Re: tlug: return to sender

["Stephen J. Turnbull" <turnbull@example.com>]

--------------------------------------------------------
tlug note from "Stephen J. Turnbull" <turnbull@example.com>
--------------------------------------------------------
>>>>> "Jim" == Jim Schweizer <schweiz@example.com> writes:

    Jim> I've been puzzling over this all day: wormhole is a
    Jim> stand-alone box that connects to the Internet via a dial-up
    Jim> IP connection. I use a POP mailer to send and receive mail
    Jim> and, for the most part it works really well.

Which one?  I don't use POP very much, so I'm not very familiar with
them.  You will be needing the documentation....

    Jim> The problem is with certain mailing list software -notably
    Jim> Listserv. If you check the header of this mail you'll see the
    Jim> return address as schweiz@example.com but the sender is
    Jim> jim@example.com

No, we won't.  The Sender is "tlug".  (TLUG is apparently not
configured to use "Resent-by" headers.)  The information is available
in a "received" header, but no software should ever use that
information as authentication.  For one thing, not all MTAs say who
they received the mail from.

("Return address" is ambiguous here.  You could mean "From",
"Reply-To", "Return-Path", or possibly even "Sender"!)

    Jim> This means that unless I go back and fire up the old Winblows
    Jim> box to send mail to some lists, the posts get rejected. I
    Jim> could just unsubscribe from Windoze and re-subscribe from
    Jim> Linux (but that's too easy;-)

Nope.  jim@example.com is not a valid email address from the point of
view of the listserv.  So if they are actually comparing the sender
address to the mailing list (this is not an RFC-compliant usage, but I 
can see why they do it---not that it would stop a determined spammer
(hint)), you'll still lose.  You might try complaining to the listserv 
owners; they should use the From address, as that is the header the
author is supposed to use according to the RFC.  I realize they are
trying to tie authors to their machines as a very primitive form of
authentication, but it shouldn't work for a lot of RFC-822-compliant
posts, as there will be no Sender header (see next paragraph).

If your Windwoes box is sending a "Sender: schweiz@example.com"
header, this is a deprecated practice, since the From and Sender
headers are the same (cf RFC 822, sec. 4.4).  In that case the Sender
header should be omitted.

    Jim> I've been unable to get XFMail reconfigured to change the
    Jim> sender field. Is there somewhere else I should be looking? Or
    Jim> am I SOL since I have to use the loopback interface?

Technically, the Sender address is intended to identify the actual
_authenticated_ (since Windwoes can't authenticate a thing, no Windwoes
MTA should ever use a Sender header :-) _agent_ _responsible_ for
sending the message.  So if you send mail for somebody else, you would
be the Sender, but they would be the author (From).  This header can
also be used to distinguish which of a group of authors actually sent
the message.  Also, "responsible" means that some error management may
be requested, so the Sender should be human.  Ie, TLUG's sender should
be "owner-tlug", directed to Craig, as Majordomo's "boss," _not_
Majordomo.

This means that you should probably _not_ be using a sender address at 
all.  (On Linux either.)  Since you are both the author and the agent
responsible for transmission, you should never need a Sender header.
On the other hand, HareNet may, having authenticated you at PPP login, 
decide to add a sender header if it is different from your mailing
address.  Not very likely, but you could check with them.  HareNet is
very poorly configured if it is sending "Sender: schweiz@example.com"
headers, though.

XFMail is a "mail user agent" (MUA), and should never create sender
headers because it doesn't have any authentication information.  The
sender headers should be added by the "mail transport agent" (MTA)
based on any difference between the "From" header and the
authenticated user owning the process of the MUA that submitted the
mail.  (The MUA could authenticate, of course, but why add that
complexity?  People who wanted to hide their identity would just use
another MUA that didn't authenticate, or submit to the MTA directly
with "sendmail address < file".  So the MTA has to authenticate in any
case.)  Common Linux MTAs include sendmail, smail, and qmail.

However, in your case the MTA is presumably your POPmail agent.  So
you should look at the configuration of that agent.  You could be
using one of the heavyweight MTAs outgoing and POP incoming, but that
seems unlikely.  So POP is probably the culprit.

    Jim> Any ideas will be appreciated (I'm sure this is a FAQ
    Jim> somewhere but I couldn't find it.)

You could try looking in the Majordomo and listserv FAQs.  You could
also look on the anti-spamming lists, as this is presumably an
antispamming device.

HTH

Steve

-- 
                            Stephen J. Turnbull
Institute of Policy and Planning Sciences                    Yaseppochi-Gumi
University of Tsukuba                      http://turnbull.sk.tsukuba.ac.jp/
Tel: +81 (298) 53-5091;  Fax: 55-3849              turnbull@example.com


-----------------------------------------------------------------
a word from the sponsor will appear below
-----------------------------------------------------------------
The TLUG mailing list is proudly sponsored by TWICS - Japan's First
Public-Access Internet System.  Now offering 20,000 yen/year flat
rate Internet access with no time charges.  Full line of corporate
Internet and intranet products are available.   info@example.com
Tel: 03-3351-5977   Fax: 03-3353-6096