On Mon 07 Oct 2019 at 15:09:09 (+0200), Thomas Schmitt wrote: > i wrote: > > > To my best knowledge, "X-Spam-Status: ... tests=...,LDOSUBSCRIBER,..." > > > says that the "From:" address of the mail is subscribed. > > Brian wrote: > > Are you sure it is the From: and not the envelope From? My From: is > > not subscribed. > > Interesting observation. > So the address by which you submit your mail to the remote server is > subscribed and it is not the "From:" address which your mail client > writes into the header part of the mail ? > > I wonder whether my mail provider would allow me to send via SMTP > MAIL FROM:<scdbac...@gmx.net> > RCPT TO:debian-user@lists.debian.org > and then by DATA > From: "Somebody Else" <tota...@fake.com>
It's fairly easy to find out by trying it out, only obviously in an email to yourself, not the list. Perhaps not as easy as it was, because unencrypted telnet has all but gone. And I've also found that my ISP is more "impatient" and times out fairly quickly, so nowadays I assemble the whole email in an emacs buffer and paste it into the session all in one go. Here's an example, suitably mangled: $ openssl s_client -starttls smtp -crlf -connect smtp.some.submission.host.tld:12345 That opens the session, and I only press Return when I've copied the email itself into the paste buffer. Here's the email, and there's a blank line after the header. ehlo wren.corp auth plain MyAuthenticationNameAndPasswordInBase64== mail from:realusern...@realdomain.tld rcpt to:<someusern...@whereyoucanreadtheemail.tld> data From: Whoever You Want To Be <th...@emailaddress.tld> to: <someusern...@whereyoucanreadtheemail.tld> subject: hand written test 01 Hand written test 01 You could duplicate the headers here as a record . quit I do it all in a script session so that I get a recording, from which I snip the authentication lines before archiving it. BTW the string in the authentication line above is generated with: $ echo -e -n '\0username\0password' | base64 Obviously I'm assuming that your ISP has facilities comparable to mine, which are (I use two): 250-PIPELINING 250-SIZE 20480000 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN 250-AUTH LOGIN PLAIN 250-SIZE 30000000 250-8BITMIME 250 OK However, I see lots of DKIM stuff in your emails, so it might not be as simple as this for you. But in principle, it should work. There is no inherent relationship between either "reverse" (from MAIL, SAML, etc., commands) or "forward" (RCPT) addresses in the SMTP transaction ("envelope") and the addresses in the header section. (RFC 5321.) > But how do Debian list servers know ? > Is it because Exim 4.89 said "MAIL FROM:<...subscribed.address...>" to > lists.debian.org ? > Or is it because the first mail hop added "envelope-from" to its Received: > header ? I've always assumed the envelope from is generated from the 'mail from' line, and that the envelope should reach the Debian list processing system unchanged. > Received: from ... by ... with local (Exim 4.89) > (envelope-from <...>) > id 1iHRiB-0006S7-Ks > for debian-user@lists.debian.org; Mon, 07 Oct 2019 13:01:59 +0100 > > (I wonder where "envelope-from" in "Received:" is specified. The word > does neither appear in RFC5322 nor in RFC5321.) I've always assumed that what is in parentheses is all "noise" as far as SMTP is concerned, like that Exim version number, the envelope-from and, in your email for example, (Client did not present a certificate). > --------------------------------------------------------------------------- > > > > Nevertheless, if i have no other indication then i normally add a "Cc:" > > > to the thread starter if i do not see LDOSUBSCRIBER among the spam tests. > > > On the basis, one supposes, that the situation is unclear and you wish > > the poster to know there is a reply to her post. > > It is futile to send Cc: to people who are known to reply to list messages. > But thread starters where i am in doubt get a Cc: from me if i have > something to tell them. Cheers, David.