Oh well, time to get the magnifying glass out again...
matchnet.com are routing the mail back to cs.huji.ac.il:
Received: from 64-52-90-18.client.cypresscom.net ([64.52.90.18]
helo=clex01.matchnet.com)
by cs.huji.ac.il with esmtp
id 1At30B-0007it-Fx
for [EMAIL PROTECTED]; Tue, 17 Feb 2004 13:03:01 +0200
which in turn redirect it to the list again ad infinitum (or until the built-in loop
detection mechanism in SMTP kicks in).
This can be caused by some piece of software in that company that attempts to deliver
to a sender that's not in the envelope but rather in the body of the message somewhere.
A clue may be found in this header:
x-bbh: 2/17/2004 3:02:48 AM
which is stuck between two Exchange Server 2003 headers:
Received: from mail pickup service by CLMAILQ04.matchnet.com with Microsoft
SMTPSVC;
Tue, 17 Feb 2004 03:02:49 -0800
thread-index: AcP1RZRfFG3/AIG2RnGN2CKbWwQbFQ==
x-bbh: 2/17/2004 3:02:48 AM
Received: from mxcorp01.matchnet-plc.com ([192.168.1.70]) by
CLMAILQ04.matchnet.com with Microsoft SMTPSVC(6.0.3790.0); Tue,
17 Feb 2004 03:02:48 -0800
The Ex2K3 server, CLMAILQ4, gets the mail and does something with it. The second
Receive line, after the strange x-bbh header, belongs to the same CLMAILQ04 server,
but this time it receives the mail from a "mail pickup service" - if I'm not mistaken
this is the Exchange pickup folder (similar to the pickup folder in postfix).
After that, CLEX02 gets the message. Its name suggest a cluster, and in my experience
this means mailbox server. My guess is a direct delivery by means of a smarthost on
CLMAILQ4.
Then CLEX02 sends the message outside, doing MX-based delivery, but the envelope
recipient has changed:
Received: from 64-52-90-18.client.cypresscom.net ([64.52.90.18]
helo=clex01.matchnet.com)
by cs.huji.ac.il with esmtp
id 1At30B-0007it-Fx
for [EMAIL PROTECTED]; Tue, 17 Feb 2004 13:03:01 +0200
it is now [EMAIL PROTECTED] - this address could not have appeared in the envelope
prior to entering matchnet.com - it was invented along the way Something has copied
the To: header from the body of the email message and used it as an envelope recipient
- something that's expressly forbidden by RFC2821.
I don't have enough experience with Ex2K3, but my Ex2K experience tells me that
Exchange doesn't violate the RFC in such a blatant way (it does, but in more subtle
areas).
I would guess that the whole reason for CLMAILQ4's existance is to filter incoming
mail (for viruses?) and the piece of crappy software used is nick-named or shortened
to BBH. Someone should clue these guys. I've CC-ed their postmaster. If the list
maintainer cares, they should search the address database for @matchnet.com addresses
or any address which MX resolves to a matchnet address, and send them a warning (and
remove them from the list if they fail to clue their sysadmins)
-- Arik
-----Original Message-----
From: Ely Levy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 17, 2004 1:26 PM
To: [EMAIL PROTECTED]
Subject: bounced messages
hey,
I saw few bounced messages to the list,
I can't figure out from which list subscriber it comes,
last one headers was:
Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Tue, 17 Feb 2004 13:12:29 +0200
Received: from localhost
([127.0.0.1] helo=cs ident=listar)
by cs.huji.ac.il with esmtp
id 1At31p-0007rZ-Pp; Tue, 17 Feb 2004 13:04:38 +0200
Received: with LISTAR (v0.124a; list linux-il); Tue,
17 Feb 2004 13:03:35 +0200 (IST)
Received: from 64-52-90-18.client.cypresscom.net ([64.52.90.18]
helo=clex01.matchnet.com)
by cs.huji.ac.il with esmtp
id 1At30B-0007it-Fx
for [EMAIL PROTECTED]; Tue, 17 Feb 2004 13:03:01 +0200
Received: from CLEX02.matchnet.com ([192.168.3.38]) by clex01.matchnet.com
with Microsoft SMTPSVC(6.0.3790.0);
Tue, 17 Feb 2004 03:02:49 -0800
Received: from CLMAILQ04.matchnet.com ([216.69.234.43]) by
CLEX02.matchnet.com with Microsoft SMTPSVC(6.0.3790.0);
Tue, 17 Feb 2004 03:02:49 -0800
Received: from mail pickup service by CLMAILQ04.matchnet.com with Microsoft
SMTPSVC;
Tue, 17 Feb 2004 03:02:49 -0800
thread-index: AcP1RZRfFG3/AIG2RnGN2CKbWwQbFQ==
x-bbh: 2/17/2004 3:02:48 AM
Received: from mxcorp01.matchnet-plc.com ([192.168.1.70]) by
CLMAILQ04.matchnet.com with Microsoft SMTPSVC(6.0.3790.0); Tue,
17 Feb 2004 03:02:48 -0800
Content-Transfer-Encoding: 7bit
Content-Class: urn:content-classes:message
Importance: normal
Received: from cs.huji.ac.il (132.65.16.30) by mxcorp01.matchnet-plc.com
with ESMTP; 17 Feb 2004 03:02:48 -0800
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
X-BrightmailFiltered: true
Received: from localhost ([127.0.0.1] helo=cs ident=listar) by
cs.huji.ac.il with esmtp id 1At2qM-0007FS-5t; Tue,
17 Feb 2004 12:52:46 +0200
Received: with LISTAR (v0.124a; list linux-il); Tue,
17 Feb 2004 12:51:50 +0200 (IST)
Received: from pita.cs.huji.ac.il ([132.65.32.9] ident=mail) by
cs.huji.ac.il with esmtp id 1At2pO-0007Ew-9l for [EMAIL PROTECTED]; Tue,
17 Feb 2004 12:51:46 +0200
Received: from elylevy (helo=localhost) by pita.cs.huji.ac.il with
local-esmtp (Exim 3.36 #1) id 1At2pN-0005RH-00 for
[EMAIL PROTECTED]; Tue, 17 Feb 2004 12:51:45 +0200
Date: Tue, 17 Feb 2004 12:51:45 +0200 (IST)
From: Ely Levy <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: walla artical
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN;
charset="US-ASCII"
Precedence: list
X-listar-version: Listar v0.124a
X-original-sender: [EMAIL PROTECTED]
Precedence: bulk
X-list: linux-il
X-OriginalArrivalTime: 17 Feb 2004 11:02:48.0690 (UTC)
FILETIME=[9458C520:01C3F545]
X-Bogosity: No [0.0%]
X-Authentication-Warning: Sender is not authenticated
Precedence: list
X-listar-version: Listar v0.124a
X-original-sender: [EMAIL PROTECTED]
Precedence: bulk
X-list: linux-il
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
**********************************************************************
This email and attachments have been scanned for
potential proprietary or sensitive information leakage.
PortAuthority(TM) Server
Keeping Information Inside
Vidius, Inc.
www.vidius.com
**********************************************************************
================================================================To unsubscribe, send
mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
