Phantom Email Address in Nonmember List
Have an issue that is more of a puzzle than a problem. No real harm done. So don't spend much time on it if you don't recognize the issue.
I am administrator for a small list, radg@lists.radg.us, hosted by Mailmanlists.net. They are trying hard to figure it out but so far unsuccessful.
Looking at the headers of emails sent from steve@stevebrown.us to the list and boomeranged back to me, I see a line “X-MailFrom: bounce+66273f.99dcd9c-radg=lists.radg.us@stevebrown.us”. I gather that it is designating the return path where a message would be sent if there was a delivery problem. From its position in the header, I suspect it is added as they pass through Mailgun, maybe related to DKIM. I am hoping you might know why that bounce address is recognized by Mailman 3 as a real address for my emails, but not for others, even from my wife’s computer traversing the same path from our home to the Mailman 3 server. The Mailman installation does get and process the post, but also puts the “bounce+,,,” address in its list of nonmembers. Mailmanlists.net hasn’t figured out the behavior. I can provide full header information if that would help. My understanding of how headers work is very limited.
Steve Brown
On 9/9/24 15:12, Steve Brown via Mailman-users wrote:
Looking at the headers of emails sent from steve@stevebrown.us to the list and boomeranged back to me, I see a line “X-MailFrom: bounce+66273f.99dcd9c-radg=lists.radg.us@stevebrown.us”. I gather that it is designating the return path where a message would be sent if there was a delivery problem. From its position in the header, I suspect it is added as they pass through Mailgun, maybe related to DKIM.
Without seeing the full headers in sequence I can't say much, but some MTA in the delivery chain (likely your MX, mx1.tmdhosting.com) is setting the envelope sender of the message to bounce+66273f.99dcd9c-radg=lists.radg.us@stevebrown.us so that it can receive DSNs at that address. Mailman's lmtp runner is adding the X-MailFrom: header as information.
Then Mailman's incoming runner ensures that all of the messages senders
are known to mailman by creating, if necessary, address records for all
of them. See
<https://gitlab.com/mailman/mailman/-/blob/master/src/mailman/runners/incomin...>.
The senders are defined as addresses in the headers listed in
the configuration setting sender_headers, default = from, from_
meaning envelope sender, reply-to and sender. See
<https://gitlab.com/mailman/mailman/-/blob/master/src/mailman/config/schema.c...>
I am hoping you might know why that bounce address is recognized by Mailman 3 as a real address for my emails, but not for others, even from my wife’s computer traversing the same path from our home to the Mailman 3 server. The Mailman installation does get and process the post, but also puts the “bounce+,,,” address in its list of nonmembers. Mailmanlists.net hasn’t figured out the behavior. I can provide full header information if that would help. My understanding of how headers work is very limited.
Are you saying that the bounce+... address ends up as a nonmember of
the list you are sending to. I don't think that should happen. Mailman
will add the sender address as a nonmember of the list if it is not a
member, but the sender is the first non-empty value in senders which
normally would be the From: address unless the installation has changed
the sender_headers setting
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
The senders are defined as addresses in the headers listed in the configuration setting sender_headers, default = from, from_ meaning envelope sender, reply-to and sender. See <https://gitlab.com/mailman/mailman/-/blob/master/src/mailman/config/schema.c...>
This was very useful in explaining why MM3 (3.3.9) accepted the problem post and attributed it to my address, even when seeing the bounce+ address as a different sender. Thank you for taking the time to reply.
Are you saying that the bounce+... address ends up as a nonmember of the list you are sending to. I don't think that should happen.
Yes, that is what is happening, but only for messages from the steve@stevebrown address. I can send a screenshot and a .txt of the headers (of the message after sent back to me from MM3 and long!) but didn't see a way to do that on the archive page. Do I need to post from my gmail address?
One clue I hadn't spotted before was a bodyhash_mismatch warning in the headers. No idea where that came from. Doesn't appear in emails from me to other addresses.
Steve
On 9/18/24 09:35, Steve Brown via Mailman-users wrote:
Yes, that is what is happening, but only for messages from the steve@stevebrown address. I can send a screenshot and a .txt of the headers (of the message after sent back to me from MM3 and long!) but didn't see a way to do that on the archive page. Do I need to post from my gmail address?
The usual behavior of most MUAs (mail clients) is to set the envelope sender to the same address as From:. In that case, you won't see an issue like this. In your case, when you send via tmdhosting servers, they set that odd bounce+... address as the envelope sender, presumably so they can do something in processing DSNs returned to that address.
If you post the full headers of such a message from the list, either inline or as a .txt attachment, I'll look and say what I can.
As far as getting headers from HyperKitty is concerned, if you click on a thread containing the message, there is a Download button which will produce a gzipped mbox containing the message(s) in that thread, but the headers are very minimal - only From:, To:, Subject:, Date:, Message-ID:, MIME-Version: and Content-Type:. There is also a From_ separator, but it contains the From: address, not the true envelope sender.
One clue I hadn't spotted before was a bodyhash_mismatch warning in the headers. No idea where that came from. Doesn't appear in emails from me to other addresses.
Is that in Authentication-Results:? It is probably saying an original DKIM signature fails to verify because of a body mismatch which is expected if Mailman has filtered any MIME parts or added a message header or footer.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 9/18/24 09:35, Steve Brown via Mailman-users wrote:
Mark Sapiro wrote:
Are you saying that the bounce+... address ends up as a nonmember of the list you are sending to. I don't think that should happen.
Actually, it should. See below.
Yes, that is what is happening, but only for messages from the steve@stevebrown address.
There are two things involved here.
First, messages From: the steve@stevebrown address have the bounces+... address as the envelope sender.
And, if a post is not from a member or is from a member whose moderation_action is defer, all of the message's senders including the envelope sender who are not yet members or nonmembers of the list will be added as nonmembers.
Thus, given that the envelope sender of messages From: the steve@stevebrown address is the bounces+... address, that address will be added as a nonmember. This is expected
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Genius. Yes, the bodyhash_mismatch is in the DKIM stuff, and the message returned from MM3 has a footer attachment. Although I had modified the default to contain no content, it is still 129 bytes.
Second, the reason why I saw different behavior from my posts and my wife's was that she wasn't a member. When I made her a member and sent another post from her address, the bounce+ address showed up in the nonmember list identically. So all of this has something to do with how our email host handles the outgoing mail. TMD uses Mailgun as a mail handler that provides deliverability services. I have a ticket in to them, but haven't heard back.
Mailgun appears to modify the return path to a bounce+ address that MM3 sees as a nonmember sender, and then the recipient's email handler sees it as equivalent to another address that might be in the envelope. The header of a message sent from steve@stevebrown.us to my radg.us address shows:
spf=pass (fr-int-smtpin1.hostinger.io: domain of "bounce+906d23.99dcd9c-administrator=radg.us@stevebrown.us" designates 143.55.232.17 as permitted sender) smtp.mailfrom="bounce+906d23.99dcd9c-administrator=radg.us@stevebrown.us";
I think I have bothered you enough for something that does not seem to create any real problems or threaten to do so. So reply only if something here stimulates another thought.
I'm still a bit confused why this address: bounce+66273f.99dcd9c-radg=lists.radg.us@stevebrown.us still shows up in the list of nonmembers on the list I administer. The stevebrown.us is my personal domain and steve@stevebrown is the address I use to be a member of the list. I use administrator@radg.us for the owner of the list. radg.us is a small website that tells potential users how to subscribe and members how to use the list (e.g., how to change their settings or get to the archives). Unfortunately, I wasn't careful and spam/scam bots have scraped the addresses for joining, posting, or contacting the owner that I put on the site. I now have that site behind a Cloudflare firewall, but addresses are already accessible to the bad guys. The lists.radg.us domain is the "own domain" alias for the server that hosts the list run by Mailmanlists.net. What I haven't been able to figure out is what combination of events triggers the nonmember list entry. If I delete it, it comes back in a few days or weeks. The workaround is to just leave it in the list of nonmembers, which is effective in that no other instances of that address appear, but annoying to me. Any explanation that might help me understand would be appreciated.
On 1/31/26 13:11, Steve Brown via Mailman-users wrote:
I'm still a bit confused why this address: bounce+66273f.99dcd9c-radg=lists.radg.us@stevebrown.us still shows up in the list of nonmembers on the list I administer.
When Mailman receives a post it creates an address record for all of the
sender addresses in that message if one doesn't already exist. Sender
addresses are all those found in places defined by the sender_headers
setting in the [mailman] section of mailman.cfg. By default these are
the From: header, the envelope sender, the Reply-To: header and the
Sender: header.
The address bounce+66273f.99dcd9c-radg=lists.radg.us@stevebrown.us was created by Mailman for a VERPed message to 66273f.99dcd9c-radg@lists.radg.us
The stevebrown.us is my personal domain and steve@stevebrown is the address I use to be a member of the list. I use administrator@radg.us for the owner of the list. radg.us is a small website that tells potential users how to subscribe and members how to use the list (e.g., how to change their settings or get to the archives). Unfortunately, I wasn't careful and spam/scam bots have scraped the addresses for joining, posting, or contacting the owner that I put on the site. I now have that site behind a Cloudflare firewall, but addresses are already accessible to the bad guys. The lists.radg.us domain is the "own domain" alias for the server that hosts the list run by Mailmanlists.net. What I haven't been able to figure out is what combination of events triggers the nonmember list entry. If I delete it, it comes back
in a few days or weeks. The workaround is to just leave it in the list of nonmembers, which is effective in that no other instances of that address appear, but annoying to me. Any explanation that might help me understand would be appreciated.
So, presumably, some spam was sent to a list by 66273f.99dcd9c-radg@lists.radg.us and a held message or rejection notice was sent to that address with envelope from bounce+66273f.99dcd9c-radg=lists.radg.us@stevebrown.us. Then some process received that message and maybe bounced it back to a list.
Try grepping your mail logs for 66273f.99dcd9c-radg which may help
understand what's happening.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thanks and apologies, Mark. I sent the latest post before I went back and read through the earlier exchange on this topic. Had forgotten what you said 16 months ago. The problem seems to be triggered when I post to the list with the stevebrown address, likely due to a mismatch between the way Mailgun constructs headers and the way Mailman3 processes them. The good news is that I now know what "grepping" is. Am I correct that I cannot do that as a mere list manager and not a Mailman3 platform operator with Linux? Also good to know about VERPing. I'm not enough of an IT guy to know the lingo well. Steve
On 1/31/26 15:13, Steve Brown via Mailman-users wrote:
The good news is that I now know what "grepping" is. Am I correct that I cannot do that as a mere list manager and not a Mailman3 platform operator with Linux?
One needs shell access to the server and permission to read log files.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Mark Sapiro -
Steve Brown