On 21/01/02, Russell Coker wrote: > I have attached a strange bounce message I received, and would like some > advice in understanding exactly what happened. Well, since you didn't include any specific information, I can only try to analyze the header step by step and hope that's what you are asking for. Otherwise please tell us, what your exact problem is. > >>From MAILER-DAEMON@coker.com.au Mon Jan 21 01:37:31 2002 > Return-Path: <> Since the Return-Path has been set to <>, we can assume that this mail is coming from the address <> which is used for sending bounces. > Delivered-To: rjc@sws.net.au Added by the MTA on sws_sat.sws.net.au when he delievered the mail into a mailbox. Could have been written by postfix. > Received: (qmail 23329 invoked from network); 21 Jan 2002 00:34:17 -0000 qmail received a mail from the network, but wrote no further details. > Received: from unknown (HELO sws?sat.sws.net.au) (10.10.10.30) > by 10.10.10.8 with SMTP; 21 Jan 2002 00:34:17 -0000 The time looks fine, so we assume that this line is correct. A Host with the IP 10.10.10.8 received a mail from an host with the IP 10.10.10.30 which claimed to be sws_sat.sws.net.au, but which was not verifiable via DNS. Looks like an internal forwarding. > Received: from ivanova.coker.com.au (ivanova.coker.com.au [203.36.46.209]) > by sws_sat.sws.net.au (Postfix) with ESMTP id 6E647CA51 > for <rjc@sws.net.au>; Mon, 21 Jan 2002 11:34:16 +1100 (EST) The host ivanova.coker.com.au send a mail to the host called sws_sat.sws.net.au. The IP for this host is 203.36.46.209 and the name is also correct. The mail was destinated for rjc.sws.net.au. Compared with the headers which are following, I would assume that ivanova is either rewriting this or some more headers or simply forwarding everything. But since it's your MX this should be well know to you. ;-) > Received: by ivanova.coker.com.au (Postfix) > id 02D7CFAD2; Mon, 21 Jan 2002 11:34:15 +1100 (EST) The postfix instance on ivanova received a mail which. If I'm not mistaken the header also suggest that it was directly forwarded because of the postfix setup and not by an external tool. > Delivered-To: rjc@coker.com.au Added by postfix on ivanova.coker.com.au, I would say. > Received: from debianlinux.net (c88006.upc-c.chello.nl [212.187.88.6]) > (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) > (Client did not present a certificate) > by ivanova.coker.com.au (Postfix) with ESMTP id 79134FB51 > for <russell@coker.com.au>; Mon, 21 Jan 2002 11:34:04 +1100 (EST) Okay, so ivanova.coker.com.au received this mail from a host which pretended to be debianlinux.net, but is really c88006.upc-c.chello.nl witht the IP address 212.187.88.6. It used TLS to deliver the mail, but didn't had a certificate available. The mail was for russell@coker.com.au. Again a look in the logfiles on your MX should help you figure out what's exactly happening. > Received: from localhost (localhost [127.0.0.1]) > (ftp://ftp.isi.edu/in-notes/rfc1894.txt) > by debianlinux.net with dsn; Mon, 21 Jan 2002 01:37:31 +0100 debianlinux.net received a mail from a host called localhost, which has been verified. After checking the URL that is mentioned in this header here, I would say that DSN stands for Delivery Status Notification. > To: undisclosed-recipients: ; Hm, that one looks a bit strange here. Looks to me like it was send via Bcc instead of To or Cc. > From: MAILER-DAEMON@coker.com.au And this header seems to be from the MTA for the domain.coker.com.au, which was involved. Such a header would also be allowed for a DSN. But for a real DSN this header is lacking at least a correct content-type header. So I would merely suspect it's either a bounce generated because of a wrongly-formatted mail, which may should have been a DSN. Without inspecting the logfiles on the host ivanova.coker.com.au to find out as much information and then contacting the owner of the MTA for the domain debianlinux.net (IP: 212.187.88.6) and letting him inspect his logfiles also, this will be difficult to say. But at least the protocol that was used between localhost and debianlinux.net suggest that it should have been a DSN. > Status: R > X-Status: N Do you use mutt to read and write mails? If yes, mutt has certainly added those headers. Christian -- Debian Developer (http://www.debian.org) 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpjExyorJI7I.pgp
Description: PGP signature