On Mon, Nov 10, 2008 at 12:09:38PM -0800, Rob Tanner wrote:
> Hi,
>
> Most of our group mailing lists (which are defined via an LDAP entry
> directly accessed by Postfix) are restricted so that you must have or be
> spoofing a local email address -- checked via check_sender_access and
> rejecting anything not from our own domain. Each list entry in LDAP for
> which this restriction applies contains an attribute that defines the
> restriction class which contains a check_sender_access parameter that
> points to a hash that has just one item, our domain name. And it works
> well and cuts down on SPAM and UCE, rejecting the email before it ever
> hits the content filter.
>
> Now we are having a problem with SPAM being sent to the lists and
> claiming it comes from the list (the From address is the list address).
> People get offended and they get angry and they reply to the email which
> means it goes to the list and you can see what the intention is. I
> would like to be able to use the same mechanism of an attribute in the
> LDAP entry for each group email list that we want to restrict from
> mailing to itself. Basically, I want to create a restriction class that
> only rejects the email when to "to" and "from" addresses are the same.
> I've gotten nowhere so far. Can anyone offer me a few pointers.
SMTP restriction rules only apply to envelope information. The issue
you are trying to address is in the message content (headers). So
it is impossible to address this at the "RCPT TO" or earlier stages.
To address this with Postfix, you need a pre-queue filter or a milter.
Another option is to sanitize the "From:" and "Reply-To" headers in
list mail via suitable custom delivery agents for lists...
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
