Re: Misdelivered messages
Recipient addresses don't have to appear anywhere in the message. And in spam the To: header is often garbage. Ignore that. Look at the system log records written by your MTA (Postfix?) to see who the recipients were. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology --On Wednesday, May 23, 2007 9:37 -0400 Dana Canfield <[EMAIL PROTECTED]> wrote: In the past week or so, we've had trouble with spam being delivered to the wrong recipients. It's difficult to explain, so I'll use an example: [EMAIL PROTECTED] and [EMAIL PROTECTED] are local users receiving hundreds of spam per hour. None of it is addressed to them. Their email addresses don't appear anywhere in the message source. The messages in hackxx's account appear to be the same messages that xxmelser is receiving. Most of the misdirected messages seem to be addressed to other local users, such as [EMAIL PROTECTED] or [EMAIL PROTECTED] To further confuse the issue, this only happens with spam. A legitimate message mailed to [EMAIL PROTECTED] goes through to xxmilton's account and doesn't appear in the other users' mailboxes. The *only* clue I have found is that most of these spams that get misdirected have a gap between the To: and the address in the message header, like this: To: <[EMAIL PROTECTED]> Does anyone have any clue what might be going on here? Thanks DC Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Misdelivered messages
Ah yes, I don't know why the whole bcc: notion didn't occur to me. Too many long days this week, I guess. Thanks to all those who replied! DC Paul Engle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Wednesday, May 23, 2007 09:37:59 AM -0400 Dana Canfield <[EMAIL PROTECTED]> wrote: In the past week or so, we've had trouble with spam being delivered to the wrong recipients. It's difficult to explain, so I'll use an example: Does anyone have any clue what might be going on here? Thanks DC The To: header is as easily forged as the From: header in a message. It could be that, or the spammers could be simply using BCC. We're seeing more of this as well. -paul - -- Paul D. Engle| Rice University Sr. Systems Administrator| Information Technology - MS119 (713) 348-4702 | P.O. Box 1892 [EMAIL PROTECTED] | Houston, TX 77251-1892 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFGVEgdCpkISWtyHNsRAojjAKDwi7n/cPrTw6mLISRpj31/fN1ebgCfRgyZ CaGUGfJ1uLgUYHovdZfm6gQ= =QgE0 -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Misdelivered messages
> From Dana Canfield on Wednesday, May 23, 2007 9:38 AM > > [EMAIL PROTECTED] and [EMAIL PROTECTED] are local users > receiving hundreds of spam per hour. None of it is addressed > to them. Their email addresses don't appear anywhere in the > message source. The messages in hackxx's account appear to > be the same messages that xxmelser is receiving. Most of the > misdirected messages seem to be addressed to other local > users, such as [EMAIL PROTECTED] or [EMAIL PROTECTED] The messages almost certainly are addressed to those who received them and are not misdelivered. Delivery of messagea is based on the SMTP envelope recipients, not what it in the message headers. Sometimes you will find the envelope recipient in a Received: header for reference, but some MTAs or delivery agents do not record it anywhere. If you check your MTA logs, you should be able to verify the envelope address and that delivery was correct. You can easily create this same situation with a normal mail client, just send a message To: one address and Bcc: to another. The Bcc: recipient will see a message that is apparently not to them, according to the To: header, yet they received it because they were listed in the envelope. In any case, everything is probably working just as it is supposed to. David Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Misdelivered messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Wednesday, May 23, 2007 09:37:59 AM -0400 Dana Canfield <[EMAIL PROTECTED]> wrote: > In the past week or so, we've had trouble with spam being delivered to > the wrong recipients. It's difficult to explain, so I'll use an example: > > Does anyone have any clue what might be going on here? > > Thanks > DC The To: header is as easily forged as the From: header in a message. It could be that, or the spammers could be simply using BCC. We're seeing more of this as well. -paul - -- Paul D. Engle| Rice University Sr. Systems Administrator| Information Technology - MS119 (713) 348-4702 | P.O. Box 1892 [EMAIL PROTECTED] | Houston, TX 77251-1892 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFGVEgdCpkISWtyHNsRAojjAKDwi7n/cPrTw6mLISRpj31/fN1ebgCfRgyZ CaGUGfJ1uLgUYHovdZfm6gQ= =QgE0 -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Misdelivered messages
In the past week or so, we've had trouble with spam being delivered to the wrong recipients. It's difficult to explain, so I'll use an example: [EMAIL PROTECTED] and [EMAIL PROTECTED] are local users receiving hundreds of spam per hour. None of it is addressed to them. Their email addresses don't appear anywhere in the message source. The messages in hackxx's account appear to be the same messages that xxmelser is receiving. Most of the misdirected messages seem to be addressed to other local users, such as [EMAIL PROTECTED] or [EMAIL PROTECTED] To further confuse the issue, this only happens with spam. A legitimate message mailed to [EMAIL PROTECTED] goes through to xxmilton's account and doesn't appear in the other users' mailboxes. The *only* clue I have found is that most of these spams that get misdirected have a gap between the To: and the address in the message header, like this: To: <[EMAIL PROTECTED]> Does anyone have any clue what might be going on here? Thanks DC Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html