How to reject/detect emails claiming to be from my own domain?
Mark Sapiro
mark at msapiro.net
Tue Dec 27 22:38:21 UTC 2016
On 12/27/2016 02:21 PM, Dave Jones wrote:
> Which From address are you trying to protect from spoofing? Emails have
> an envelope-from and a From: header. The From: header is what is
> visible in most mail clients. From my experience (someone please
> correct me if I am wrong), the "header From" rule does not examine the
> envelope-from. This needs to be done at the MTA level before SA.
You are correct that SA doesn't see the envelope sender directly, but
RFC's say that upon final delivery the MTA/MDA MUST put the envelope
sender in a Return-Path: header. Quoting from RFC 5321
When the delivery SMTP server makes the "final delivery" of a
message, it inserts a return-path line at the beginning of the mail
data. This use of return-path is required; mail systems MUST support
it. The return-path line preserves the information in the <reverse-
path> from the MAIL command.
Of course, not all MTAs are compliant, but the major ones including
Courier, Exchange, Exim, Postfix, Qmail and Sendmail are. See
<https://wiki.apache.org/spamassassin/EnvelopeSenderInHeaders> (several
years old at this point).
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list