Re: et.al., (was: Dependencies et al, was: Default Debian install harassed me)

To: debian-user@lists.debian.org
Subject: Re: et.al., (was: Dependencies et al, was: Default Debian install harassed me)
From: David Wright <deblis@lionunicorn.co.uk>
Date: Tue, 8 Oct 2019 00:01:26 -0500
Message-id: <[🔎] 20191008050126.GB13300@wren.corp>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 1261269193415390589@scdbackup.webframe.org>
References: <[🔎] 07102019125627.10bfe270547a@desktop.copernicus.org.uk> <[🔎] 1261269193415390589@scdbackup.webframe.org>

On Mon 07 Oct 2019 at 15:09:09 (+0200), Thomas Schmitt wrote:
> i wrote:
> > > To my best knowledge, "X-Spam-Status: ... tests=...,LDOSUBSCRIBER,..."
> > > says that the "From:" address of the mail is subscribed.
> 
> Brian wrote:
> > Are you sure it is the From: and not the envelope From? My From: is
> > not subscribed.
> 
> Interesting observation.
> So the address by which you submit your mail to the remote server is
> subscribed and it is not the "From:" address which your mail client
> writes into the header part of the mail ?
> 
> I wonder whether my mail provider would allow me to send via SMTP
>   MAIL FROM:<scdbackup@gmx.net>
>   RCPT TO:debian-user@lists.debian.org
> and then by DATA
>   From: "Somebody Else" <totally@fake.com>

It's fairly easy to find out by trying it out, only obviously in an
email to yourself, not the list. Perhaps not as easy as it was,
because unencrypted telnet has all but gone. And I've also found that
my ISP is more "impatient" and times out fairly quickly, so nowadays
I assemble the whole email in an emacs buffer and paste it into the
session all in one go. Here's an example, suitably mangled:

$ openssl s_client -starttls smtp -crlf -connect smtp.some.submission.host.tld:12345

That opens the session, and I only press Return when I've copied the
email itself into the paste buffer. Here's the email, and there's
a blank line after the header.

ehlo wren.corp
auth plain MyAuthenticationNameAndPasswordInBase64==
mail from:RealUsername@RealDomain.tld
rcpt to:<SomeUsername@WhereYouCanReadTheEmail.tld>
data
From: Whoever You Want To Be <their@emailaddress.tld>
to: <SomeUsername@WhereYouCanReadTheEmail.tld>
subject: hand written test 01

Hand written test 01
You could duplicate the headers here as a record
.
quit

I do it all in a script session so that I get a recording, from which
I snip the authentication lines before archiving it.
BTW the string in the authentication line above is generated with:
$ echo -e -n '\0username\0password' | base64
Obviously I'm assuming that your ISP has facilities comparable to
mine, which are (I use two):

250-PIPELINING
250-SIZE 20480000
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

250-AUTH LOGIN PLAIN
250-SIZE 30000000
250-8BITMIME
250 OK

However, I see lots of DKIM stuff in your emails, so it might not be
as simple as this for you. But in principle, it should work.

   There is no inherent relationship between either "reverse" (from
   MAIL, SAML, etc., commands) or "forward" (RCPT) addresses in the SMTP
   transaction ("envelope") and the addresses in the header section.
   (RFC 5321.)

> But how do Debian list servers know ?
> Is it because Exim 4.89 said "MAIL FROM:<...subscribed.address...>" to
> lists.debian.org ?
> Or is it because the first mail hop added "envelope-from" to its Received:
> header ?

I've always assumed the envelope from is generated from the 'mail
from' line, and that the envelope should reach the Debian list
processing system unchanged.

>   Received: from ... by ... with local (Exim 4.89)
>           (envelope-from <...>)
>           id 1iHRiB-0006S7-Ks
>           for debian-user@lists.debian.org; Mon, 07 Oct 2019 13:01:59 +0100
> 
> (I wonder where "envelope-from" in "Received:" is specified. The word
>  does neither appear in RFC5322 nor in RFC5321.)

I've always assumed that what is in parentheses is all "noise" as far
as SMTP is concerned, like that Exim version number, the envelope-from
and, in your email for example, (Client did not present a certificate).

> ---------------------------------------------------------------------------
> 
> > > Nevertheless, if i have no other indication then i normally add a "Cc:"
> > > to the thread starter if i do not see LDOSUBSCRIBER among the spam tests.
> 
> > On the basis, one supposes, that the situation is unclear and you wish
> > the poster to know there is a reply to her post.
> 
> It is futile to send Cc: to people who are known to reply to list messages.
> But thread starters where i am in doubt get a Cc: from me if i have
> something to tell them.

Cheers,
David.

Reply to:

References:
- Re: Dependencies et al (was: Default Debian install harassed me)
  - From: Brian <ad44@cityscape.co.uk>
- Re: et.al., (was: Dependencies et al, was: Default Debian install harassed me)
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

Prev by Date: Re: Problems with Buster and Bluetooth
Next by Date: Re: et.al., (was: Dependencies et al, was: Default Debian install harassed me)
Previous by thread: Re: et.al.
Next by thread: Re: Dependencies et al (was: Default Debian install harassed me)
Index(es):
- Date
- Thread