moderation notices for list-owner being redirected to mailman address
We have seen a very strange behavior on 2 separate occasions/lists over the past month.
A SENDER@SOME.DOMAIN emails OURLIST@OUR.DOMAIN, and that post is (correctly) held for moderation.
The moderation notification is sent by OURLIST-owner@OUR.DOMAIN to OURLIST-owner@OUR.DOMAIN, and everything works fine.
But in a few very rare cases, at some point during the convoluted delivery path to the mailbox of the actual human owner of OURLIST, the recipient is changed from OURLIST-owner@OUR.DOMAIN to mailman@OUR.DOMAIN.
I am going to paste full headers below (with fake public IPs), but I think that these 2 particular lines highlight the problem:
X-MailFrom: OURLIST-bounces+OURLIST-owner=OUR.DOMAIN@OUR.DOMAIN
X-MailFrom: OURLIST-bounces+mailman=OUR.DOMAIN@OUR.DOMAINbecause only the first one is present normally.
We know from the headers that the recipient gets changed on the Mailman host, but we have no idea why or how, because all the aliases are set up correctly, and there is no connection between OURLIST's (non-)members/etc and mailman@OUR.DOMAIN.
Do you have any troubleshooting suggestions? Thanks.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Note: ec2-12-34-56-78.us-west-2.compute.amazonaws.com, lists.OUR.DOMAIN, and MAILMAN-SERVER.OUR.DOMAIN are different ways of addressing essentially the same system.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Received: from SMTP-SERVER.OUR.DOMAIN (SMTP-SERVER.OUR.DOMAIN [6.7.8.9]) by MAILMAN-SERVER.OUR.DOMAIN (Postfix) with ESMTP id 2B6E51A288F for <mailman@lists.OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:52 -0800 (PST)
Received: by SMTP-SERVER.OUR.DOMAIN (Postfix) id E825C207053B; Tue, 1 Feb 2022 07:10:51 -0800 (PST)
Delivered-To: mailman@OUR.DOMAIN
Received: from SMTP-SERVER.OUR.DOMAIN (localhost [127.0.0.1]) by SMTP-SERVER.OUR.DOMAIN (Postfix) with ESMTP id D468B2070A45 for <mailman@OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:51 -0800 (PST)
X-Spam-Scanned: at OUR-ORGANIZATION on SMTP-SERVER.OUR.DOMAIN by amavisd-new
Authentication-Results: SMTP-SERVER.OUR.DOMAIN (amavisd-new); dkim=pass (1024-bit key) header.d=OUR.DOMAIN header.b="********"; dkim=pass (1024-bit key) header.d=OUR.DOMAIN header.b="********"
Received: from filter-send ([127.0.0.1]) by SMTP-SERVER.OUR.DOMAIN (SMTP-SERVER.OUR.DOMAIN [127.0.0.1]) (amavisd-new, port 12345) with LMTP id YgQELyXHaR1X for <mailman@OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:51 -0800 (PST)
Received: from [172.17.0.2] (ec2-12-34-56-78.us-west-2.compute.amazonaws.com [12.34.56.78]) by SMTP-SERVER.OUR.DOMAIN (Postfix) with ESMTP id 9E8DE207053B for <mailman@OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:51 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 SMTP-SERVER.OUR.DOMAIN 9E8DE207053B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=OUR.DOMAIN; s=unixmail; t=**********; bh=*******************************************=; h=Subject:From:To:Date:List-Id:List-Help:List-Owner:List-Subscribe: List-Unsubscribe:From; b=***************************************************************** ****************************************************************** ****************************************=
Received: from SMTP-SERVER.OUR.DOMAIN (SMTP-SERVER.OUR.DOMAIN [6.7.8.9]) by MAILMAN-SERVER.OUR.DOMAIN (Postfix) with ESMTP id B138C1A288F for <OURLIST-owner@lists.OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:49 -0800 (PST)
Received: by SMTP-SERVER.OUR.DOMAIN (Postfix) id 7766E207053B; Tue, 1 Feb 2022 07:10:49 -0800 (PST)
Delivered-To: OURLIST-owner@OUR.DOMAIN
Received: from SMTP-SERVER.OUR.DOMAIN (localhost [127.0.0.1]) by SMTP-SERVER.OUR.DOMAIN (Postfix) with ESMTP id 676682070A73 for <OURLIST-owner@OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:49 -0800 (PST)
X-Spam-Scanned: at OUR-ORGANIZATION on SMTP-SERVER.OUR.DOMAIN by amavisd-new
Received: from filter-send ([127.0.0.1]) by SMTP-SERVER.OUR.DOMAIN (SMTP-SERVER.OUR.DOMAIN [127.0.0.1]) (amavisd-new, port 12345) with LMTP id j2xEFERoaVLS for <OURLIST-owner@OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:49 -0800 (PST)
Received: from [172.17.0.2] (ec2-12-34-56-78.us-west-2.compute.amazonaws.com [12.34.56.78]) by SMTP-SERVER.OUR.DOMAIN (Postfix) with ESMTP id 2C264207053B for <OURLIST-owner@OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:49 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 SMTP-SERVER.OUR.DOMAIN 2C264207053B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=OUR.DOMAIN; s=unixmail; t=**********; bh=*******************************************=; h=Subject:From:To:Date:List-Id:List-Help:List-Owner:List-Subscribe: List-Unsubscribe:From; b=***************************************************************** ****************************************************************** ****************************************=
Subject: OURLIST@OUR.DOMAIN post from SENDER@SOME.DOMAIN requires approval From: OURLIST-owner@OUR.DOMAIN To: OURLIST-owner@OUR.DOMAIN MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6658935924254827098==" Message-ID: <164372824697.288.9427163605184740636@MAILMAN-SERVER> Date: Tue, 01 Feb 2022 07:10:46 -0800 Precedence: bulk
X-Mailman-Version: 3.3.5 List-Id: <OURLIST.OUR.DOMAIN> List-Help: <mailto:OURLIST-request@OUR.DOMAIN?subject=help> List-Owner: <mailto:OURLIST-owner@OUR.DOMAIN> List-Subscribe: <mailto:OURLIST-join@OUR.DOMAIN> List-Unsubscribe: <mailto:OURLIST-leave@OUR.DOMAIN> X-MailFrom: OURLIST-bounces+OURLIST-owner=OUR.DOMAIN@OUR.DOMAIN X-MailFrom: OURLIST-bounces+mailman=OUR.DOMAIN@OUR.DOMAIN X-Mailman-Rule-Hits: implicit-dest X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-mailman.OUR.DOMAIN-0; nonmember-moderation; administrivia; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
On 2/1/22 18:52, Philippe B wrote:
But in a few very rare cases, at some point during the convoluted delivery path to the mailbox of the actual human owner of OURLIST, the recipient is changed from OURLIST-owner@OUR.DOMAIN to mailman@OUR.DOMAIN.
...
Received: from [172.17.0.2] (ec2-12-34-56-78.us-west-2.compute.amazonaws.com [12.34.56.78]) by SMTP-SERVER.OUR.DOMAIN (Postfix) with ESMTP id 9E8DE207053B for <mailman@OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:51 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 SMTP-SERVER.OUR.DOMAIN 9E8DE207053B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=OUR.DOMAIN; s=unixmail; t=**********; bh=*******************************************=; h=Subject:From:To:Date:List-Id:List-Help:List-Owner:List-Subscribe: List-Unsubscribe:From; b=*****************************************************************
****************************************=
Received: from SMTP-SERVER.OUR.DOMAIN (SMTP-SERVER.OUR.DOMAIN [6.7.8.9]) by MAILMAN-SERVER.OUR.DOMAIN (Postfix) with ESMTP id B138C1A288F for <OURLIST-owner@lists.OUR.DOMAIN>; Tue, 1 Feb 2022 07:10:49 -0800 (PST)
The above is where the change occurs. The message is received by Postfix
at MAILMAN-SERVER.OUR.DOMAIN for OURLIST-owner@lists.OUR.DOMAIN. Then a
DKIM signature is added, presumably by DKIM-Filter: OpenDKIM Filter v2.11.0 working on Postfix queue ID 9E8DE207053B on
SMTP-SERVER.OUR.DOMAIN which is the message received from [172.17.0.2] (ec2-12-34-56-78.us-west-2.compute.amazonaws.com [12.34.56.78]) with
destination mailman@OUR.DOMAIN.
It appears to me that the message is somehow relayed from
SMTP-SERVER.OUR.DOMAIN to SMTP-SERVER.OUR.DOMAIN via
(ec2-12-34-56-78.us-west-2.compute.amazonaws.com [12.34.56.78]) and
that that's where the change in recipient occurs.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark, please correct if I'm wrong but is the log data below produced by LMTP via Mailman core? This is from the Mailman smtp.log file. Could this somehow be an issue with how we've configured Mailman for LMTP?
Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'LHLO aeedf7ad9f48.caltech.edu' Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'MAIL FROM:<snap_wl-bounces+mailman=caltech.edu@caltech.edu> SIZE=4289' Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) sender: snap_wl-bounces+mailman=caltech.edu@caltech.edu Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'RCPT TO:<mailman@lists.caltech.edu>' Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) recip: mailman@lists.caltech.edu Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'DATA' Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'QUIT'
On 2/2/22 16:17, dancab@caltech.edu wrote:
Mark, please correct if I'm wrong but is the log data below produced by LMTP via Mailman core?
Yes, indirectly. Mailman's LMTP runner which receives messages form the MTA via LMTP uses aiosmtpd.controller.Controller and aiosmtpd.lmtp.LMTP classes to create the actual LMTP server and it is those classes that write those log messages.
This is from the Mailman smtp.log file. Could this somehow be an issue with how we've configured Mailman for LMTP?
Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'LHLO aeedf7ad9f48.caltech.edu' Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'MAIL FROM:<snap_wl-bounces+mailman=caltech.edu@caltech.edu> SIZE=4289' Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) sender: snap_wl-bounces+mailman=caltech.edu@caltech.edu Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'RCPT TO:<mailman@lists.caltech.edu>' Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) recip: mailman@lists.caltech.edu Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'DATA' Feb 01 21:36:45 2022 (289) ('127.0.0.1', 36132) >> b'QUIT'
These are normal messages. They are also normally followed by two additional messages like
Jan 30 22:04:10 2022 (1329492) ('127.0.0.1', 34924) connection lost Jan 30 22:04:10 2022 (1329492) ('127.0.0.1', 34924) Connection lost during _handle_client()
These are also normal and not a concern.
Are you thinking there is an issue because of the presence of these
messages or the content. The messages are normal. If you're concerned
about the content, it appears there is a mailman@caltech.edu list and
a snap_wl@caltech.edu list and the snap_wl list is sending something
to the mailman list. This also seems OK and not at all relevant to the
original issue in this thread.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Yes, we understand that those logs are normal. And indeed we have a list called "mailman"... Could that be confusing the software somewhere??
The thing is that we have a pretty convoluted setup for handling mailing lists messages, but it's always the same for all messages. That's why we don't understand why only a small fraction of all the moderation messages get misdelivered at random times for random lists.
I think what Dan was getting at is: Are there any other logs that would show us how a message that:
a) was accepted by Postfix on the Mailman server for local delivery to list-owner@lists.caltech.edu;
b) was therefore piped into the Mailman software;
c) came out of that processing as needing to be now delivered (remotely) to mailman@caltech.edu, rather than the actual address of the owner of the original list?
Or maybe we can turn on more verbose logging or something?
Thanks.
PS: Not to confuse things (because it doesn't apply in my example), but what happens when a list has no owner and a message is sent to list-owner?
PPS: I meant a message sent to list-owner by (the same) list-owner, since that's what happens for moderation notices.
On 2/3/22 18:55, Philippe B wrote:
Yes, we understand that those logs are normal. And indeed we have a list called "mailman"... Could that be confusing the software somewhere??
I doubt it.
Note that the log excerpt posted at
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
only shows the handling of a message sent from
snap_wl-bounces+mailman=caltech.edu@caltech.edu. The envelope sender is
VERPed and indicates that this message was intentionally sent to
mailman@caltech.edu. I.e., when the snap_wl list created this message
it intended it to go to mailman@caltech.edu.
The thing is that we have a pretty convoluted setup for handling mailing lists messages, but it's always the same for all messages. That's why we don't understand why only a small fraction of all the moderation messages get misdelivered at random times for random lists.
I think what Dan was getting at is: Are there any other logs that would show us how a message that:
a) was accepted by Postfix on the Mailman server for local delivery to list-owner@lists.caltech.edu;
b) was therefore piped into the Mailman software;
But according to the header excerpt I quote at
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
it isn't sent directly from Postfix to Mailman's LMTP runner. It gets
there via ec2-12-34-56-78.us-west-2.compute.amazonaws.com
I think that's where the issue occurs. It appears that isn't even on the Mailman host, the no Mailman logging is going to help.
c) came out of that processing as needing to be now delivered (remotely) to mailman@caltech.edu, rather than the actual address of the owner of the original list?
Or maybe we can turn on more verbose logging or something?
PS: Not to confuse things (because it doesn't apply in my example), but what happens when a list has no owner and a message is sent to list-owner?
Mail to list-owner is resent by Mailman to the list owners and moderators. If there are no owners or moderators the message goes to the configured site_owner https://gitlab.com/mailman/mailman/-/blob/master/src/mailman/handlers/owner_...
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I think that your last sentence helped us figure out what's going on.
When Mailman generates a moderation message "To: LIST-owner" it actually delivers it to the address(es) of the LIST's moderator(s), which makes sense.
In all the cases where we've seen that behavior, it turns out that the list involved didn't have any moderator, and we have site_owner set to "mailman"...
However, the lists had an owner, and we're not seeing those moderation messages being sent to their owner (instead). Is that something that needs to be configured explicitly somewhere?
On 2/7/22 16:11, Philippe B wrote:
I think that your last sentence helped us figure out what's going on.
When Mailman generates a moderation message "To: LIST-owner" it actually delivers it to the address(es) of the LIST's moderator(s), which makes sense.
No, it delivers the message to the union of the sets of owner addresses and moderator addresses.
In all the cases where we've seen that behavior, it turns out that the list involved didn't have any moderator, and we have site_owner set to "mailman"...
You don't need to have moderators. The owners get the message too.
However, the lists had an owner, and we're not seeing those moderation messages being sent to their owner (instead). Is that something that needs to be configured explicitly somewhere?
The only things that might affect this are if Settings -> Automatic Responses -> Autorespond to list owner is Respond and discard message or if the owners delivery_status is other than DeliveryStatus.enabled.
Note that finding an owner's delivery status is tricky. The owner can find it in Postorius by going to https://www.example.com/mailman3/accounts/subscriptions/ and clicking on the entry for the list with role owner. This delivery status is not the same as the delivery status for the same address with a member role if there is one.
For an admin you could do
$ bin/mailman shell -l list.example.com
Welcome to the GNU Mailman shell
Use commit() to commit changes.
Use abort() to discard changes since the last commit.
Exit with ctrl+D does an implicit commit() but exit() does not.
The variable 'm' is the list.example.com mailing list
>>> owner = m.owners.get_member('user@example.com')
>>> owner.delivery_status
<DeliveryStatus.enabled: 1>
If you needed to set it here, you could do
>>> owner.preferences.delivery_status = DeliveryStatus.enabled
>>> commit()
>>>
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thanks. I'm getting:
>>> owner.delivery_status
<DeliveryStatus.by_moderator: 4>for the 2 lists with that odd behavior (as opposed to <DeliveryStatus.enabled: 1> for several other lists I checked).
What does that 4 mean?
On 2/8/22 17:57, Philippe B wrote:
Thanks. I'm getting:
>>> owner.delivery_status <DeliveryStatus.by_moderator: 4>for the 2 lists with that odd behavior (as opposed to
<DeliveryStatus.enabled: 1>for several other lists I checked).What does that 4 mean?
It means that owner's delivery was disabled by moderator action[1]. You want to set it enabled as I indicated in my prior post at https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/.... That is why the owners don't get notices, and you need to set their delivery status enabled so they will. Note that this only affects notices. It doesn't affect list posts assuming they are list members. That is controlled by the member's delivery status
And because there are no eligible owner or moderator recipients the notices go to the configured site_owner.
[1] The disabled by moderator status can occur in the following way for a list imported from Mailman 2.1. If the address in MM 2.1 is both an owner or moderator and also a list member, and the list member's delivery was disabled in MM 2.1, both the imported member and owner/moderator will have delivery disabled. This is really a bug in import21 as in Mailman 2.1, owner/moderator delivery couldn't be disabled, it shouldn't be imported as disabled. I have just created https://gitlab.com/mailman/mailman/-/issues/977 for this.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Ah, thanks for that.
I've done owner.preferences.delivery_status = DeliveryStatus.enabled for those 2 lists.
Is there an easy way to find out all the other owners that don't have <DeliveryStatus.enabled: 1> ?
On 2/9/22 16:12, Philippe B wrote:
Ah, thanks for that.
I've done
owner.preferences.delivery_status = DeliveryStatus.enabledfor those 2 lists.Is there an easy way to find out all the other owners that don't have
<DeliveryStatus.enabled: 1>?
$ bin/mailman shell
Welcome to the GNU Mailman shell
Use commit() to commit changes.
Use abort() to discard changes since the last commit.
Exit with ctrl+D does an implicit commit() but exit() does not.
>>> for mlist in getUtility(IListManager).mailing_lists:
... for admin in mlist.administrators.members:
... if admin.delivery_status != DeliveryStatus.enabled:
... print(f'List: {mlist.list_name}, '
... f'Admin: {admin.address.email}, '
... f'Role: {admin.role}, '
... f'Status: {admin.delivery_status}')
And optionally,
... admin.preferences.delivery_status = DeliveryStatus.enabled
... print('Enabled.')
...
(output here)
>>> commit()
>>>
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thanks a lot for that code. It allowed me to find 17 more lists in the same situation (a few of which are pretty important).
I think we can consider our "mystery" (re)solved. And hopefully this can help others too.
Thanks again for all your help!
Teilnehmer (3)
-
dancab@caltech.edu -
Mark Sapiro -
Philippe B