Ben Dugdale
20 years ago
This is a multi-part message in MIME format.
--------------050502090201020708010809
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
According to RFC 2821 the "From:" header in a message body must have a valid
email address rather than something like "Ben Dugdale". That is presumably why
postfix, by default, inserts $myorigin when it sees an invalid address in the
"From:" header.
I've got a problem where spammers are using valid 'mail from:' formatted
addresses (envelope sender) then giving bogus data at the from: header. Postfix
then appends $myorigin to send the message on as RFC compliant. Unfortunately
the end user is confused by messages that seem to come from the mail server.
(And I'd always like to identify and stop more spam!)
I see in the docs and in practice that smtpd_sender_restrictions apply to the
envelope sender.
I was going to use pcre header_checks to respond to bogus from addresses but
think that this must be a solved problem and that the postfix solution will be
more robust than any hack I might do. I also wonder if this is because I'm mis
configured in some way.
Here's an example at the console...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 gnumail.apachecounty.net -- It's GNU!
helo gnumail.apachecounty.net
250 gnumail.apachecounty.net
mail from:<***@gnumail.apachecounty.net>
250 Ok
rcpt to:<***@adhdsports.com>
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject:header test
from:header test
to:<***@adhdsports.com>
test
.
250 Ok: queued as 8D657133FF2
quit
221 Bye
Connection closed by foreign host.
And the result...
gnumail maps # postcat -q 8D657133FF2
*** ENVELOPE RECORDS hold/8/8D657133FF2 ***
message_size: 449 354 1 0
message_arrival_time: Wed May 18 16:23:38 2005
smtp-amavis:[64.18.48.120]:10024
sender: ***@gnumail.apachecounty.net
named_attribute: client_name=localhost.localdomain
named_attribute: client_address=127.0.0.1
named_attribute: message_origin=localhost.localdomain[127.0.0.1]
named_attribute: helo_name=gnumail.apachecounty.net
named_attribute: protocol_name=SMTP
original_recipient: ***@adhdsports.com
recipient: ***@adhdsports.com
*** MESSAGE CONTENTS hold/8/8D657133FF2 ***
Received: from gnumail.apachecounty.net (localhost.localdomain [127.0.0.1])
by gnumail.apachecounty.net (Postfix) with SMTP id 8D657133FF2
for <***@adhdsports.com>; Wed, 18 May 2005 16:23:38 -0700 (MST)
subject:header test
From: ***@gnumail.apachecounty.net, ***@gnumail.apachecounty.net
To: <***@adhdsports.com>
Message-Id: <***@gnumail.apachecounty.net>
Date: Wed, 18 May 2005 16:23:38 -0700 (MST)
test
*** HEADER EXTRACTED hold/8/8D657133FF2 ***
*** MESSAGE FILE END hold/8/8D657133FF2 ***
A gzip of postconf -n is attached.
Thanks for your thoughts!
--
Ben Dugdale <***@apachecounty.net>
--------------050502090201020708010809
Content-Type: application/x-gzip;
name="postconf.gz"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="postconf.gz"
H4sICH3Ti0IAA3Bvc3Rjb25mAKVWS2/jNhA+W7/CBQL0FD0cx0kD7GGxh6KX3noqCoIixxYb
PhSScqwW/e8dStTLj91smwCGyPnmwW+GM6ScW3COHMGKfUsUrdef1qW3AC8ZeJbVxvm9OGUo
cFkPSuhSR8OBenEEwiirANVbcDcxcKqFBeKFCsgiVzeRFva4Xw3QR0RKQR3h1NOSurB31++E
2JLpEwVJaRrNgLw10ACRYg/RyhNPSmteQRNHnSS08RVhUoD2LgbOqDZaMCoHW6p1b/KMjLDV
/94v8SnbJ8woRTUnHA/KvLEtGskaZzNXCo1SvReHpXBmO8g9hkP2QnqwKHXK1/dU0aNwL7/v
tmnxnG6f02KT//FS5Plmm3AKyuhLd1KUo1UOZXMgNYAlEo4gEbPBzT1tpCccnBcaWUcr6J41
1oJmLfKmhA/IPKmMAjygkKU54U4aPtFhllReyYVrbRKhwROBx7B7yiBwSKVMpAkkfdNXxKFB
UYe8DGm4OwrrG5TMEr26W7K/urMQ1D3wuB6UYuh9qfQevKXa1cYGr6y1jXtJAoqYd93xPlAX
Nt9ITX01EItpzLpdlOmaHuBKqitqAUEaISeh0N21UlTtjI5wRtVW6FVTBasuyLBKcZcb9Ken
vWTYWiol02cQ/B0W/6S0DveS4Y3wbYqpQRT+vhv7GngtNk9pjv/Fqvhpkxa757DKit2qwL18
XDwF2bAaqzDPNvmq2KTbTbrJu+V2tXtKH/P0AUv08QldGSsOF3FqeO/SCO6C2EmU9JQtuD1S
5LY2Ro6VbYFydTMD3Iw36x5PkD5kPR7VJG1JT+IHbvkCHi75stA+ZGCGDxYcVbWE243AgeZd
Qc4ZCi0kGyQI8QfBycGapo4Vy62pk9AySECR097Yd2o5iU0pNrkA4F33w/T8BTNcSNG8LPLs
eT1P9zbqllT312SW1vX9/foX/6Nb//zrbz9EXN9c8To7bwULdR6s12Dxuk89GCGiY2cVJVOJ
riz8iQQRW8pobL2umzJVJ4sKoZ4/DbFuos8Kuf4fHqOVqQOdmaqoq64MxxkKA6UOK3gV7t3r
zBJl2A/dbQtL3Oo/0NTobqbN+sogwUZJ9m9cT+FMOq8au94szthvRnk3mwXMSBlJujg0MjTu
HqGP1Dn8jCrT4AVNSwmLkuyEcVIMDW4ucoATQ/iWmHpIhzZhBrTKNKMRrHwcdB+ugHOCev1z
dqLVSM1lAvpcR9TXE70AxaC9dOTLZ5z6MDQC52TGwHqXfe46OPnStXBEpcz6mVpHptGyXVAZ
JEGdXLd5azqc2X6F9nsNoMrMgDSH4cVRzLaxkABrIlxWyrtGsowcC8l1RdWdPIxM04RJ/bDL
8wHXOAjYqNtZxRZnFHGmsSyEzOH4kuFP1vSSZBz6H2zbS3xo20M5nD9TYrUww7vX6mOezK7N
WJFzzBYxVx4134zpUifENeyGgRDtOI8NgIVXYpGcP4TiCzoLD7vs2E2Tc8g0HEugFt9zFbwb
w11KmStZ95I4Vxleceiy/7tAfN8RMcN2cToltFCNIo3g0c0omr/n7pZ5GzHNdXL+BXiiYsUF
DQAA
--------------050502090201020708010809--
--------------050502090201020708010809
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
According to RFC 2821 the "From:" header in a message body must have a valid
email address rather than something like "Ben Dugdale". That is presumably why
postfix, by default, inserts $myorigin when it sees an invalid address in the
"From:" header.
I've got a problem where spammers are using valid 'mail from:' formatted
addresses (envelope sender) then giving bogus data at the from: header. Postfix
then appends $myorigin to send the message on as RFC compliant. Unfortunately
the end user is confused by messages that seem to come from the mail server.
(And I'd always like to identify and stop more spam!)
I see in the docs and in practice that smtpd_sender_restrictions apply to the
envelope sender.
I was going to use pcre header_checks to respond to bogus from addresses but
think that this must be a solved problem and that the postfix solution will be
more robust than any hack I might do. I also wonder if this is because I'm mis
configured in some way.
Here's an example at the console...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 gnumail.apachecounty.net -- It's GNU!
helo gnumail.apachecounty.net
250 gnumail.apachecounty.net
mail from:<***@gnumail.apachecounty.net>
250 Ok
rcpt to:<***@adhdsports.com>
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject:header test
from:header test
to:<***@adhdsports.com>
test
.
250 Ok: queued as 8D657133FF2
quit
221 Bye
Connection closed by foreign host.
And the result...
gnumail maps # postcat -q 8D657133FF2
*** ENVELOPE RECORDS hold/8/8D657133FF2 ***
message_size: 449 354 1 0
message_arrival_time: Wed May 18 16:23:38 2005
smtp-amavis:[64.18.48.120]:10024
sender: ***@gnumail.apachecounty.net
named_attribute: client_name=localhost.localdomain
named_attribute: client_address=127.0.0.1
named_attribute: message_origin=localhost.localdomain[127.0.0.1]
named_attribute: helo_name=gnumail.apachecounty.net
named_attribute: protocol_name=SMTP
original_recipient: ***@adhdsports.com
recipient: ***@adhdsports.com
*** MESSAGE CONTENTS hold/8/8D657133FF2 ***
Received: from gnumail.apachecounty.net (localhost.localdomain [127.0.0.1])
by gnumail.apachecounty.net (Postfix) with SMTP id 8D657133FF2
for <***@adhdsports.com>; Wed, 18 May 2005 16:23:38 -0700 (MST)
subject:header test
From: ***@gnumail.apachecounty.net, ***@gnumail.apachecounty.net
To: <***@adhdsports.com>
Message-Id: <***@gnumail.apachecounty.net>
Date: Wed, 18 May 2005 16:23:38 -0700 (MST)
test
*** HEADER EXTRACTED hold/8/8D657133FF2 ***
*** MESSAGE FILE END hold/8/8D657133FF2 ***
A gzip of postconf -n is attached.
Thanks for your thoughts!
--
Ben Dugdale <***@apachecounty.net>
--------------050502090201020708010809
Content-Type: application/x-gzip;
name="postconf.gz"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="postconf.gz"
H4sICH3Ti0IAA3Bvc3Rjb25mAKVWS2/jNhA+W7/CBQL0FD0cx0kD7GGxh6KX3noqCoIixxYb
PhSScqwW/e8dStTLj91smwCGyPnmwW+GM6ScW3COHMGKfUsUrdef1qW3AC8ZeJbVxvm9OGUo
cFkPSuhSR8OBenEEwiirANVbcDcxcKqFBeKFCsgiVzeRFva4Xw3QR0RKQR3h1NOSurB31++E
2JLpEwVJaRrNgLw10ACRYg/RyhNPSmteQRNHnSS08RVhUoD2LgbOqDZaMCoHW6p1b/KMjLDV
/94v8SnbJ8woRTUnHA/KvLEtGskaZzNXCo1SvReHpXBmO8g9hkP2QnqwKHXK1/dU0aNwL7/v
tmnxnG6f02KT//FS5Plmm3AKyuhLd1KUo1UOZXMgNYAlEo4gEbPBzT1tpCccnBcaWUcr6J41
1oJmLfKmhA/IPKmMAjygkKU54U4aPtFhllReyYVrbRKhwROBx7B7yiBwSKVMpAkkfdNXxKFB
UYe8DGm4OwrrG5TMEr26W7K/urMQ1D3wuB6UYuh9qfQevKXa1cYGr6y1jXtJAoqYd93xPlAX
Nt9ITX01EItpzLpdlOmaHuBKqitqAUEaISeh0N21UlTtjI5wRtVW6FVTBasuyLBKcZcb9Ken
vWTYWiol02cQ/B0W/6S0DveS4Y3wbYqpQRT+vhv7GngtNk9pjv/Fqvhpkxa757DKit2qwL18
XDwF2bAaqzDPNvmq2KTbTbrJu+V2tXtKH/P0AUv08QldGSsOF3FqeO/SCO6C2EmU9JQtuD1S
5LY2Ro6VbYFydTMD3Iw36x5PkD5kPR7VJG1JT+IHbvkCHi75stA+ZGCGDxYcVbWE243AgeZd
Qc4ZCi0kGyQI8QfBycGapo4Vy62pk9AySECR097Yd2o5iU0pNrkA4F33w/T8BTNcSNG8LPLs
eT1P9zbqllT312SW1vX9/foX/6Nb//zrbz9EXN9c8To7bwULdR6s12Dxuk89GCGiY2cVJVOJ
riz8iQQRW8pobL2umzJVJ4sKoZ4/DbFuos8Kuf4fHqOVqQOdmaqoq64MxxkKA6UOK3gV7t3r
zBJl2A/dbQtL3Oo/0NTobqbN+sogwUZJ9m9cT+FMOq8au94szthvRnk3mwXMSBlJujg0MjTu
HqGP1Dn8jCrT4AVNSwmLkuyEcVIMDW4ucoATQ/iWmHpIhzZhBrTKNKMRrHwcdB+ugHOCev1z
dqLVSM1lAvpcR9TXE70AxaC9dOTLZ5z6MDQC52TGwHqXfe46OPnStXBEpcz6mVpHptGyXVAZ
JEGdXLd5azqc2X6F9nsNoMrMgDSH4cVRzLaxkABrIlxWyrtGsowcC8l1RdWdPIxM04RJ/bDL
8wHXOAjYqNtZxRZnFHGmsSyEzOH4kuFP1vSSZBz6H2zbS3xo20M5nD9TYrUww7vX6mOezK7N
WJFzzBYxVx4134zpUifENeyGgRDtOI8NgIVXYpGcP4TiCzoLD7vs2E2Tc8g0HEugFt9zFbwb
w11KmStZ95I4Vxleceiy/7tAfN8RMcN2cToltFCNIo3g0c0omr/n7pZ5GzHNdXL+BXiiYsUF
DQAA
--------------050502090201020708010809--