whitelisted? But where???

Glenn Steen glenn.steen at gmail.com
Wed Nov 22 09:22:50 GMT 2006

On 21/11/06, Matt Kettler <mkettler at evi-inc.com> wrote:
> Glenn Steen wrote:
> >>
> > Do you have an X-TireSwing-To: header too? Wpuld show all the envelope
> > recipients, no?
> That would be a massive breach of privacy for the users of the system.

> Bcc's are intentionally NOT included in the message headers, and you should not
> make any features that try to do so. Otherwise Bcc becomes the same as Cc, which
> is not what users expect.

I know this. I'm not suggesting he does anything like that, I'm asking
if he already did.

> As said, check your mailserver logs for this kind of thing. It looks like Andy
> is using sendmail so he can just grep his logs for the E?SMTP ID of the message
> which you can get from the Received: headers.
> For example, I have a spam that my server received:
> ----------
> Received: from PNX2.u1yxrk.net (ALyon-257-1-17-64.w86-209.abo.wanadoo.fr
> [])
>         by xanadu.evi-inc.com ( with ESMTP id kALJDTOe015612;
>         Tue, 21 Nov 2006 14:13:30 -0500
> ----------
> And I can see that this one went to multiple recipients here: (note: I've
> censored everyone else's usernames besides my own. Also note that my copy was
> delivered locally, but the others were relayed to an internal group server)
> ----------
> #grep "kALJDTOe015612" /var/log/maillog
> Nov 21 14:13:58 xanadu sendmail[878]: kALJDTOe015612: to=<mkettler at evi-inc.com>,
> delay=00:00:28, xdelay=00:00:00, mailer=local, pri=213758, dsn=2.0.0, stat=Sent
> Nov 21 14:13:58 xanadu sendmail[878]: kALJDTOe015612:
> to=<user1>@<internalserver>.evi-inc.com,<user2>@<internalserver>.evi-inc.com
> ,<user3>@<internalserver>.evi-inc.com, delay=00:00:28, xdelay=00:00:00,
> mailer=esmtp, pri=213758, relay=<internalserver>.evi-inc.com. [<internal IP>],
> dsn=2.0.0, stat=Sent (Ok)
> ----------
> This one was delivered to me, and 3 internal users.

Yes. There are situations where a simplistic grep might be harder to
follow though (like with multiple Postfix instances... Used for
splitting mails/recipient, not the deprecated dual PF/MS setup). And
no, I'm still not advocating implementing the "Add Envelope To = yes"
thing. Just mentioning that you might need multiple greps for some

> > Likely will reveal that you _do_ whitelist one of
> > those addresses:-). Yet another example of why one shouldn't whitelist
> > by email address alone, perhaps:-)
> Agreed.

Would've been very surprised otherwose;-)

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list