Hi,
some time ago I started a discussion where I wrongly assumed that probe messages were sent accidentally from example.com
Some digging showed now that the sender of the probe messages are correct, but the attached messages seem to be wrong.
An attached example for bouncing messages was:
From: Mailman <mailman@example.com> To: Mailman Bounces <mailman-bounces@example.com> Subject: SMTP Delivery Failure Message-ID: <165577237837.35.8042057157021349872@mailman-core> Date: Tue, 21 Jun 2022 00:46:18 +0000 Message-ID-Hash: TOJ7WDT3TXWOEHZB4USRUOPZUW7BEATI X-Message-ID-Hash: TOJ7WDT3TXWOEHZB4USRUOPZUW7BEATI
Mail to bjo@schafweide.org failed at outgoing SMTP
Error code: 554 Error message: b'5.7.1 Spam message rejected'
I took a look into the logs and found no example.com, but:
Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) handling connection Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'LHLO mail.ffnw.de' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'MAIL FROM:<yzvotmm@forestanes.mom> SIZE=293338' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) sender: yzvotmm@forestanes.mom Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'RCPT TO:<vorstand@lists.ffnw.de>' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) recip: vorstand@lists.ffnw.de Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'DATA' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'QUIT' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) connection lost Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) Connection lost during _handle_client() Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> response exception: (554, b'5.7.1 Spam message rejected') Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> response exception: (554, b'5.7.1 Spam message rejected') Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> smtp to vorstand@lists.ffnw.de for 6 recips, completed in 0.7157599925994873 seconds Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> post to vorstand@lists.ffnw.de from vorstand@lists.ffnw.de, 294362 bytes, 6 failures Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to foo@stadel.info failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to abc@ffnw.de failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to def@ffnw.de failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to xyz@ffnw.de failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to bjo@schafweide.org failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to blabla@osnabrueck.freifunk.net failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:49 2022 (35) <165577240769.30.3077851374384466408@mailman-core> smtp to vorstand@lists.ffnw.de for 1 recips, completed in 0.5507137775421143 seconds
Bjoern Franke via Mailman-users writes:
Some digging showed now that the sender of the probe messages are correct, but the attached messages seem to be wrong.
What do you think is wrong? Note the log says that the message was refused during the SMTP connection. Normally if the message is refused during SMTP, there is no delivery status notification (DSN) sent to the -bounces address, the message is just returned to sender. Mailman generates an artificial DSN which the system uses to keep track of SMTP-time rejections. The message you included looks like one of those to me.
Steve
Hi,
What do you think is wrong? Note the log says that the message was refused during the SMTP connection. Normally if the message is refused during SMTP, there is no delivery status notification (DSN) sent to the -bounces address, the message is just returned to sender. Mailman generates an artificial DSN which the system uses to keep track of SMTP-time rejections. The message you included looks like one of those to me.
I was wondering about example.com, I thought it would have used the list where the issue appeared or at least SITE_ID or SERVE_FROM_DOMAIN.
My impression was (without looking into the logs) that the mails got classified as spam and rejected because the were sent from example.com.
Best Regards Bjoern
Bjoern Franke via Mailman-users writes:
I was wondering about example.com,
Ah, OK. To my eye it looked like *you* redacted information about your domain by using that special domain. But no, that format is standard in our artificial DSNs. See OutgoingRunner._fake_dsn() in mailman/src/mailman/runners/outgoing.py.
I don't yet fully understand the internal bounce processing workflow, but it looks like that message is not supposed to go to the MTA. Did you get it out of the runner's queue? Or did it end up in a regular mailbox? I don't understand how the latter can happen.
My impression was (without looking into the logs) that the mails got classified as spam and rejected because the were sent from example.com.
*This* message was sent "From" example.com, but it reports on a *different* message that was classed as spam and rejected. It's still not clear to me whether this message was actually bounced by an MTA, ended up in some legitimate mailbox, or you fetched it from the runner's queue.
The other message seems to have actually been spam. Everybody is rejecting it. It's hard to say without knowing a lot more about your software and configuration, but I don't see anything that looks off here.
On 7/14/22 1:40 AM, Bjoern Franke via Mailman-users wrote:
I was wondering about example.com, I thought it would have used the list where the issue appeared or at least SITE_ID or SERVE_FROM_DOMAIN.
My impression was (without looking into the logs) that the mails got classified as spam and rejected because the were sent from example.com.
The message is a fake DSN. It is only ever sent as an attachment to a probe or bounce notification. It is never sent on its own, so it shouldn't result in it's being classified as spam because of its From: or To:
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 7/14/22 06:47, Mark Sapiro wrote:
The message is a fake DSN. It is only ever sent as an attachment to a probe or bounce notification. It is never sent on its own, so it shouldn't result in it's being classified as spam because of its From: or To:
However, I agree that these fake addresses are confusing, so see https://gitlab.com/mailman/mailman/-/issues/1018
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 7/12/22 12:36 AM, Bjoern Franke via Mailman-users wrote:
Hi,
some time ago I started a discussion where I wrongly assumed that probe messages were sent accidentally from example.com
Some digging showed now that the sender of the probe messages are correct, but the attached messages seem to be wrong.
An attached example for bouncing messages was:
From: Mailman <mailman@example.com> To: Mailman Bounces <mailman-bounces@example.com> Subject: SMTP Delivery Failure Message-ID: <165577237837.35.8042057157021349872@mailman-core> Date: Tue, 21 Jun 2022 00:46:18 +0000 Message-ID-Hash: TOJ7WDT3TXWOEHZB4USRUOPZUW7BEATI X-Message-ID-Hash: TOJ7WDT3TXWOEHZB4USRUOPZUW7BEATI
Mail to bjo@schafweide.org failed at outgoing SMTP
Error code: 554 Error message: b'5.7.1 Spam message rejected'
That's a fake DSN created by Mailman's outgoing runner. See https://gitlab.com/mailman/mailman/-/blob/master/src/mailman/runners/outgoin....
There will be nothing in Mailman's smtp.log regarding receipt of this message because this message is not received via SMTP, but see below. It is created when the outgoing runner gets a 5xx refusal and the runner calls the bounce processor directly with this fake DSN to process this refusal as a bounce.
I took a look into the logs and found no example.com, but:
Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) handling connection Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'LHLO mail.ffnw.de' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'MAIL FROM:<yzvotmm@forestanes.mom> SIZE=293338' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) sender: yzvotmm@forestanes.mom Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'RCPT TO:<vorstand@lists.ffnw.de>' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) recip: vorstand@lists.ffnw.de Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'DATA' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) >> b'QUIT' Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) connection lost Jun 21 00:46:14 2022 (33) ('172.20.199.1', 52074) Connection lost during _handle_client()
The above is the receipt of the post whose delivery to some recipients failed.
Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> response exception: (554, b'5.7.1 Spam message rejected') Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> response exception: (554, b'5.7.1 Spam message rejected') Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> smtp to vorstand@lists.ffnw.de for 6 recips, completed in 0.7157599925994873 seconds Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> post to vorstand@lists.ffnw.de from vorstand@lists.ffnw.de, 294362 bytes, 6 failures Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to foo@stadel.info failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to abc@ffnw.de failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to def@ffnw.de failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to xyz@ffnw.de failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to bjo@schafweide.org failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to blabla@osnabrueck.freifunk.net failed with code 554, b'5.7.1 Spam message rejected' Jun 21 00:46:49 2022 (35) <165577240769.30.3077851374384466408@mailman-core> smtp to vorstand@lists.ffnw.de for 1 recips, completed in 0.5507137775421143 seconds
The various messages like
Jun 21 00:46:18 2022 (35) <H44657323H70760722Q60416802U@yzvotmm> delivery to bjo@schafweide.org failed with code 554, b'5.7.1 Spam message rejected'
are logged by the outgoing runner when it receives a 5xx reject and creates a bounce with a fake DSN.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Bjoern Franke -
Mark Sapiro -
Stephen J. Turnbull