'To' address being changed on the way

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
LesD
Senior user
Senior user
Posts: 343
Joined: 2009-01-15 20:22
Location: London, UK.

'To' address being changed on the way

Post by LesD » 2016-01-17 14:01

I run a Distribution List on hMS which works fine - just tested it myself.

For one particular sender the 'To' address (the Dist. List) is being changed en-route and I do not understand why or how.

I don't think it is an hMS issue - I would just like some advice to track down what is going on.

In the listings below:

mydomain = is my own domain - hMS domain
mail-list-DOMAIN = domain of the mailing list
senderdomain = sender's domain (not really relevant)

The sender has sent me a jpg showing that the sent email has the 'to' address <members@mail-list-domain.co.uk>

hMS log shown the line:

"SMTPD" "RECEIVED: RCPT TO:<members@mydomain.com>"

This says that the envelope-to contains mydomain by the time it arrives at hMS.

Extract from the email headers of the email I receive:

Code: Select all

Delivered-To: members@mydomain.com
Received: from smtp.hosts.co.uk (Mail3 [10.27.27.35]) by root.mydomain.org with
 ESMTP ; Fri, 15 Jan 2016 11:55:01 +0000
Received: from smtp.hosts.co.uk ([85.233.160.19] helo=smtp.hosts.co.uk) by root.mydomain.org
 with SMTP (2.3.3); 15 Jan 2016 11:54:59 +0000
Received: from [xx.xx.10.188] (helo=NGBlack) by smtp.hosts.co.uk with esmtpa (Exim 4.80.1)
 (envelope-from <norman@senderdomain.co.uk>) id 1aK2y4-0007ap-9C for
 members@mail-list-domain.co.uk; Fri, 15 Jan 2016 11:55:04 +0000
To: <members@mydomain.com>
The above shows that the first 'Received:' header has:

for members@mail-list-domain.co.uk

which shows that the original envelope-to address is as it should be: <mail-list-domain>

In contrast the 'To:' line is different. The email name is correct but the domain is 'mydomain'. This is in conflict with the jpg image I have seen and the envelope-to address.

The 'Delivered-To' shows <mydomain> which is not surprising as the RCPT TO: was to there.

So what we seem to have is that at the 1st hop the envelope-to is <mail-list-domain> which becomes <mydomain> by the time it gets to hMS.

That is mystery one.

The second is that the 'To:' header of the original email is in conflict with the envelope-to - unless it has been changed during transport to match the final envelope-to.

I'm trying to get a copy of the original email inclusive of its headers but I doubt if it will arrive.

Anyone has any ideas what is going on?

The sender has tried twice with the same results.

If I send a test email from a gmail account to this Distribution List it works fine.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8551
Joined: 2011-09-08 17:48

Re: 'To' address being changed on the way

Post by jimimaseye » 2016-01-17 14:12

A difficult read to follow.

Can you explain:

The following
mydomain = is my own domain - hMS domain
mail-list-DOMAIN = domain of the mailing list
implies that the mail list domain is different from the hms domain. How can that be? If you set up a distribution list under a domain then it assumes the same domain (only the 'user' part changes).

also, is the sender a user in your HMS or an external unconnected user?

EDIT:

Also, this doesnt make sense to me

Code: Select all

Received: from smtp.hosts.co.uk (Mail3 [10.27.27.35]) by root.mydomain.org with
 ESMTP ; Fri, 15 Jan 2016 11:55:01 +0000
Received: from smtp.hosts.co.uk ([85.233.160.19] helo=smtp.hosts.co.uk) by root.mydomain.org
 with SMTP (2.3.3); 15 Jan 2016 11:54:59 +0000
received by root.mydomain.org
then
received from smtp.hosts.co.uk (and NOT root.mydomain.org - which should theoretically it should be). There are 2x copies of the same email being passed to the same receiving server bu on different ip addresses.

And... who is root.mydomain.org ???

(This would all be a lot clearer if you didnt change the domain names and kept them as they appear.)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

LesD
Senior user
Senior user
Posts: 343
Joined: 2009-01-15 20:22
Location: London, UK.

Re: 'To' address being changed on the way

Post by LesD » 2016-01-17 15:47

I will try and clarify.

Code: Select all

Received: from smtp.hosts.co.uk (Mail3 [10.27.27.35]) by root.mydomain.org with
 ESMTP ; Fri, 15 Jan 2016 11:55:01 +0000
Received: from smtp.hosts.co.uk ([85.233.160.19] helo=smtp.hosts.co.uk) by root.mydomain.org
 with SMTP (2.3.3); 15 Jan 2016 11:54:59 +0000
The above shows two connections from <smtp.hosts.co.uk> to <root.mydomain.org> as I have ASSP as a front end to hMS so the initial connection is to ASSP and the 2nd is actually ASSP to hMS
------------
The following
mydomain = is my own domain - hMS domain
mail-list-DOMAIN = domain of the mailing list
implies that the mail list domain is different from the hms domain. How can that be? If you set up a distribution list under a domain then it assumes the same domain (only the 'user' part changes).
My server hosts many domains. hMS identifies itself as <root.mydomain.org> as that matches the IP of the server (rDNS) but that does not stop my hMS hosting other domains.
also, is the sender a user in your HMS or an external unconnected user?
An external sender. Not even a user as such as I have allowed anyone to send to <members@mail-list-domain.co.uk>

LesD
Senior user
Senior user
Posts: 343
Joined: 2009-01-15 20:22
Location: London, UK.

Re: 'To' address being changed on the way

Post by LesD » 2016-01-17 16:06

jimimaseye wrote:And... who is root.mydomain.org ???
<root.mydomain.org> is the domain of my hMS - it identifies itself by that name. Other than that it is not relevant as far as I can see.

I just noticed that while hMS identifies itself as <root.mydomain.org> the problematic 'To' line is

<members@mydomain.com>

where <mydomain> is correct - coming from the original correct address

and <mydomain> is the wrong domain

and now I notice that the ending is .com while the hMS domain ends in org.

While I do own both versions, this proves that the hMS domain is irrelevant.

Somehow the envelope-to is being replaced and I can't see how or why.
(This would all be a lot clearer if you didnt change the domain names and kept them as they appear.)
I agree, but for privacy reason's I can't really show the real ones.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8551
Joined: 2011-09-08 17:48

Re: 'To' address being changed on the way

Post by jimimaseye » 2016-01-17 16:21

Ok thanks for the clearup.

That last post has a confusing contradiction:
LesD wrote: the problematic 'To' line is

<members@mydomain.com>

where <mydomain> is correct - coming from the original correct address

and <mydomain> is the wrong domain

and now I notice that the ending is .com while the hMS domain ends in org.
"mydomain" is correct or wrong?

As for the ".ORG": obviously that is reported as the SMTP announcement/server name and doesnt have relevance to any TO address. The TO/recipient address will be converted to IP address after a DNS lookup and that determines the destination server. SO ofcourse its possible you can address to 'domain1.com' and it end up being received by server 'domainXYZ.net' because domain1.com points to that address.

In any case, it is the sending client that is responsible for creating the TO: header. You have already mentioned that another test using a gmail account and you do not get the same result. I admit it is a little confusing but would expect the answer to be somewhere near the source email client. You say youre trying to get the original SENT source of the email, ("I'm trying to get a copy of the original email inclusive of its headers but I doubt if it will arrive."), and I think that would be your best bet to start working this out. Of course it could also be changed through routing/rules - are you sure you dont have anything weird setup in those (either in HMS or your ASSP service)? Other thought: is 'mydomain.com' an alias of 'mail-list-domain.co.uk' ?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

LesD
Senior user
Senior user
Posts: 343
Joined: 2009-01-15 20:22
Location: London, UK.

Re: 'To' address being changed on the way

Post by LesD » 2016-01-17 17:17

I agree with you that hMS is very unlikely to have anything to do with it and the most likely culprit is the sender.

The sender is using Outlook (he says, though I think it is likely to be one of the on-line versions). I'm not too confident that he knows how to forward as an attachment or maybe it is not even possible :(

To summarise the issue:

1. The 'To:' line in the received file says: To: <members@mydomain.com>

2. The image sent to me by the sender shows the to address as <members@tot.....co.uk> (see attached image)
members.jpg
members.jpg (11.75 KiB) Viewed 2745 times
3. The first Received: header says: Received: from ... by smtp.hosts.co.uk ... for members@tot.......co.uk (correct domain)

4. The hMS log says: "SMTPD" "RECEIVED: RCPT TO:<members@mydomain.com>" (wrong domain)

Item 1 is enigmatic as it differs from the jpg picture I was sent (attached)

Item 3 shows that the envelope-to was correct at the first hop

Item 4 shows that by the time it was being delivered to my hMS the envelope-to had changed.

From the above I come to the conclusion that smtp.hosts.co.uk changed the envelope-to, but that does not make sense.

LesD
Senior user
Senior user
Posts: 343
Joined: 2009-01-15 20:22
Location: London, UK.

Re: 'To' address being changed on the way

Post by LesD » 2016-01-17 18:26

I have now been forwarded a copy of the original email.

It contains the line:

To: <members@tot.......co.uk>

The implication of this and the first Received line in the header, as far as I can see, is that smtp.hosts.co.uk, after receiving the email has re-written the To: line and changed the envelope-to to read <members@mydomain.com>

But this does not make sense.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8551
Joined: 2011-09-08 17:48

Re: 'To' address being changed on the way

Post by jimimaseye » 2016-01-17 18:30

who is smtp.hosts.co.uk ? And going by what you say then that is where you need to look in to.

I still dont understand this:
I will try and clarify.

Code: Select all

Received: from smtp.hosts.co.uk (Mail3 [10.27.27.35]) by root.mydomain.org with
 ESMTP ; Fri, 15 Jan 2016 11:55:01 +0000
Received: from smtp.hosts.co.uk ([85.233.160.19] helo=smtp.hosts.co.uk) by root.mydomain.org
 with SMTP (2.3.3); 15 Jan 2016 11:54:59 +0000
The above shows two connections from <smtp.hosts.co.uk> to <root.mydomain.org> as I have ASSP as a front end to hMS so the initial connection is to ASSP and the 2nd is actually ASSP to hMS
Why is the ASSP passing it on to HMS whilst the headers are reporting "FROM smtp.host.co.uk" (albeit with a different IP address)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

LesD
Senior user
Senior user
Posts: 343
Joined: 2009-01-15 20:22
Location: London, UK.

Re: 'To' address being changed on the way

Post by LesD » 2016-01-17 18:40

They seem to be a hosting company. I'm about to ask the sender why he is using their server. I'm also going to try and get the login details and see what happens to emails I send via them.

I agree that everything points to them. But even if we accept that they have a reason to make some substitution, how do they know to substitute it with a different domain that actually points to the correct receiving server?

I will report back when I get more info.

User avatar
mattg
Moderator
Moderator
Posts: 20799
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: 'To' address being changed on the way

Post by mattg » 2016-01-18 00:17

Envelope TO and Message TO can be very different things

especially when a BCC is used
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

LesD
Senior user
Senior user
Posts: 343
Joined: 2009-01-15 20:22
Location: London, UK.

Re: 'To' address being changed on the way

Post by LesD » 2016-01-18 07:35

And therefore?

There was no BCC

The problem here appears to be that the receiving SMTP server is re-writing both the Envelope To and the message To.

Post Reply