base85-encoding the email address, or
even simply %-encoding (or removing!) all the punctuation, instead of
MD5-ing. Those are easily reversible, and the punctuation-munging
solutions can be "decoded" by eye!
Note that it's barely possible you're using the Sendmail.py module, in
which case you will have the line "DELIVERY_MODULE = 'Sendmail'" in
mm_cfg.py. If so, come back and we can discuss the "cons" (there are
no "pros") of that module, and what to do next.
More information about the Mailman-Users
mailing list