Wietse Venema wrote:
Roderick A. Anderson:
I'm starting to get a lot of SPAM where the Sender matches the To:.
You mean, the From: and To: headers, or the MAIL FROM and the RCPT
TO address in SMTP commands?
One of these days I'll stating thinking in the correct terms. Probably
about a week before I retire or die! :-)
Note that From: and To: headers can be completely different from
the MAIL FROM and the RCPT TO address in SMTP commands.
This is probably a bad example as the [EMAIL PROTECTED] is a forwarding
address to the actual [EMAIL PROTECTED] but here are the headers
form one of the messages I get.
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from acm26-4.acm.org (acm26-4.acm.org [63.118.7.109])
by mail.cyber-office.net (Postfix) with ESMTP id 4CA8F80077
for <[EMAIL PROTECTED]>; Mon, 10 Nov 2008 16:31:26 -0800 (PST)
Received: from psmtp.com ([64.18.14.107])
by acm26-4.acm.org (ACM Email Forwarding Service) with SMTP id
RLQ42223
for <[EMAIL PROTECTED]>; Mon, 10 Nov 2008 19:31:23 -0500
Received: from source ([216.183.146.13]) by chip3mx111.postini.com
([64.18.6.10]) with SMTP;
Mon, 10 Nov 2008 19:31:23 EST
To: <[EMAIL PROTECTED]>
Subject: Even presidents use it
From: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
Message-Id: <[EMAIL PROTECTED]>
Date: Mon, 10 Nov 2008 16:31:26 -0800 (PST)
A reverse lookup of the IP address (dig -x 216.183.146.13) gives me
this snipped out section.
;; ANSWER SECTION:
13.146.183.216.in-addr.arpa. 10800 IN PTR cheetah-tiv-ppp265.bmts.com.
See, for example, this message that reaches you via mailing lists.
Header:
From: me
To: postfix-users@postfix.org
SMTP envelope:
MAIL FROM: [EMAIL PROTECTED]
RCPT TO:you
If your problem is that From: equals To:, then Postfix can help
only with an external content filter.
If your problem is that MAIL FROM equals RCPT TO, then Postfix can
help only with an external policy daemon or external content filter.
In the case of the above headers I'm going to say both! 8-( But I
haven't seen the messages the others are having problems with. Tomorrow
I'll be on site and will check if it is the same for them.
But either way I'm guessing I'll have some research and experimenting to
do. Damn I was hoping for a one-liner in main.cf or master.cf.
Oh well, off to the books.
Thanks,
Rod
