Prevent header forgery

Thom van der Boon thom at
Sun Sep 2 09:21:34 UTC 2018


First you have to upgrade your system to the current versions: 

Mailscanner 5.1.1-1 
Spamassassin 3.4.1 (This is the latest (2015), I heard progress is being made on a new version) 

After that Spamassassin has a HEADER_FROM_DIFFERENT_DOMAINS 

Met vriendelijke groet, Best regards, 

Thom van der Boon 
E-Mail: thom at 


Thom.H. van der Boon b.v. 
Transito 4 
6909 DA Babberich 
Tel.: [ tel:+31884272727 | +31 (0)88 4272727 ] 
Fax: +31 (0)88 4272789 
Home Page: 

Van: "Monis Monther" <mmmm82 at> 
Aan: "MailScanner Discussion" <mailscanner at> 
Verzonden: Zondag 2 september 2018 11:08:57 
Onderwerp: Prevent header forgery 

Is there a way to prevent users from changing the header. We do not want the envelope to be different than the header. (i.e: header from must match return-path). 

I am able to achieve all kinds of restrictions in postfix restrictions and restriction classes, but they all apply to the envelope, however when it comes to the header From field, then that is part of the message and the only place to write rules for it is header_checks. I could not find a way in header_checks that can achieve this. It cannot match two different fields and compare them. 

Am I missing something, Does MailScanner have a way to force this. 

I am using postfix 2.10.1 and MailScanner 5.0.07 and dovecot 2.2.10 

Best Regards 

MailScanner mailing list 
mailscanner at 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list