Possible postfix issues since osgeo6 upgrade

[robe]

Sicne the osgeo6 upgrade from stretch to buster, some people have been complaining of

For some reason mailer-daemon is sending delivery notifications to mailing lists (not all of them), as if the mailing list was a Sender Mailer daemon is not on the list so owner sends it a notice of its message being moderated

One example is geoforall-europe and treasurer.

Haven't checked yet to see what could be the issue here

[robe]

On closer glance I think it might be just sending to mailing list owners, not mailing lists, so not as serious of an issue. neteler I think also complained about this with grass.

[strk]

The Delivery Status Notification is being sent FROM mailer-daemon@… to the mailing list addresses. I've seen this happening starting April 30, to these mailing lists:

• geoforall-northamerica@…
• geoforall-africa@…
• geoforall-europe@…
• geoforall-asiaaustralia@…
• geoforall-iberoamerica@…
• geoforall@…
• geoserver-security@…

On average, an email a day to each of the above mailing lists.

Since mailer-daemon@ is not a subscriber, for each mail the -owner@ for the target mailing list replied to mailer-daemon@ with a "Your message to ... awaits moderator approval" response.

The response email does not contain the full detail of the original mail (the one sent from mailer-daemon to mailing list) so further inspection is not possible from where I stand at the moment.

The question is: WHY would mailer-daemon@ send a Delivery Status Notification (with subject "Successful Mail Delivery Report") to a mailing list? Was it a spoofed attempt by some hacker or did MTA receive an email requesting status notification from the Mailman with mailing list address as Sender ?

[neteler]

I got this which is new and unusual:

(perhaps a non-subscribed person trying to spam the list? "EMAIL ACCOUNT CONFIRMATION AND UPGRADE." - but that would be dropped in the grass-* lists anyway by mailman...

Delivered-To: neteler.osgeo@gmail.com
Received: by 2002:ab4:ab53:0:0:0:0:0 with SMTP id gj19csp7453175ecb;
        Tue, 3 May 2022 03:07:34 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz/m3V4l8cNKjmFHob37eGQBjVskowM782G6b3zzelDALZ3jROc2HJTr5j9X00R0zuQZp46
X-Received: by 2002:a17:90a:e517:b0:1da:3d42:7fb8 with SMTP id t23-20020a17090ae51700b001da3d427fb8mr3915271pjy.194.1651572454160;
        Tue, 03 May 2022 03:07:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1651572454; cv=none;
        d=google.com; s=arc-20160816;
        b=V/WtFjuholKCQhzrf7LrmsWAxIbqfne8CAZ9a6KHO3e1a+nLBiY4muGynzDeyQayts
         7ZTZDFzYR8p6EV2HYSZKT1H5+Q9zzyU7u6mwEYFRg0gpPLbJTRieMsEtzJ5y9Pw/z/Ha
         XPZfApL2NKHiRxyd0mdm/M5hUx8Q7UCY1+mVFfdMDaY15ydaxqdoDAAHaodJNgqnRBng
         t4W64KBBA2mSXWnyQgor6JPV+OB6vs4rr5NRbwYEYqD2pfA3/F8ke/DJDU93KPHUaVMg
         8KzoxbrC0yf5muyKlQc3T+FiSmVrCjbtbGWsAIEBFdXT7uvJp/Mchyp4Qg9vY27NW4KT
         CRLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=sender:errors-to:message-id:mime-version:auto-submitted:to:subject
         :from:date:delivered-to;
        bh=vJiQSBgmDbOsntgyYq7XGDR0jSI2C7Mwf5jGeOhLpNA=;
        b=eYzpHliJmR6Ly7boue9Dnj1jgFcBiZmorcnvRbjhDXV0qJ4oEzGAxaQs6qNVRyL4tO
         e4T1DwsPnuOBYJ1MaI8uPMdk04/way+5lozJiVIqX4HNLDtFm7LJaksIsN33lCWTd1Qu
         HmUfPRR0lCngom3Y3ceiE/q9+Qo/0npu4ebh34EtAYXXQV6J8Q9MkpUUlQDBcEp1hdvK
         bBmkuN+zEEbUqOzIxUL/FM5m41gv6TqwSJqj88YaAuEhjaSEaCJHBYGyzp1+1u/3fQ7R
         LahmCEEOesTq1FWRPfjosG+RQeg0iAViJ8glH+US4qRFmQ8aBGWCZGdh+/UdJR+9akP2
         ZOWA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of mailman-bounces@lists.osgeo.org designates 140.211.15.3 as permitted sender) smtp.mailfrom=mailman-bounces@lists.osgeo.org
Return-Path: <mailman-bounces@lists.osgeo.org>
Received: from lists.osgeo.org (osgeo6.osgeo.osuosl.org. [140.211.15.3])
        by mx.google.com with ESMTPS id oj8-20020a17090b4d8800b001d939ffed98si1720652pjb.97.2022.05.03.03.07.33
        for <neteler.osgeo@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 03 May 2022 03:07:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of mailman-bounces@lists.osgeo.org designates 140.211.15.3 as permitted sender) client-ip=140.211.15.3;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of mailman-bounces@lists.osgeo.org designates 140.211.15.3 as permitted sender) smtp.mailfrom=mailman-bounces@lists.osgeo.org
Received: by lists.osgeo.org (Postfix)
	id 34DE66146828; Tue,  3 May 2022 03:07:32 -0700 (PDT)
Delivered-To: grass-admin@osgeo.org
Received: from osgeo6.osgeo.osuosl.org (localhost [127.0.0.1])
	by lists.osgeo.org (Postfix) with ESMTP id 32CF46129383
	for <grass-admin@osgeo.org>; Tue,  3 May 2022 03:07:32 -0700 (PDT)
Received: by lists.osgeo.org (Postfix)
 id 5C5596146828; Tue,  3 May 2022 03:07:31 -0700 (PDT)
Date: Tue,  3 May 2022 03:07:31 -0700 (PDT)
From: MAILER-DAEMON@osgeo6.osgeo.osuosl.org (Mail Delivery System)
Subject: Successful Mail Delivery Report
To: grass-user-owner@lists.osgeo.org
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
 boundary="9FE576129381.1651572451/lists.osgeo.org"
Message-Id: <20220503100731.5C5596146828@lists.osgeo.org>
Errors-To: mailman-bounces@lists.osgeo.org
Sender: "grass-user" <mailman-bounces@lists.osgeo.org>

This is a MIME-encapsulated message.

--9FE576129381.1651572451/lists.osgeo.org
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii

This is the mail system at host lists.osgeo.org.

Your message was successfully delivered to the destination(s)
listed below. If the message was delivered to mailbox you will
receive no further notifications. Otherwise you may still receive
notifications of mail delivery errors from other systems.

                   The mail system

<grass-user-owner@lists.osgeo.org>: delivery via mailman: delivered via mailman
    service

--9FE576129381.1651572451/lists.osgeo.org
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; lists.osgeo.org
X-Postfix-Queue-ID: 9FE576129381
X-Postfix-Sender: rfc822; grass-user-owner@lists.osgeo.org
Arrival-Date: Tue,  3 May 2022 03:07:30 -0700 (PDT)

Final-Recipient: rfc822; grass-user-owner@lists.osgeo.org
Original-Recipient: rfc822;grass-user-owner@lists.osgeo.org
Action: relayed
Status: 2.0.0
Diagnostic-Code: X-Postfix; delivery via mailman: delivered via mailman service

--9FE576129381.1651572451/lists.osgeo.org
Content-Description: Message Headers
Content-Type: text/rfc822-headers

Return-Path: <grass-user-owner@lists.osgeo.org>
Received: from lists.osgeo.org (unknown [185.222.57.155])
	by lists.osgeo.org (Postfix) with ESMTP id 9FE576129381
	for <grass-user-owner@lists.osgeo.org>; Tue,  3 May 2022 03:07:30 -0700 (PDT)
From: Server Administrator<grass-user-owner@lists.osgeo.org>
To: grass-user-owner@lists.osgeo.org
Subject: EMAIL ACCOUNT CONFIRMATION AND UPGRADE.
Date: 3 May 2022 12:07:29 +0200
Message-ID: <20220503120729.96870BFAF8481322@lists.osgeo.org>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0012_D7065B83.843EA4FA"

--9FE576129381.1651572451/lists.osgeo.org--

[robe]

I think these are all a result of the postfix upgrade.

I read this ​http://www.postfix.org/DSN_README.html which seems to be the issue we are having. We are running (3.4.14). But I'm not seeing in the upgrade transcript what the version was before.

So I guess solution is to disable these in postfix config as detailed here:

​https://www.postfix.org/DSN_README.html#scope

I haven't read thru all of that to know the best course of action, but I'll try to get to it in next day or so.

[robe]

I've gone ahead and made this change

/etc/postfix/main.cf:
    smtpd_discard_ehlo_keywords = silent-discard, dsn

and ran

systemctl reload postfix

That will hopefully eradicate this and not impact our important ones.

I'll leave this open until we confirm these are not coming thru anymore.

[Jeff McKenna]

Thanks @robe, I've been getting about 50 of these messages per day, at least, and they suddenly stopped this morning at 2:07am Boston time. Thanks for tackling this.

[robe]

Thanks for the confirmation. So I'll go ahead and close this out. If people are still having issues feel free to reopen.