atom feed4 messages in net.sourceforge.lists.courier-users[courier-users] weird DSN messages to...
FromSent OnAttachments
Lorenzo PeroneJun 14, 2009 5:03 pm 
Sam VarshavchikJun 14, 2009 5:44 pm 
Lorenzo PeroneJun 15, 2009 3:22 am 
Sam VarshavchikJun 15, 2009 4:04 am 
Subject:[courier-users] weird DSN messages to undisclosed-recipients
From:Lorenzo Perone (lope@yellowspace.net)
Date:Jun 14, 2009 5:03:11 pm
List:net.sourceforge.lists.courier-users

Hello to all,

I'm getting these really weird DSN messages and can't really figure out now if it's the client going nuts, the courier MTA finally starting to make funy jokes with crappy clients, or if it's some kind of hacking/spamming attempt over SqWebmail or over any other part of the package. Below there's such a message.

Notes:

- I replaced the original domain with example.com and the original user name with firstname.surname). - I'm adding the X-Env-Sender header over the maildrop command in the courierd conf file (-a X-Env-Sender: $SENDER). (btw: is there any way, meanwhile, to add the envelope recipient too? $RECIPIENT used to put in the same as Delivered-To..) - There is apparently no content in those messages. Some users have reported to see a "QUIT" in them.

##snip##

X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.example.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=4.0 tests=ALL_TRUSTED,BAYES_00, EMPTY_MESSAGE,MISSING_HB_SEP,MISSING_SUBJECT,TVD_SPACE_RATIO autolearn=no version=3.2.5 X-Maildrop: Processing X-Env-Sender: #@[] Delivered-To: firs@example.com Received: from localhost (localhost [127.0.0.1]) (ftp://ftp.isi.edu/in-notes/rfc1894.txt) by mail.example.com with dsn; Mon, 15 Jun 2009 00:46:25 +0200 id 0048F5F6.000000004A357DC1.00016B09 Message-ID: <cour@mail.example.com> Date: Mon, 15 Jun 2009 00:46:25 +0200 To: undisclosed-recipients: ;

##/snip##

What I'm wondering about is the Received: header. If it was a client, then afaik there should be the IP it is mailing from. There is only one thing runninng on that host theoretically able to do it, namely the sqwebmail (webmail) cgi (or for that matter, any part of the courier package).

Courier version is still 0.54 for now, I was planning an update in the coming weeks.

Any hints? It's really getting me nuts...

Thanx a lot and Regards,

Lorenzo

------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects