[plug] PLUG headers revealing email addresses

Leon Wright techman83 at gmail.com
Tue Mar 4 02:46:23 UTC 2014


Krystin,

I'll wait for a Westnet person to respond, but thankyou from the Admin team!

Regards,

Leon

--
DRM 'manages access' in the same way that jail 'manages freedom.'

# cat /dev/mem | strings | grep -i cats
Damn, my RAM is full of cats... MEOW!!


On Tue, Mar 4, 2014 at 9:42 AM, Krystin Dix <krystindix at lothar.id.au> wrote:

>  Hey all,
>
> I have confirmed with my engineers that this was a custom rule that was
> set to assist some domains with catchall@ mailbox using a pop connector
> to add the X-Envelope-To field so the pop connector can ascertain which
> user to assign the mail to. I have been told this has been removed and
> should be functioning as per normal now.
>
> Any issues let me know.
>
> Regards,
> Krystin Dix
>  ------------------------------
> *From:* plug [plug-bounces at plug.org.au] on behalf of Leon Wright [
> techman83 at gmail.com]
> *Sent:* Thursday, 27 February 2014 11:36 AM
> *To:* Steve Boak
> *Cc:* plug at plug.org.au
>
> *Subject:* Re: [plug] PLUG headers revealing email addresses
>
>   Nice work investigating this James/Krystin. Keep us posted on how it
> pans out. If the mailing list needs some tweaking to avoid it occurring,
> I'll discuss it with the admin team.
>
>  Leon
>
> --
> DRM 'manages access' in the same way that jail 'manages freedom.'
>
> # cat /dev/mem | strings | grep -i cats
> Damn, my RAM is full of cats... MEOW!!
>
>
> On Wed, Feb 26, 2014 at 10:13 PM, Steve Boak <sboak at westnet.com.au> wrote:
>
>> On 26/02/14 20:16, Krystin Dix wrote:
>>
>>> Hey Steve,
>>>
>>> I will pass this on to the guys responsible and see what they say. (I
>>> currently work for iiNet / Westnet Hosting).
>>>
>>> It is interesting to see that it is done this way. If you wouldn't mind
>>> forwarding me off list the exact headers received to
>>> kdix at staff.iinet.net.au and I will come back here with a response.
>>>
>>
>>  Done
>>
>>
>>  Thanks
>>> Krystin Dix
>>>
>>> -----Original Message-----
>>> From: plug [mailto:plug-bounces at plug.org.au] On Behalf Of Steve Boak
>>> Sent: Wednesday, February 26, 2014 6:58 PM
>>> To: plug at plug.org.au
>>> Subject: Re: [plug] PLUG headers revealing email addresses
>>>
>>> On 26/02/14 14:37, James Henstridge wrote:
>>>
>>>> On Mon, Feb 24, 2014 at 9:36 AM, Steve Boak <sboak at westnet.com.au>
>>>> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> I just happened to be looking through the source of a plug list
>>>>> message and saw this in the headers (and yes, my address  is one of
>>>>> them)
>>>>>
>>>>> X-Envelope-To: bxxx at westnet.com.au, bxxx at westnet.com.au,
>>>>> cxxx at westnet.com.au,
>>>>>    gxxx at westnet.com.au, gxxx at westnet.com.au, jxxx at westnet.com.au,
>>>>>    mxxx at westnet.com.au, mxxx at westnet.com.au, nxxx at westnet.com.au,
>>>>>    rxxx at westnet.com.au, sxxx at westnet.com.au, vxxx at westnet.com.au,
>>>>>    wxxx at westnet.com.au
>>>>>
>>>>> I've anonymised them of course, but interesting to note that it's
>>>>> only westnet addresses showing up here. Is this an artefact of the
>>>>> way the list mailer groups it's send list?
>>>>>
>>>>> Can these be hidden in some way, or is that just the way the list
>>>>> works?
>>>>>
>>>> Hi Steve,
>>>>
>>>> I don't see that header in any of the PLUG messages in my archive.
>>>> Given that the addresses you've listed are all @westnet.com.au, is it
>>>> possible that the header is being added by your ISP?  The ordering of
>>>> the header relative to the "Received" headers might give a clue about
>>>> whether this is the case.
>>>>
>>>> When sending bulk mail (such as mailing list traffic), it isn't
>>>> uncommon to group the delivery in this way to cut down on traffic.
>>>> There may be an option in mailman to deliver messages independently,
>>>> but it is really the ISP that is leaking the information to you.
>>>>
>>>> James.
>>>>
>>> Hi James
>>>
>>> The adding of the X-Envelope-To header with multiple westnet addresses
>>> started on the 1st of February (this year), and every email I have received
>>> directly from the plug list since then has it. Emails which are addressed
>>> to me and cc'ed to the plug list (such as your email above) don't, even
>>> though they are delivered to the same addresses.
>>>
>>> Thanks for the tip about the ordering of headers - the extract below
>>> seems to indicate that it is iinet's mail server at fault.
>>>
>>> X-IronPort-AV: E=Sophos;i="4.97,527,1389715200";
>>> d="scan'208";a="185453217"
>>> X-Envelope-To: bxxx at westnet.com.au, bxxx at westnet.com.au,
>>> cxxx at westnet.com.au, gxxx at westnet.com.au, gxxx at westnet.com.au,
>>> jxxx at westnet.com.au, mxxx at westnet.com.au, mxxx at westnet.com.au,
>>> nxxx at westnet.com.au, rxxx at westnet.com.au, sxxx at westnet.com.au,
>>> vxxx at westnet.com.au, wxxx at westnet.com.au
>>> Received: from unknown (HELO power.plug.org.au) ([54.252.97.56]) by
>>> icp-osb-irony-in14.iinet.net.au with ESMTP; 23 Feb 2014 10:51:27 +0800
>>> Received: from power.plug.org.au (localhost [IPv6:::1]) by
>>> power.plug.org.au (Postfix) with ESMTP id 9D0965D489; Sun, 23 Feb 2014
>>> 02:54:04 +0000 (UTC)
>>> X-Original-To: plug at plug.org.au
>>>
>>> I'll approach Westnet for an explanation.
>>>
>>> Steve
>>>
>>> _______________________________________________
>>> PLUG discussion list: plug at plug.org.au
>>> http://lists.plug.org.au/mailman/listinfo/plug
>>> Committee e-mail: committee at plug.org.au
>>> PLUG Membership: http://www.plug.org.au/membership
>>>
>>
>>
>>  --
>> Steve Boak, (08) 9756 0662, P.O. Box 240, Nannup, WA 6275
>> Engin VOIP number (08) 6461 6187 (local number in Perth)
>> Photos http://www.flickr.com/photos/jalbarragup_artworks/
>>
>>  _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.org.au
>> PLUG Membership: http://www.plug.org.au/membership
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20140304/a7958df6/attachment.html>


More information about the plug mailing list