OT: Sendmail forwarding envelope trick?
Travis Taylor
ttaylor20060622 at duh.net
Thu Aug 31 19:44:05 IST 2006
This is a bit off topic, but thought I'd throw it out here. Maybe someone
got an idea why this happened or where I might post this to figure it out.
One of our MailScanners received a message from a mail forwarding
account on yahoo to one of our clients. After scanning it, it attempted
to deliver it to the internal mail server. It was refused because of the
domain "bumeran.com.br", which should have be refused on the MailScanner
box originally. Upon checking the logs, the envelope address used was
"rrhhbr6.bumeran.com", not "bumeran.com.br" I did a quick google, but did
not find anything relivent. How is this possible? Anyone got any ideas?
Below is some sanitized data to protect the incent. Take note of the
difference of the MAIL FROM in the message Received header and
MAIL FROM envelope address in the log. I'm suspect the "rrhhbr6" of the
envelope address as something to do with it.
Also check out the smtp.bumeran.com session transcripts.
MailScanner log:
Aug 30 01:50:44 vps sendmail[3158]: NOQUEUE: connect from
mta327.mail.mud.yahoo.com [209.191.88.80]
Aug 30 01:51:20 vps sendmail[3158]: k7U6oiuD003158: <-- HELO
mta327.mail.mud.yahoo.com
Aug 30 01:51:21 vps sendmail[3158]: k7U6oiuD003158: <-- MAIL
FROM:<ambling.alpert at rrhhbr6.bumeran.com>
Aug 30 01:51:25 vps sendmail[3158]: k7U6oiuD003158: --- 250 2.1.0
<ambling.alpert at rrhhbr6.bumeran.com>... Sender ok
Aug 30 01:51:25 vps sendmail[3158]: k7U6oiuD003158: <-- RCPT
TO:<pat at example.net>
Aug 30 01:51:25 vps sendmail[3158]: k7U6oiuD003158: --- 250 2.1.5
<pat at example.net>... Recipient ok
Aug 30 01:51:26 vps sendmail[3158]: k7U6oiuD003158: <-- DATA
Aug 30 01:51:26 vps sendmail[3158]: k7U6oiuD003158:
from=<ambling.alpert at rrhhbr6.bumeran.com>, size=1548, class=0, nrcpts=1,
msgid=<71302505789165.1F390036EF at 1CBKS>, proto=SMTP, daemon=Daemon0,
relay=mta327.mail.mud.yahoo.com [209.191.88.80]
Aug 30 01:51:26 vps sendmail[3158]: k7U6oiuE003158: <-- QUIT
Aug 30 01:51:26 vps sendmail[3158]: k7U6oiuE003158: --- 221 2.0.0
example.com closing connection
Aug 30 01:51:52 vps MailScanner[31186]: Message k7U6oiuD003158 from
209.191.88.80 (ambling.alpert at rrhhbr6.bumeran.com) to example.net is
spam, SpamAssassin (score=15.729
Bounce message to postmaster:
Return-Path: <MAILER-DAEMON at example.com>
Received: from localhost (localhost)
by example.com (8.13.1/8.13.1) id k7U6q1RI003173;
Wed, 30 Aug 2006 01:52:05 -0500
(envelope-from MAILER-DAEMON)
Date: Wed, 30 Aug 2006 01:52:05 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON at example.com>
Message-Id: <200608300652.k7U6q1RI003173 at example.com>
To: postmaster-sending at example.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="k7U6q1RI003173.1156920725/example.com"
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)
Parts/Attachments:
1 Shown 14 lines Text
2 Shown 343 bytes Message, "Delivery Status"
3 Shown 14 lines Text
----------------------------------------
The original message was received at Wed, 30 Aug 2006 01:52:01 -0500
from localhost
with id k7U6q1RH003173
----- The following addresses had permanent fatal errors -----
<ambling.alpert at rrhhbr6.bumeran.com>
(reason: 550 5.1.1 <ambling.alpert at bumeran.com.br>... User unknown)
----- Transcript of session follows -----
... while talking to smtp.bumeran.com.:
>>> DATA
<<< 550 5.1.1 <ambling.alpert at bumeran.com.br>... User unknown
550 5.1.1 <ambling.alpert at rrhhbr6.bumeran.com>... User unknown
<<< 503 5.0.0 Need RCPT (recipient)
Bounce message to receiptant:
Return-Path: <MAILER-DAEMON at example.com>
Received: from localhost (localhost)
by example.com (8.13.1/8.13.1) id k7U6q1RJ003173;
Wed, 30 Aug 2006 01:52:05 -0500
(envelope-from MAILER-DAEMON)
Date: Wed, 30 Aug 2006 01:52:05 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON at example.com>
Message-Id: <200608300652.k7U6q1RJ003173 at example.com>
To: postmaster-error at example.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="k7U6q1RJ003173.1156920725/example.com"
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)
Parts/Attachments:
1 Shown 13 lines Text
2 Shown 376 bytes Message, "Delivery Status"
3 Shown 32 lines Text
----------------------------------------
The original message was received at Wed, 30 Aug 2006 01:51:25 -0500
from mta327.mail.mud.yahoo.com [209.191.88.80]
with id k7U6oiuD003158
----- The following addresses had permanent fatal errors -----
<pat at example.net>
(reason: 550 5.0.0 <ambling.alpert at bumeran.com.br>... REFUSED - WE DO
NOT ACCEPT MAIL FROM OUTSIDE US
----- Transcript of session follows -----
... while talking to mx1.mx-router.example.com.:
>>> MAIL From:<ambling.alpert at bumeran.com.br> SIZE=2128
<<< 550 5.0.0 <ambling.alpert at bumeran.com.br>... REFUSED - WE DO NOT
ACCEPT MAIL FROM OUTSIDE US
554 5.0.0 Service unavailable
Return-Path: <ambling.alpert at bumeran.com.br>
Received: from mta327.mail.mud.yahoo.com (mta327.mail.mud.yahoo.com
[209.191.88.80])
by example.com (8.13.1/8.13.1) with SMTP id k7U6oiuD003158
for <pat at example.net>; Wed, 30 Aug 2006 01:51:25 -0500
(envelope-from ambling.alpert at bumeran.com.br)
X-Yahoo-Forwarded: from example at yahoo.com to pat at example.net
X-Rocket-Spam: 202.72.209.202
X-YahooFilteredBulk: 202.72.209.202
X-Originating-IP: [202.72.209.202]
Authentication-Results: mta327.mail.mud.yahoo.com
from=rrhhbr6.bumeran.com; domainkeys=neutral (no sig)
Received: from 202.72.209.202 (EHLO LILA.1peu.org) (202.72.209.202)
by mta327.mail.mud.yahoo.com with SMTP; Tue, 29 Aug 2006 23:50:43 -0700
Message-ID: <71302505789165.1F390036EF at 1CBKS>
From: "ambling" <ambling.ali at bumeran.com.br>
To: <examplew at yahoo.com>
Subject: Express cash credit
Date: Wed, 30 Aug 2006 13:48:07 +0700
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: H8aU1Q3avkrUQOhuPdvdeBQwqjtlbc8jgnLE
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
More information about the MailScanner
mailing list