Recipient.spam.report from variable

Mark Sapiro mark at msapiro.net
Wed Jul 15 00:51:31 UTC 2015 

On 7/14/15 3:01 PM, Simon wrote:
> Hi There,
> 
> Using postfix on Centos 6.6 and latest mailscanner...
> 
> We are sending our users the recipient.spam.report.txt alert on spam
> (not high-spam). A question that has come up quite often is that
> the $from does not contain the actual "From" address. e.g:
> 
> From:
> bounce.491fc2.c7b9ec1.sally=blabla.co.nz at multi262.postfix.bmsend.com
> 
> Rather than:
> 
> From: Emily.Jones at whateverdomain.com


Right. The $from replacement in report templates is the SMTP envelope
from (return path), not the From: header.


> The issue our users find is that they dont actually know who
> bounce.491fc2.c7b9ec1.sally=blabla.co.nz at multi262.postfix.bmsend.com
> is so they cant make a
> decision on if to get it released or not. 


One could argue that the envelope from is a better indicator of whether
or not you want the message than is the From: header. From: headers are
often spoofed in spam. An envelope sender such as the above says to me
that the message is bulk mail from some kind of advertizing service or
mail list, thus the local part which returns to some bounce processor
with an encoding of the recipient address. If I don't recognize the
domain as that of a list I subscribe to, it's spam.

The bottom line however is that if a message appears to be From: or the
envelope is from an address whose mail you don't want, then you don't
want it, but even if it appears to be from your best friend, if it was
scored as spam, it's probably spam.

I know that doesn't address your issue, but it's something to think about.


> Is there any way to show the From address rather than the return path?
> or is this the way postfix works with MailScanner?


It's not just Postfix; it's all MTAs. MTAs deal with SMTP envelope
senders and recipients, not addresses in message headers which are just
part of the message payload as far as the MTA is concerned.

That said, MailScanner does look at the message and extracts, e.g. the
Subject: as $subject and Date: as $date and certainly could extract the
From: and assign it to a replacement variable, but a cursory look at the
code says it doesn't currently do that.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list