[plug] PLUG headers revealing email addresses

Krystin Dix krystindix at lothar.id.au
Tue Mar 4 01:42:54 UTC 2014 

Hey all,

I have confirmed with my engineers that this was a custom rule that was set to assist some domains with catchall@ mailbox using a pop connector to add the X-Envelope-To field so the pop connector can ascertain which user to assign the mail to. I have been told this has been removed and should be functioning as per normal now.

Any issues let me know.

Regards,
Krystin Dix
________________________________
From: plug [plug-bounces at plug.org.au] on behalf of Leon Wright [techman83 at gmail.com]
Sent: Thursday, 27 February 2014 11:36 AM
To: Steve Boak
Cc: plug at plug.org.au
Subject: Re: [plug] PLUG headers revealing email addresses

Nice work investigating this James/Krystin. Keep us posted on how it pans out. If the mailing list needs some tweaking to avoid it occurring, I'll discuss it with the admin team.

Leon

--
DRM 'manages access' in the same way that jail 'manages freedom.'

# cat /dev/mem | strings | grep -i cats
Damn, my RAM is full of cats... MEOW!!


On Wed, Feb 26, 2014 at 10:13 PM, Steve Boak <sboak at westnet.com.au<mailto:sboak at westnet.com.au>> wrote:
On 26/02/14 20:16, Krystin Dix wrote:
Hey Steve,

I will pass this on to the guys responsible and see what they say. (I currently work for iiNet / Westnet Hosting).

It is interesting to see that it is done this way. If you wouldn't mind forwarding me off list the exact headers received to kdix at staff.iinet.net.au<mailto:kdix at staff.iinet.net.au> and I will come back here with a response.

Done


Thanks
Krystin Dix

-----Original Message-----
From: plug [mailto:plug-bounces at plug.org.au<mailto:plug-bounces at plug.org.au>] On Behalf Of Steve Boak
Sent: Wednesday, February 26, 2014 6:58 PM
To: plug at plug.org.au<mailto:plug at plug.org.au>
Subject: Re: [plug] PLUG headers revealing email addresses

On 26/02/14 14:37, James Henstridge wrote:
On Mon, Feb 24, 2014 at 9:36 AM, Steve Boak <sboak at westnet.com.au<mailto:sboak at westnet.com.au>> wrote:
Hi

I just happened to be looking through the source of a plug list
message and saw this in the headers (and yes, my address  is one of
them)

X-Envelope-To: bxxx at westnet.com.au<mailto:bxxx at westnet.com.au>, bxxx at westnet.com.au<mailto:bxxx at westnet.com.au>,
cxxx at westnet.com.au<mailto:cxxx at westnet.com.au>,
   gxxx at westnet.com.au<mailto:gxxx at westnet.com.au>, gxxx at westnet.com.au<mailto:gxxx at westnet.com.au>, jxxx at westnet.com.au<mailto:jxxx at westnet.com.au>,
   mxxx at westnet.com.au<mailto:mxxx at westnet.com.au>, mxxx at westnet.com.au<mailto:mxxx at westnet.com.au>, nxxx at westnet.com.au<mailto:nxxx at westnet.com.au>,
   rxxx at westnet.com.au<mailto:rxxx at westnet.com.au>, sxxx at westnet.com.au<mailto:sxxx at westnet.com.au>, vxxx at westnet.com.au<mailto:vxxx at westnet.com.au>,
   wxxx at westnet.com.au<mailto:wxxx at westnet.com.au>

I've anonymised them of course, but interesting to note that it's
only westnet addresses showing up here. Is this an artefact of the
way the list mailer groups it's send list?

Can these be hidden in some way, or is that just the way the list works?
Hi Steve,

I don't see that header in any of the PLUG messages in my archive.
Given that the addresses you've listed are all @westnet.com.au<http://westnet.com.au>, is it
possible that the header is being added by your ISP?  The ordering of
the header relative to the "Received" headers might give a clue about
whether this is the case.

When sending bulk mail (such as mailing list traffic), it isn't
uncommon to group the delivery in this way to cut down on traffic.
There may be an option in mailman to deliver messages independently,
but it is really the ISP that is leaking the information to you.

James.
Hi James

The adding of the X-Envelope-To header with multiple westnet addresses started on the 1st of February (this year), and every email I have received directly from the plug list since then has it. Emails which are addressed to me and cc'ed to the plug list (such as your email above) don't, even though they are delivered to the same addresses.

Thanks for the tip about the ordering of headers - the extract below seems to indicate that it is iinet's mail server at fault.

X-IronPort-AV: E=Sophos;i="4.97,527,1389715200"; d="scan'208";a="185453217"
X-Envelope-To: bxxx at westnet.com.au<mailto:bxxx at westnet.com.au>, bxxx at westnet.com.au<mailto:bxxx at westnet.com.au>, cxxx at westnet.com.au<mailto:cxxx at westnet.com.au>, gxxx at westnet.com.au<mailto:gxxx at westnet.com.au>, gxxx at westnet.com.au<mailto:gxxx at westnet.com.au>, jxxx at westnet.com.au<mailto:jxxx at westnet.com.au>, mxxx at westnet.com.au<mailto:mxxx at westnet.com.au>, mxxx at westnet.com.au<mailto:mxxx at westnet.com.au>, nxxx at westnet.com.au<mailto:nxxx at westnet.com.au>, rxxx at westnet.com.au<mailto:rxxx at westnet.com.au>, sxxx at westnet.com.au<mailto:sxxx at westnet.com.au>, vxxx at westnet.com.au<mailto:vxxx at westnet.com.au>, wxxx at westnet.com.au<mailto:wxxx at westnet.com.au>
Received: from unknown (HELO power.plug.org.au<http://power.plug.org.au>) ([54.252.97.56]) by icp-osb-irony-in14.iinet.net.au<http://icp-osb-irony-in14.iinet.net.au> with ESMTP; 23 Feb 2014 10:51:27 +0800
Received: from power.plug.org.au<http://power.plug.org.au> (localhost [IPv6:::1]) by power.plug.org.au<http://power.plug.org.au> (Postfix) with ESMTP id 9D0965D489; Sun, 23 Feb 2014
02:54:04 +0000 (UTC)
X-Original-To: plug at plug.org.au<mailto:plug at plug.org.au>

I'll approach Westnet for an explanation.

Steve

_______________________________________________
PLUG discussion list: plug at plug.org.au<mailto:plug at plug.org.au>
http://lists.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.org.au<mailto:committee at plug.org.au>
PLUG Membership: http://www.plug.org.au/membership


--
Steve Boak, (08) 9756 0662, P.O. Box 240, Nannup, WA 6275
Engin VOIP number (08) 6461 6187 (local number in Perth)
Photos http://www.flickr.com/photos/jalbarragup_artworks/

_______________________________________________
PLUG discussion list: plug at plug.org.au<mailto:plug at plug.org.au>
http://lists.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.org.au<mailto:committee at plug.org.au>
PLUG Membership: http://www.plug.org.au/membership

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20140304/67d59a1d/attachment.html>

More information about the plug mailing list