On Wed, Feb 07, 2001 at 10:53:36AM +1030, Mark Phillips wrote:
> Thanks for your reply on this. There are still some things I don't
> understand very well though.
>
> Yes it does use SMTP envelope sender, but the problem (I was told) was
> that when the bounced message got back to cheapisp.com.au they didn't
> know what to do with it. Presumably the SMTP envelope sender
> information didn't include the username "markphillips", but rather,
> the username "mark" which cheapisp.com.au has no knowledge about. I
> think this was the problem anyway.
Nope.
> I must confess that I'm a little confused about SMTP envelopes. I
> don't know where the SMTP envelope information is stored or exactly
> what information is stored. Does it keep a log of all the past SMTP
> transactions in the history of the message? Can I go somewhere on my
> machine and look at it? How does envelope information differ from
> header information?
It's actually simple. The S in SMTP is for Simple, not Secure. By way
of example, here's a handy dandy session transcript that postfix just
mailed me since some idiot spammer can't figure out SMTP:
Out: 220 bifur.cmc.net ESMTP Postfix
In: HELO 216.78.229.195
Out: 250 bifur.cmc.net
In: MAIL FROM: <INCREASE SALES NOW>
Out: 250 Ok
In: RCPT TO: <[EMAIL PROTECTED]>
Out: 504 <INCREASE SALESNOW>: Sender address rejected: need fully-qualified
address
Okay, if this spammer were smart he'd have used a valid address. But
the above 'In's are the envelope. This particular idiot is saying that
errors in delivering his mail should be sent to '<INCREASE SALES NOW>'.
Of course, for the past several years virtually everyone insists on a
valid domain there, so he's refused, but, well, spammers aren't smart.
A normal person would have had 'MAIL FROM:<[EMAIL PROTECTED]>' there.
Anway, the above is the envelope..... the rest is the body... (I
deleted the errors cause they make it sorta hard to read....)
In: DATA
Out: 503 Error: need RCPT command
(normally there'd be something like '354 End data with
<CR><LF>.<CR><LF>' there... but this person isn't paying attention...)
In: From: INCREASE SALES NOW
In: To: YOUR MERCHANT [EMAIL PROTECTED]
In: Subject: FREE MERCHANT ACCOUNT, DEALERSHIP AND SOFTWARE
In: X-Reply-To: APPROVED
In: Content-Type: text/html; charset=ISO-8859-1
In: Content-Transfer-Encoding: 7bit
In:
In: <HTML><BODY>
The rest of the spam is omitted. It doesn't really matter.
Now, when you hit 'reply' in your mail client, it goes to the address in
the 'DATA' section above (or a reply-to if one exists). The envelope
sender is used for error notices. So, if the above bounced, it would be
sent to <INCREASE SALES NOW> assuming I accepted the mail to begin with.
(Which is why spammers use bogus return envelopes.. they don't want the
bounces.)
Where is that saved? In the queue file. When postfix (or sendmail or
exim or qmail or whatever) gets mail via SMTP, it saves it to disk
before telling the other side '250 OK' ... not your mailbox, but in the
mail queue. In that queue file is not just the body of the mail, but
also special tags such as the recipients (the envelope recipient and the
'To:' and 'Cc:' lines don't have to match, in fact they often don't --
think mailing lists), the sender, a date stamp for when it got queued,
etc.
-Then- your smtp-server of choice tries to deliver the mail (either
locally or, assuming you relay for this client remotely). It drags up
all the envelope information and processes the mail, sending it to the
local mailer or some remote system. Any errors in the process are
returned to the envelope sender which was saved along with everything
else. If the mail is local the SMTP envelope information is no longer
meaningful: a mailbox is 'final delivery' and if it can be saved there,
you no longer need the recipient or the sender, so they are often
discarded. If, however, you're relaying, the SMTP sender and recipient
are propogated to the next server, which will do the same thing you did
with them.
[I said the recipient and sender are often discarded -- depending on
your setup you may still see remnants of them. The envelope sender
often appears as 'Return-Path:' and the recipient may show up in
something like an 'X-Envelope-To' or 'Delivered-To:' line.)
> > Masquerading has been common for 20 years. If people are attempting
> > to detect it in some misguided effort to eliminate spam, they will lose
> > a lot of mail.
>
> When this problem arose, part of the problem I think, was that the
> SMTP sender was [EMAIL PROTECTED] or something, ie the domain
> "localdomain.org.au" didn't even exist. I could have fixed it to
> "infoeng.flinders.edu.au", but from what this guy was telling me, even
> this wasn't good enough. He said some mail servers nowdays were
> starting to reject emails where there was a domain mismatch between
> where the email orginated from and where it said it originated from.
Unlikely. Anyone doing that is asking to lose mail. Again, take this
mail item as an example. The smtp envelope from is something ending
with '@lists.debian.org'. But the From: line is '[EMAIL PROTECTED]'. The two
fields are unrelated: one says where to send errors (I really don't CARE
if someone on the list has a full mailbox -- why would I want the
errors?) and the other says who wrote the body of the post and, in the
case of no reply-to, where to send replies about it.
> I think he was saying that if you set things up this way, the fact is
> that some email is going to bounce. I'm still a little confused
> though about exactly how this works. Ie, I'm not sure it was the
> "From:" address that was being looked at or not. Could a mail server
> compare the envelope sender address with the email's mail server
> history to see if the two matched or something? I'm still not sure
> exactly how all this works.
If you're '[EMAIL PROTECTED]' and '[EMAIL PROTECTED]', then which you use is up
to you. If, though, you're '[EMAIL PROTECTED]' and '[EMAIL PROTECTED]', then it
would be -bad- to set -ANY- header or envelope field to '[EMAIL PROTECTED]' or
'[EMAIL PROTECTED]', since those aren't yours.
A mail server certainly -can- check to see if an address is valid before
accepting mail for it. (It doesn't have to, though.) So you would want
your envelope to point to a valid address or you won't see any bounces.
I highly doubt any mail server anywhere checks to see if the bounce is
about mail it may or may not have sent.
> The other point is: if rewriting addresses in this way is completely
> legitimate, what point is the "Reply-To:" field?
To direct replies. It has nothing to do with pointing to the origin of
the mail, which is the job of 'From:'. Nor does it have anything to do
with where errors about mail delivery should go (which is the SMTP
envelope from).
Amongst many other things here, I get the postmaster and abuse mail.
The response to that mail comes from -me-. It should have -me- on the
'From:' and it does. But it also affects others, so I cc: my response
to an alias that expands to everyone else... and, I set the reply-to to
go to the same address. (Replies should go to everyone, not just me.)
--
CueCat decoder .signature by Larry Wall:
#!/usr/bin/perl -n
printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack
'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g;
