Hi, folks.
It's time for me to understand this stuff clearly once and for all,
partly so that I can handle spam intelligently and properly.
I'm unclear on the exact relationships between the following:
-------------------
1) MUA: "From", "To", "Bcc", "Reply Address" fields
2) SMTP: "MAIL FROM:" and "RCPT TO:"
3) Delivered Message: "To:", "From:", "Reply-To:", "Return-Path:"
headers. Also, the terms "envelope sender" and "envelope recipient".
4)Bounced Message: "To:" header
-------------------
>From what I currently understand, the MUA fields are (obviously)
completed by the sender. (Let's assume a common client like Eudora or
Outlook Express rather than qmail-inject for this discussion).
When connecting to the SMTP server to send the message, the "From" and
"To" fields are copied by the MUA to become the "From:" and "To:"
headers of the message. The "From" field is also used in the SMTP
conversation as the "MAIL FROM:". Then, all addresses in the "To",
("Cc",) and "Bcc" fields are used as SMTP "RCPT TO:" entries.
-> Question: Are "Bcc" recipients not stored anywhere in the headers, or
are they stored in the headers until the message is ready to be
delivered into the recipients box, and then stripped off? (If they are
NOT stored in the headers, where does qmail store them?)
The "Reply-To" header is created by the MUA from either the "Reply
Address" field, if present, or else the "From" field. The "Return-Path:"
header is added by the SMTP server based on the "Reply-To" or "From"
header (?)
-> Question: So, now what do we look at to determine the "envelope
sender" and "envelope recipient"? Secondly, which of these terms/headers
is used to determine whom qmail delivers the message to?
Okay, now the message bounces because because it's an evil spam message.
-> Question: Where does MAILER-DAEMON send the bounce message? To the
"From:" person? "Reply-To:"?
If I could understand THIS much, I'd be very happy.
Dave
___________________
p.s. fyi, here's what started all this today. I got the following
message. It seems some spammer sent the below message with an SMTP MAIL
FROM of "x" and tried to deliver it to "[EMAIL PROTECTED]" (via Bcc, I
guess), which does NOT exist. Then it looks like MAILER-DAEMON tried to
bounce it to "x" (right?). But how it the world did this *other* guy get
the bounce??
___________
I get *ALOT* of theese bounces to postmaster.
And it really starts to get boring now, please take action...
<Name Withheld; but he's from some domain that has nothing to do with
us>
Offending message including original headers:
Received: (qmail 31029 invoked from network); 5 Apr 2000 17:38:27 -0000
Received: from bsdpop.netcarrier.net (209.140.173.251)
by butler.informatik.gu.se with SMTP; 5 Apr 2000 17:38:27 -0000
Received: (qmail 64117 invoked for bounce); 5 Apr 2000 17:42:44 -0000
Date: 5 Apr 2000 17:42:44 -0000
From: [EMAIL PROTECTED]
To: x
Subject: failure notice
Hi. This is the qmail-send program at bsdpop.netcarrier.net.
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[EMAIL PROTECTED]>:
Sorry, no mailbox here by that name. (#5.1.1)
--- Below this line is a copy of the message.
Return-Path: <x>
Received: (qmail 64105 invoked from network); 5 Apr 2000 17:42:44 -0000
Received: from unknown (HELO mail.celtis.fr) (195.115.137.1)
by bsdpop.netcarrier.net with SMTP; 5 Apr 2000 17:42:44 -0000
Received: from K5eK2fb75 (ppp-59.tnt-1.hou.smartworld.net [64.38.18.59])
by mail.celtis.fr with SMTP (Microsoft Exchange
Internet Mail Service Version 5.5.1960.3)
id 22YZPQ74; Wed, 5 Apr 2000 19:34:26 +0200
DATE: 05 Apr 00 12:41:55 PM
FROM: x
Message-ID: <14738Fj1e6>
SUBJECT: lose 2-14 inches in one hour! 100% guarantee
Did you know that there's a way to lose 2 to 14 inches of
fat PERMANENTLY and SAFELY in only 1 HOUR?! . . .
100% Guaranteed!
Did you know that this has been CLINICALLY PROVEN?!
<balance of seriously annoying spam deleted>
