Results 1 to 9 of 9

Thread: Interesting email issue I'd like to share

  1. #1
    Join Date
    Aug 2008
    Location
    Little Exuma, Bahamas
    Posts
    731

    Default Interesting email issue I'd like to share

    Here's a strange tale that I find worrisome:

    Earlier today I sent an email to a single recipient. A minute later I got back
    an error message stating that the email could not be delivered to three of
    the recipients. None of the addresses listed as being intended recipients
    was known to me, one was at a domain with no IP address on record, one
    was "Recipient address rejected" and the third message was "rejected as
    spam by Content Filtering". There was fourth recipient address listed too
    with no indication that the message had not been delivered to it, and with
    a copy of the subject. That was the address of the single person to
    whom I'd sent the original message along with the corresponding subject.

    The intended recipient never got the message.

    The sending ISP can find no record of the bogus addresses in their smtp server
    logs.

    The intended recipient's ISP can find no record of the email at all.

    Neither ISP had any record of the error message having been generated.

    Both ISPs are very concerned and have started further investigations.

    Sending PC is running 13.1 (64) with all current patches except that the
    sending email client is Thunderbird 17.08 (the newer versions do not properly
    display a variety of calendars that I cannot do without).

    Internet connection is through two firewalls and 3 routers, not impossible
    to hack, but unlikely.

    I only post this as a way of suggesting folks be aware that there might now be a
    way for unscrupulous senders to "piggyback" recipients on to our emails. Sounds
    pretty strange I know, but I can't offer much more than that. Perhaps someone
    reading this is a whole lot brighter than I am and can offer a theory.
    MS user 1988-2008, Linux user 1998-present, openSUSE user since 2004
    (The first computer I used had a punch card reader)

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,670
    Blog Entries
    3

    Default Re: Interesting email issue I'd like to share

    Quote Originally Posted by caprus View Post
    Earlier today I sent an email to a single recipient. A minute later I got back
    an error message stating that the email could not be delivered to three of
    the recipients.
    This is not an obvious problem. One would need more information to conclude that there is a problem.

    I send mail to a mailing list. Shortly afterwards, I get a message indicating delivery failure to several of the recipients.

    Those recipients come from the mailing list. A well managed mailing list will make sure that the error messages go the the list administrator, rather than the sender. However, there are mail systems out there that ignore the standards and send the error report to the sender anyway.

    You send mail to me. I can convert my address to a mailing list simply by adding an entry to my aliases database. So a mail address can be a mailing list, even if you did not know that it was a mailing list.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  3. #3
    Join Date
    Aug 2008
    Location
    Little Exuma, Bahamas
    Posts
    731

    Default Re: Interesting email issue I'd like to share

    Update:
    The sending ISP just contacted me. They say they can't explain the error
    and asked me to send two more test emails to the same address.
    Now I cannot repeat the error. So, this is getting even stranger. I'm tempted
    to wonder if they did fix an issue and are being less than candid, but I would
    hate to think that way.
    MS user 1988-2008, Linux user 1998-present, openSUSE user since 2004
    (The first computer I used had a punch card reader)

  4. #4
    Join Date
    Aug 2008
    Location
    Little Exuma, Bahamas
    Posts
    731

    Default Re: Interesting email issue I'd like to share

    Quote Originally Posted by nrickert View Post
    This is not an obvious problem. One would need more information to conclude that there is a problem.

    I send mail to a mailing list. Shortly afterwards, I get a message indicating delivery failure to several of the recipients.

    Those recipients come from the mailing list. A well managed mailing list will make sure that the error messages go the the list administrator, rather than the sender. However, there are mail systems out there that ignore the standards and send the error report to the sender anyway.

    You send mail to me. I can convert my address to a mailing list simply by adding an entry to my aliases database. So a mail address can be a mailing list, even if you did not know that it was a mailing list.
    I understand your logic, and it would make sense, however the recipient was my own wife's personal mail account. I've thoroughly reviewed the mail accounts on both servers and confirmed that both sending and receiving accounts are simple mailboxes with no aliases or other forwards configured.
    MS user 1988-2008, Linux user 1998-present, openSUSE user since 2004
    (The first computer I used had a punch card reader)

  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,670
    Blog Entries
    3

    Default Re: Interesting email issue I'd like to share

    Quote Originally Posted by caprus View Post
    The sending ISP just contacted me. They say they can't explain the error
    They probably mean that they won't explain the error. They may have screwed up, then fixed the problem.

    That reminds me of when I was in charge of our department solaris systems. When I installed a new version of solaris, it would immediately start bouncing all email, until I fixed the configuration.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Interesting email issue I'd like to share

    On 2014-05-09 18:36, caprus wrote:

    > The intended recipient's ISP can find no record of the email at all.
    >
    > Neither ISP had any record of the error message having been generated.


    AND, as you are using Thunderbird, you do not have a record of it.

    That is one of the reasons that I go through the pain of configuring
    postfix even in my laptop, and having Thunderbird send via that postfix,
    not directly: that I have logs.


    Another way for this to happen is that you were using a bad/bogus DNS
    server, which sent your posts somewhere else. This would be bad intent,
    so if your email sending procedure include authentication, your email
    password would be compromised now (unless TLS and certificate
    verification was enforced).

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  7. #7
    Join Date
    Aug 2008
    Location
    Little Exuma, Bahamas
    Posts
    731

    Default Re: Interesting email issue I'd like to share

    Quote Originally Posted by nrickert View Post
    They probably mean that they won't explain the error. They may have screwed up, then fixed the problem...
    My thought too, however I'm reluctant to condemn them, as I've hosted multiple domains & and a variety of setups with the same ISP for 9 or ten years now without an incident until today. I suspect this will remain "one of life's little mysteries."
    MS user 1988-2008, Linux user 1998-present, openSUSE user since 2004
    (The first computer I used had a punch card reader)

  8. #8
    Join Date
    Aug 2008
    Location
    Little Exuma, Bahamas
    Posts
    731

    Default Re: Interesting email issue I'd like to share

    Quote Originally Posted by robin_listas View Post
    ...That is one of the reasons that I go through the pain of configuring
    postfix even in my laptop, and having Thunderbird send via that postfix,
    not directly: that I have logs.
    I used to do exactly that. It worked great on the road, however I discovered that a lot of spam filters were automatically filtering out all messages originating from IPs similar to our home base, so after banging my head against the wall for years arguing with everyone I could think of to resolve that issue I finally had to switch to using a Stateside ISP's SMTP server.


    Another way for this to happen is that you were using a bad/bogus DNS
    server, which sent your posts somewhere else. This would be bad intent
    Now that's a real possibility. I've switched a lot of our stuff to use google's DNSs for a variety of performance related reasons. Maybe now I should switch over completely. Your thoughts??

    so if your email sending procedure include authentication, your email
    password would be compromised now (unless TLS and certificate
    verification was enforced).
    I just changed it. Good tip.
    MS user 1988-2008, Linux user 1998-present, openSUSE user since 2004
    (The first computer I used had a punch card reader)

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Interesting email issue I'd like to share

    On 2014-05-09 21:26, caprus wrote:
    >
    > robin_listas;2642186 Wrote:
    >> ...That is one of the reasons that I go through the pain of configuring
    >> postfix even in my laptop, and having Thunderbird send via that postfix,
    >> not directly: that I have logs.

    > I used to do exactly that. It worked great on the road, however I
    > discovered that a lot of spam filters were automatically filtering out
    > all messages originating from IPs similar to our home base, so after
    > banging my head against the wall for years arguing with everyone I could
    > think of to resolve that issue I finally had to switch to using a
    > Stateside ISP's SMTP server.


    You still can do that with postfix. Just tell Thunderbird to hand over
    to postfix which hands over to that SMTP server of your choice.

    Of course, it adds complexity.


    >> Another way for this to happen is that you were using a bad/bogus DNS
    >> server, which sent your posts somewhere else. This would be bad intent

    > Now that's a real possibility. I've switched a lot of our stuff to use
    > google's DNSs for a variety of performance related reasons. Maybe now I
    > should switch over completely. Your thoughts??


    I don't know... On some setups, the actual DNS used is recorded in the
    logs. This laptop does (the dnsmasq daemon does, actually). You could
    try scanning your logs trying to find such a thing. Do you use dhcp?

    I also use google's dns, they are convenient. On the other hand, I don't
    like using them more than absolutely necessary, because they /love/ data.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •