[BUGS] mail with odd headers .. me thinks

jonathan michaels jlm at caamora.com.au
Tue Jan 8 22:30:44 EST 2008 

On Tue, Jan 08, 2008 at 03:35:36PM +1100, Greg 'groggy' Lehey wrote:
> On Tuesday,  8 January 2008 at 11:05:57 +1100, Andrew Reilly wrote:
> > On Tue, 8 Jan 2008 10:42:42 +1100, Martin Barry <marty at supine.com> wrote:
> >
> >> $quoted_author = "jonathan michaels" ;
> >>>
> >>> i recieved an odd spam this morning .. i have looked at it an
> >>> cannot find how it is addressesed so as to come here  to me
> >
> > You can't necessarily see that, from the headers in a stored
> > message file.  To get to you there would have been *some* correct
> > form of address in the SMTP envelope, but (it seems from the rest
> > of the message), your MTA does not include that information in
> > the Received: line that it adds.
> 
> Indeed.  The To: and Cc: headers are purely informative, and may lie.
> 
> > If Jonathan's SMTP installation doesn't record the envelope MAIL
> > TO: address, then it's gone forever.
> 
> Unless it's in the log file.
> 
> > Some mailers will say something like "Received: from fake.address
> > ([sender's IP]) by my.smtp.server (version) with SMTP id msgID for
> > envelope-to"
> 
> More specifically, these are the relevant headers for the message to
> which I'm replying:
> 
> > X-Original-To: grog at lemis.com
> > Delivered-To: grog at ozlabs.org
> > Received: from mail4out.barnet.com.au (mail4.barnet.com.au [202.83.178.125])
> >         (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
> >         (Client CN "mail4out.barnet.com.au", Issuer "*.barnet.com.au" (not verified))
> >         by ozlabs.org (Postfix) with ESMTP id C66B2DDE2F
> >         for <grog at lemis.com>; Tue,  8 Jan 2008 11:08:04 +1100 (EST)
> > From: Andrew Reilly <andrew at areilly.bpc-users.org>
> > To: BUGS - Generic chat <bugs at bugs.au.freebsd.org>
> 
> So this message, too, doesn't have me in a To: or Cc: header.  The
> same will apply to everybody who gets this message.
> 
> > My qmail-smtp server doesn't seem to, but I've seen Postfix servers
> > do it.
> 
> Yes, as shown above.
> 
> >> maybe search your mail logs for the message ID?
> >
> > That could have it, if it came directly.  The original envelope
> > address can very easily get wiped off or changed by intermediary
> > MTAs. (and things like fetchmail)
> 
> It looks to me as if jlm is running sendmail.  I think the log file

yup, still (on teh current mx host) but postfix is shortening
odds in teh race for teh new smtp host, i am still thinking
that exim or even smail/zmail ..

it all depends on what/how i manage to setup smtp processing,
spamassasin/spamd/clamav 

anone care to make sugesstions regards this new world
mailserver requirements, please. so many options so much
confusion

> should contain that info, but it's been a while since I've used
> sendmail.

i managed to get a look at teh relevent log file .. the
informations was spread over a large chunk off teh log after i
retrieved the relevent parts and sorted them in order and viola
there it was two articles with nearly identicale infoemations
'cept for teh ... long day i found teh relevent details and its
now clear where i ceme from

thanls you gentlesmen and others who helped

much appreciated

good night

jonathan


> 
> Greg
> --
> See complete headers for address and phone numbers.



> _______________________________________________
> BUGS mailing list
> BUGS at bugs.au.freebsd.org
> http://mailman.barnet.com.au/mailman/listinfo/bugs


-- 
================================================================
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====

More information about the BUGS mailing list