whitelisted? But where???

Matt Kettler mkettler at evi-inc.com
Tue Nov 21 21:06:22 GMT 2006


Glenn Steen wrote:

>>
> Do you have an X-TireSwing-To: header too? Wpuld show all the envelope
> recipients, no?

That would be a massive breach of privacy for the users of the system.

Bcc's are intentionally NOT included in the message headers, and you should not
make any features that try to do so. Otherwise Bcc becomes the same as Cc, which
is not what users expect.


As said, check your mailserver logs for this kind of thing. It looks like Andy
is using sendmail so he can just grep his logs for the E?SMTP ID of the message
which you can get from the Received: headers.

For example, I have a spam that my server received:
----------
Received: from PNX2.u1yxrk.net (ALyon-257-1-17-64.w86-209.abo.wanadoo.fr
[86.209.64.64])
	by xanadu.evi-inc.com (8.12.11.20060308/8.12.11) with ESMTP id kALJDTOe015612;
	Tue, 21 Nov 2006 14:13:30 -0500
----------

And I can see that this one went to multiple recipients here: (note: I've
censored everyone else's usernames besides my own. Also note that my copy was
delivered locally, but the others were relayed to an internal group server)
----------
#grep "kALJDTOe015612" /var/log/maillog

Nov 21 14:13:58 xanadu sendmail[878]: kALJDTOe015612: to=<mkettler at evi-inc.com>,
delay=00:00:28, xdelay=00:00:00, mailer=local, pri=213758, dsn=2.0.0, stat=Sent
Nov 21 14:13:58 xanadu sendmail[878]: kALJDTOe015612:
to=<user1>@<internalserver>.evi-inc.com,<user2>@<internalserver>.evi-inc.com
,<user3>@<internalserver>.evi-inc.com, delay=00:00:28, xdelay=00:00:00,
mailer=esmtp, pri=213758, relay=<internalserver>.evi-inc.com. [<internal IP>],
dsn=2.0.0, stat=Sent (Ok)
----------

This one was delivered to me, and 3 internal users.


> Likely will reveal that you _do_ whitelist one of
> those addresses:-). Yet another example of why one shouldn't whitelist
> by email address alone, perhaps:-)


Agreed.





More information about the MailScanner mailing list