Mailinglist Archive: opensuse-security (88 mails)

< Previous Next >
Re: [suse-security] ezmlm warning
  • From: "Arjen de Korte" <suse+security@xxxxxxxxxxxx>
  • Date: Mon, 3 Apr 2006 12:26:52 +0200 (CEST)
  • Message-id: <1051.193.67.155.99.1144060012.squirrel@xxxxxxxxxxxxxxxxx>
[...]

> If it had been bounced, that would be a different thing. In that case,
> the mail would have been accepted, a new mail created and this new mail
> sent to the possibly forged sender.

Carlos was right in his observation, that's exactly what's happened here.
See the following lines from the bounce message:

Reporting-MTA: dns; mxa02.ch.as12513.net
X-Postfix-Queue-ID: C86F4D4444
X-Postfix-Sender: rfc822;
suse-security-return-26706-suse=karsites.net@xxxxxxxx
Arrival-Date: Wed, 22 Mar 2006 03:55:38 +0000 (GMT)

Final-Recipient: rfc822; karsites@xxxxxxxxxxxxxxxxx
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message
content rejected, UBE, id=32402-01-62 (in reply to end of DATA command)

--C86F4D4444.1142999739/mxa02.ch.as12513.net
Content-Description: Undelivered Message
Content-Type: message/rfc822

Received: from fwd01.ch.as12513.net (fwd01.ch.as12513.net [82.153.252.42])
by mxa02.ch.as12513.net (Postfix) with ESMTP id C86F4D4444
for <karsites@xxxxxxxxxxxxxxxxx>; Wed, 22 Mar 2006 03:55:38 +0000
(GMT)
Received: from MXA05.ch.as12513.net (mxa05.ch.as12513.net [82.153.252.56])
by fwd01.ch.as12513.net (Postfix) with ESMTP id 28319F4217
for <suse@xxxxxxxxxxxx>; Wed, 22 Mar 2006 03:55:38 +0000 (GMT)
Received: from lists.suse.com (lists.suse.de [195.135.221.131])
by MXA05.ch.as12513.net (Postfix) with SMTP id C2559C0419
for <suse@xxxxxxxxxxxx>; Wed, 22 Mar 2006 03:55:39 +0000 (GMT)

These lines boil down to the following chain of MTA's:

lists.suse.com -> fwd01.ch.as12513.net -> MXA05.ch.as12513.net ->
mxa02.ch.as12513.net (which is the reporting MTA)

So the bounce message was generated by a different MTA than the SuSE
mailinglist server was talking to, which means that this is a case of
accept-then-bounce-later, which is bad for the reasons you already
mentioned. Unfortunately, this is done by the OP's ISP, so short of
complaining about this, there is probably little he can do about it.

Arjen

< Previous Next >
Follow Ups