Loading ...
Sorry, an error occurred while loading the content.

Postfix -- question regarding SPAM and Mailman

Expand Messages
  • Futchko, Rose
    My apologies -- I forgot to change the subject line last night. This is a resend of the question below. ... I have a question for this POSTFIX group dealing
    Message 1 of 4 , Oct 2, 2012
    • 0 Attachment
      My apologies -- I forgot to change the subject line last night. This is
      a resend of the question below.
      -----------------------------------

      I have a question for this POSTFIX group dealing with SPAM. We currently
      have a Postfix - Mailman - SYMANTEC Cloud (VIRUS / SPAM FILTER)
      configuration.

      The Mailman service works well, as does basic mail for local Postfix
      users, plus we have some alias names redirecting to other email
      addresses. If mail is posted to a list, alias or to a user, it gets
      archived and sent.

      However, I am getting some failure notices for deliveries which appear
      to be bypassing Mailman, yet using the Mailman-bounces@... address
      to be delivered to external users. The reason I am stating that the
      email bypasses Mailman is the following:

      1) the message is not in the archives
      2) the sender is not an authorized subscriber to the list
      3) this is a moderated list and the message is not held

      Copied below is the response I am getting back from an end user (who is
      a valid subscriber in the list). Can someone please advise if, in your
      opinion, this is happening in Postfix -- or should I go back to the
      Mailman board for help.

      Thank you,
      Rose

      74.6.136.244 failed after I sent the message.
      Remote host said: 554 5.7.9 Message not accepted for policy reasons.
      See http://postmaster.yahoo.com/errors/postmaster-28.html


      --- Below this line is a copy of the message.

      Return-Path: <mailman-bounces@...>
      X-Env-Sender: mailman-bounces@...
      X-Msg-Ref: server-12.tower-85.messagelabs.com!1349107483!39727063!1
      X-Originating-IP: [216.230.111.83]
      X-StarScan-Received:
      X-StarScan-Version: 6.6.1.3; banners=-,-,-
      X-VirusChecked: Checked
      Received: (qmail 32680 invoked from network); 1 Oct 2012 16:04:43 -0000
      Received: from mail.company.com (HELO mail.company.org) (216.230.111.83)
      by server-12.tower-85.messagelabs.com with SMTP; 1 Oct 2012 16:04:43
      -0000
      Received: from company-app02-listserv.custcbb.local (localhost
      [127.0.0.1])
      by mail.company.org (Postfix) with ESMTP id 6CDEE20923;
      Mon, 1 Oct 2012 12:04:43 -0400 (EDT)
      X-Original-To: southeastern-michigan-chapter-owner@... *****this
      is a valid list name*****
      Delivered-To: southeastern-michigan-chapter-owner@...
      Received: from client-201.240.189.191.speedy.net.pe (unknown
      [201.240.189.191])
      by mail.company.org (Postfix) with ESMTP id D129720247;
      Mon, 1 Oct 2012 12:04:40 -0400 (EDT)
      Received: from maila-ea.linkedin.com ([199.101.162.33]) by
      mx3.eliteukserve.net; Mon, 1 Oct 2012 07:04:39 -0500
      Date: Mon, 1 Oct 2012 07:04:39 -0500

      ***this is the address not in the subscriber list in Mailman****

      From: LinkedIn Connections <connections@...>
      To: southeastern-michigan-chapter-owner
      <southeastern-michigan-chapter-owner@...>
      Message-ID:
      <717884137.7030508.8325486322321.JavaMail.app@...>
      Subject: You have been sent a file (Filename: Southeastern-77.pdf)
      MIME-Version: 1.0
      Content-Type: multipart/alternative;
      boundary="----=_Part_2150247_0592058419.0191594892197"
      X-LinkedIn-Template: accept_invite_snacked_A_01
      X-LinkedIn-Class: INVITE-ACCEPT
      X-LinkedIn-fbl: s-977LSKC0K7QI9KGP132XSKCG43CIQ824DR0SLF-Y5DL4TK5KCRPV2X
      X-OriginalArrivalTime: Mon,
      1 Oct 2012 07:04:39 -0500 FILETIME=[8495E195:4B2C03A5]
      Sender: mailman-bounces@...
      Errors-To: mailman-bounces@...

      ------=_Part_2150247_0592058419.0191594892197
      Content-Type: text/plain; charset=UTF-8
      Content-Transfer-Encoding: 7bit

      ****this is the spam email text being blocked *****
      Sendspace File Delivery Notification:You've got a file called
      Southeastern-9271623.pdf, (357.42 KB) waiting to be downloaded at
      sendspace
    • Wietse Venema
      ... This message was RETURNED TO your mailman service. That does not prove that it was SENT FROM your mailman service. Wietse
      Message 2 of 4 , Oct 2, 2012
      • 0 Attachment
        > From: LinkedIn Connections <connections@...>
        > To: southeastern-michigan-chapter-owner
        > <southeastern-michigan-chapter-owner@...>
        > Message-ID:
        > <717884137.7030508.8325486322321.JavaMail.app@...>
        > Subject: You have been sent a file (Filename: Southeastern-77.pdf)
        > MIME-Version: 1.0
        > Content-Type: multipart/alternative;
        > boundary="----=_Part_2150247_0592058419.0191594892197"
        > X-LinkedIn-Template: accept_invite_snacked_A_01
        > X-LinkedIn-Class: INVITE-ACCEPT
        > X-LinkedIn-fbl: s-977LSKC0K7QI9KGP132XSKCG43CIQ824DR0SLF-Y5DL4TK5KCRPV2X
        > X-OriginalArrivalTime: Mon,
        > 1 Oct 2012 07:04:39 -0500 FILETIME=[8495E195:4B2C03A5]
        > Sender: mailman-bounces@...
        > Errors-To: mailman-bounces@...

        This message was RETURNED TO your mailman service.

        That does not prove that it was SENT FROM your mailman service.

        Wietse
      • Futchko, Rose
        ... That is a great point. So, I dug a little deeper into the mail log and found what I believe is the outbound information: Oct 1 09:39:07
        Message 3 of 4 , Oct 2, 2012
        • 0 Attachment
          > This message was RETURNED TO your mailman service.
          > That does not prove that it was SENT FROM your mailman service.

          That is a great point. So, I dug a little deeper into the mail log and
          found what I believe is the outbound information:

          Oct 1 09:39:07 company-app02-listserv postfix/smtpd[3961]: E76C920940:
          client=localhost[127.0.0.1]
          Oct 1 09:39:07 compnay-app02-listserv postfix/cleanup[4806]:
          E76C920940:
          message-id=<134991659.4727316.6483022582862.JavaMail.app@...
          od>
          Oct 1 09:39:07 company-app02-listserv postfix/qmgr[13878]: E76C920940:
          from=<mailman-bounces@...>, size=2310, nrcpt=1 (queue active)
          Oct 1 09:39:08 company-app02-listserv postfix/smtp[4829]: E76C920940:
          to=<userx@...>, relay=mail87.messagelabs.com[216.82.250.19]:25,
          delay=0.47, delays=0.01/0.01/0.21/0.24, dsn=2.0.0, status=sent (250 ok
          1349098748 qp 17644
          server-15.tower-87.messagelabs.com!1349098748!14396185!1)
          Oct 1 09:39:08 company-app02-listserv postfix/qmgr[13878]: E76C920940:
          removed

          With this information in the bounced email:
          Received: from company-app02-listserv.custcbb.local (localhost
          [127.0.0.1])
          by mail.company.org (Postfix) with ESMTP id E76C920940;
          Mon, 1 Oct 2012 09:39:07 -0400 (EDT)

          If this is not correct, please let me know - else what other steps I can
          take to try to resolve this issue.
          Rose
        • Wietse Venema
          ... client=localhost[127.0.0.1] Based on what similarities did you come to this conclusion? - Your mailman submissions always appear to come from
          Message 4 of 4 , Oct 3, 2012
          • 0 Attachment
            Futchko, Rose:
            > > This message was RETURNED TO your mailman service.
            > > That does not prove that it was SENT FROM your mailman service.
            >
            > That is a great point. So, I dug a little deeper into the mail log and
            > found what I believe is the outbound information:
            >
            > Oct 1 09:39:07 company-app02-listserv postfix/smtpd[3961]: E76C920940:
            client=localhost[127.0.0.1]

            Based on what similarities did you come to this conclusion?

            - Your mailman submissions always appear to come from localhost[127.0.0.1].

            - The string E76C920940 appears in the returned message (in a
            Received: header that was created by your Postfix MTA).

            - The string 134991659.4727316.6483022582862.JavaMail.app@...
            appears in the returned message (in a Message-ID header).

            - The time stamp 09:39:07 (or something within a second or so)
            appears in the returned message (in a Received: header).

            - The mailman logging has a record around this time.

            Wietse
          Your message has been successfully submitted and would be delivered to recipients shortly.