On 1/5/26 01:32, Peter Chubb via Mailman-users wrote:
We've been seeing some particularly pernicious spammers recently. They're using gmail accounts; I'd like to report them to Google.
To do that I need to find the original message headers. By the time the message gets to the archive, or to the mailing list recipients, all the Received: headers seem to have been deleted, leaving only the ones from my list server outwards.
Only minimal information from headers is in the hyperkitty archive, but the headers should be in the delivered email and in the message archived by the prototype archiver if enabled (Mailman's var/archives/prototype/<list_address>/new/)
For example, in the list message I'm replying to I see these headers from your server
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=chubb.wattle.id.au; s=2; h=Subject:To:From:Date:References:Reply-To; bh=g3joi1iLtQO6etRPAxWSgcpVPoLlVQz6JOFqB1oHHfY=; b=jJEI+qHRRXm7S4bGnmZU6zaeh9 lcPLZkay/lfqg4j9/ucMazFOyEkO3dolXuwz+mnI3CdapcNoGI0/VdZKgNCjINkq6g+Lrzfj5yPZN o8QPyn42K6pP9A724/LPtKf/ltxymwQxBGm9DbYVx3SWLc8Dxl0e2lMdT1PlQfjHZ3pk=; Received: from [2401:d002:1202:a00::9] (helo=wombat.chubb.wattle.id.au) by mx3.chubb.wattle.id.au with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from <peter@chubb.wattle.id.au>) id 1vcgxA-000000015I8-1oLW for mailman-users@mailman3.org; Mon, 05 Jan 2026 20:32:45 +1100 Received: from [192.168.77.170] (helo=gram.chubb.wattle.id.au) by wombat.chubb.wattle.id.au with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from <peter@chubb.wattle.id.au>) id 1vcgxJ-0000000AhKz-0d8s for mailman-users@mailman3.org; Mon, 05 Jan 2026 20:32:53 +1100
I don't know why you are not seeing similar headers in your list mail. Perhaps the spammers are posting via HyperKitty.
Is there a way to access the original incoming emai, before DMARC mitigation etc., has changed the headers?
If you can arrange via list settings or header filters for the message to be held for moderation, you can see the raw held message in Postorius or in Mailman's var/messages/ directory.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan