Re: attn: listmaster - list issue

[Miles Fidelman]

Felipe,

Thanks for spotting that!
So.. I think it's established that;
- a message with duplicate reply-to: headers is broken
- that some messages sent to dev@couchdb.apache.org end up with 
duplicate reply-to: headers (per the archives)
- that this is treated as a virus signature by a fairly common antivirus 
package (Amavis)
- legitimately causing such messages for at least 1 member of the list 
(haven't seen reports from others)

It is, however a sign that the list software is broken, in that it 
should be removing or re-writing reply-to: headers that are included in 
incoming mail before adding it's own.

Which leads to the obvious questions:
- what list software is apache.org using?
- what broke it (I expect this is a side effect of a patch applied to 
route around DMARC impacts, but that's just a guess)

Anyway, I just filed a bug report against infrastructure.

Cheers,

Miles

Felipe Mafra wrote:
Miles,

In RFC 5322 on page 20 has a table with fields limits. reply-to can only be
used once. You cannot have it duplicated.

Felipe Mafra
Em 11/11/2014 18:14, "Miles Fidelman" <mfidel...@meetinghouse.net> escreveu:

Felipe Mafra wrote:

Miles,

RFCs are these:

http://www.faqs.org/rfcs/rfc6532.html
http://www.faqs.org/rfcs/rfc5322.html

close, but more like rfc5321 - the discussion on trace fields and
implementation issues
seems to be silent on whether duplicate reply-to fields are to be deleted,
but I need to re-read in depth

  But I'd like you to know that I am not seeing any duplicated field
*reply-to* in message header I received.

interesting - and I note that your message came through with only 1
reply-to

I'm seeing duplicate reply-to: in some messages, not others - and in
particular I'm seeing them in all the gitub messages that are gatewayed to
the list.

And... I just looked in the archive, at, for example,
http://mail-archives.apache.org/mod_mbox/couchdb-dev/201411.mbox/browser
there are definitely two reply-to headers in there (I marked the lines
with *****()

-------
 From dev-return-38501-apmail-couchdb-dev-archive=couchdb.
apache....@couchdb.apache.org Tue Nov  4 04:03:55 2014
Return-Path: <dev-return-38501-apmail-couchdb-dev-archive=couchdb.
apache....@couchdb.apache.org>
X-Original-To: apmail-couchdb-dev-arch...@www.apache.org
Delivered-To: apmail-couchdb-dev-arch...@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
     by minotaur.apache.org (Postfix) with SMTP id 2BA3417512
     for <apmail-couchdb-dev-arch...@www.apache.org>; Tue,  4 Nov 2014
04:03:55 +0000 (UTC)
Received: (qmail 62850 invoked by uid 500); 4 Nov 2014 04:03:54 -0000
Delivered-To: apmail-couchdb-dev-arch...@couchdb.apache.org
Received: (qmail 62780 invoked by uid 500); 4 Nov 2014 04:03:54 -0000
Mailing-List: contact dev-h...@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-h...@couchdb.apache.org>
List-Unsubscribe: <mailto:dev-unsubscr...@couchdb.apache.org>
List-Post: <mailto:dev@couchdb.apache.org>
List-Id: <dev.couchdb.apache.org>
*****Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list dev@couchdb.apache.org
Received: (qmail 62769 invoked by uid 99); 4 Nov 2014 04:03:54 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
(140.211.11.114)
     by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Nov 2014 04:03:54
+0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
     id 025E7A080A5; Tue,  4 Nov 2014 04:03:53 +0000 (UTC)
From: benkeen <g...@git.apache.org>
To: dev@couchdb.apache.org
******Reply-To: dev@couchdb.apache.org
References: <git-pr-127-couchdb-faux...@git.apache.org>
In-Reply-To: <git-pr-127-couchdb-faux...@git.apache.org>
Subject: [GitHub] couchdb-fauxton pull request: Added getter/setter
utils.js methods...
Content-Type: text/plain
Message-Id: <20141104040354.025e7a08...@tyr.zones.apache.org>
Date: Tue,  4 Nov 2014 04:03:53 +0000 (UTC)

Github user benkeen commented on the pull request:

https://github.com/apache/couchdb-fauxton/pull/127#issuecomment-61590748

     haha :) I know what to do for your birthday: write more tests!

------------------

Looks like the list handler is not removing reply-to headers that might
have been inserted by the original sender.

Miles







Felipe Mafra
felipe.ma...@gmail.com

2014-11-11 15:22 GMT-02:00 Miles Fidelman<mfidel...@meetinghouse.net>:

  Ok.  As to whether others have problem - it really does depend on what
there antispam/antivirus setup looks like.

A little googling tells me that the standard Amavis antivirus considers
multiple reply-to: lines as a "bad header" signature, and the standard
configuration quarantines messages with bad headers.

The work around, for me, is obviously to play with the antivirus
configuration - but I think that Amavis only goes to the granularity of
quarantining all or none of the various BAD HEADER checks it performs.
Need to to a little research. I'm not sure I want to turn all of those
off.

I need to do some more research as to what is the RFC-compliant handling
of reply-to: headers by mail forwarders, if there is indeed any such
spec.
It's pretty obvious that most list handlers and other forwarders either
delete them or rewrite them to things like original-reply-to: (the
issues I
found by googling were mostly about things that broke when a piece of
software, e.g., a particular Drupal release, started sending messages
with
duplicate reply-to: headers).

Since this is a new behavior (unless I just wasn't noticing all that
stuff
going straight to trash), I wonder if apache.org has changed or updated
its list or mail infrastructure.  What does this list run on top of?

Thanks,

Miles Fidelman




Andy Wenk wrote:

  I am a moderator of this list and I am not aware that listmaster is
known.
So if there are any issues it's ok to just write it here and a moderator
will take care if needed. And yes infra is short for infrastructure.

Let's see if others do have the same issue with this list. If yes I will
take action :)
On Nov 11, 2014 5:18 PM, "Miles Fidelman"<mfidel...@meetinghouse.net>
wrote:

   Well, I cc'd listmaster and postmaster - or are there other contacts
to

use?  And what does INFRA stand for (infrastructure?).

Cheers,

Miles

Andy Wenk wrote:

   The cool folks from apache who take care of everything related to the

infrastructure of all the apache projects and of the ASF itself  :).
In
this case also the mailing lists ... Aka sysadmins ;-)
On Nov 11, 2014 5:00 PM, "Miles Fidelman"<mfidel...@meetinghouse.net>
wrote:

    Umm... who or what is INFRA?

  Andy Wenk wrote:
    Hi,

  I personally don't have this problem. But if others are faced with
this, I
will report it to INFRA .

Cheers

Andy
On Nov 11, 2014 3:17 PM, "Miles Fidelman" <
mfidel...@meetinghouse.net
wrote:

     Recently, I've been finding a lot of coucdb related email
traffic
in
my

   spam folder. I think it's just the dev list, but I'm not 100%
sure of

this
(I seem to recall this for other traffic, but intermittently, and
the
latest batch is fine).


      On examination, I find that our local antivirus/antispam
setup is
reporting this:

X-Amavis-Alert:  BAD HEADER SECTION Duplicate header field:
"Reply-To"

Is anybody else seeing this.  If yes, is perhaps the list software
misconfigured, perhaps following a patch to address DMARC breakage?



Miles Fidelman