On Tue, 07 Oct 2008 15:05:20 PDT, Christopher LILJENSTOLPE said:
I agree with Howard here, I don't think this is a mis-configuration, but a harvest attempt. The "mailserver" is in different messages, and I can't see how that could get misconfigured in a honest validation server.
Turns out it was indeed a C/R system rather than a harvest attempt, and after seeing several other people's versions of the message, it was pretty obvious what was wrong - some fool programmer coded: printf("has just been received by %s mailserver\n", from->domain); when they wanted our->domain instead. So that's a double-whammy - (a) they didn't use their own server's domain, and (b) they used the From: address rather than the Return-Path: address (which is why it showed up as the poster's mailserver rather than nanog.org as the source). When you test it from your own domain, source->domain and from->domain are the same as our->domain so you don't notice. Presumably, nobody ever carefully tested from outside the local domain, which means their QA process isn't the strictest either - makes one wonder what other bugs and vulnerabilities are in there.