From rbolling at elliott-turbo.com  Fri Apr  4 19:08:55 2025
From: rbolling at elliott-turbo.com (Richard Bollinger (Richard A Bollinger)(ETCI))
Date: Fri, 4 Apr 2025 15:08:55 -0400
Subject: Ruleset From: address
Message-ID: <CAEGMYw1pDnXrUaBo-GN9L2PeSOqCstNOngepnnAZnqHexK-TZg@mail.gmail.com>

Is there a way in a ruleset to match on a visible from address vs the
envelope from address?

--
CONFIDENTIALITY NOTICE: This E-mail, along with any attachments, is considered confidential and may well be legally privileged.  If you have received it in error, you are on notice of its status.  Please notify us immediately by reply e-mail and then delete this message from your system.  Please do not copy it or use it for any purposes, or disclose its contents to any other person.  Thank you for your cooperation.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20250404/487a8fd2/attachment.html>

From ricky.boone at gmail.com  Sat Apr  5 04:59:15 2025
From: ricky.boone at gmail.com (Ricky Boone)
Date: Sat, 5 Apr 2025 00:59:15 -0400
Subject: Ruleset From: address
In-Reply-To: <CAEGMYw1pDnXrUaBo-GN9L2PeSOqCstNOngepnnAZnqHexK-TZg@mail.gmail.com>
References: <CAEGMYw1pDnXrUaBo-GN9L2PeSOqCstNOngepnnAZnqHexK-TZg@mail.gmail.com>
Message-ID: <CAHAhptViD+bT+XKAGkiokba8mU3enVkuEYy+A__9g0xAQ1Ymxg@mail.gmail.com>

I don't believe so.  Alternatively, depending on what you're
ultimately trying to solve for, using SpamAssassin rules or other
configuration statements may work instead.

On Fri, Apr 4, 2025 at 5:05?PM Richard Bollinger (Richard A
Bollinger)(ETCI) via MailScanner <mailscanner at lists.mailscanner.info>
wrote:
>
> Is there a way in a ruleset to match on a visible from address vs the envelope from address?
>
>
> CONFIDENTIALITY NOTICE: This E-mail, along with any attachments, is considered confidential and may well be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. Thank you for your cooperation.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>

From rbolling at elliott-turbo.com  Sun Apr  6 14:22:43 2025
From: rbolling at elliott-turbo.com (Richard Bollinger (Richard A Bollinger)(ETCI))
Date: Sun, 6 Apr 2025 10:22:43 -0400
Subject: Ruleset From: address
In-Reply-To: <CAHAhptViD+bT+XKAGkiokba8mU3enVkuEYy+A__9g0xAQ1Ymxg@mail.gmail.com>
References: <CAEGMYw1pDnXrUaBo-GN9L2PeSOqCstNOngepnnAZnqHexK-TZg@mail.gmail.com>
 <CAHAhptViD+bT+XKAGkiokba8mU3enVkuEYy+A__9g0xAQ1Ymxg@mail.gmail.com>
Message-ID: <CAEGMYw0OAF5Vr1P1P=s7PJJaZjCHJFj1X53RQ7MQxykVpEmRVw@mail.gmail.com>

For my purposes I came up with a quick fix, a patch to Sendmail.pm that
uses the header information to overwrite the "from" data from the envelope.

# diff -u Sendmail.pm.0 Sendmail.pm
--- Sendmail.pm.0       2019-01-27 14:49:14.000000000 -0500
+++ Sendmail.pm 2025-04-06 10:17:35.280422217 -0400
@@ -313,6 +313,17 @@
         $from =~ s/\s*>$//; # trailing <>
         $message->{from} = lc($from);
         $SFound = 1; # We have found the sender
+MailScanner::Log::NoticeLog("Envelope From: %s", $message->{from});
+      }
+      if ($Line =~ /^H\?\?[fF][rR][oO][mM]:\s/) {
+        $from = $Line;
+        #chomp $from;
+        $from =~ s/^H\?\?[fF][rR][oO][mM]:\s//;
+        $from =~ s/[^<]*<\s*//; # leading and
+        $from =~ s/\s*>$//; # trailing <>
+        $message->{from} = lc($from);
+MailScanner::Log::NoticeLog("Header From: %s", $message->{from});
+        $SFound = 1; # We have found the sender
       }
       if ($Line =~ /^\$_/) {
         $ip = $Line;


Ideally this would save the header from to a different structure element,
perhaps "$message->{hfrom}", with another patch so that rules could
reference "HFrom:" vs "From:", but I couldn't figure out that part of the
code in Message.pm

On Sat, Apr 5, 2025 at 12:59?AM Ricky Boone <ricky.boone at gmail.com> wrote:

> I don't believe so.  Alternatively, depending on what you're
> ultimately trying to solve for, using SpamAssassin rules or other
> configuration statements may work instead.
>
> On Fri, Apr 4, 2025 at 5:05?PM Richard Bollinger (Richard A
> Bollinger)(ETCI) via MailScanner <mailscanner at lists.mailscanner.info>
> wrote:
> >
> > Is there a way in a ruleset to match on a visible from address vs the
> envelope from address?
> >
> >
> > CONFIDENTIALITY NOTICE: This E-mail, along with any attachments, is
> considered confidential and may well be legally privileged. If you have
> received it in error, you are on notice of its status. Please notify us
> immediately by reply e-mail and then delete this message from your system.
> Please do not copy it or use it for any purposes, or disclose its contents
> to any other person. Thank you for your cooperation.
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> >
> https://urldefense.com/v3/__http://lists.mailscanner.info/mailman/listinfo/mailscanner__;!!JT12okTYBSM!ReEFHwXVe_Kikd8twNrjtKHSBqy_K9UmXrMPj5p6jvYY7mV7yf81os8W8yRyAh2gV1D3uCvvYx2n09J17EZqPybVtA$
> [lists[.]mailscanner[.]info]
> >
>

--
CONFIDENTIALITY NOTICE: This E-mail, along with any attachments, is considered confidential and may well be legally privileged.  If you have received it in error, you are on notice of its status.  Please notify us immediately by reply e-mail and then delete this message from your system.  Please do not copy it or use it for any purposes, or disclose its contents to any other person.  Thank you for your cooperation.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20250406/40a206bf/attachment.html>