Steve:
> It is easy enough to reproduce. Just build a header filter like this;
> (put aside the fact this is going to catch a shed load of legit mail)
>
> /^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic
> host in headers
This matches Received: headers.
> This mail;
> Subject: UCE: 86.140.171.207
> From: <munged>
> Reply-To: zen158...@zen.co.uk
> To: ab...@btbroadband.com
> [other text omitted]
Contains no Received: header.
> In the logs; tripped on the header filter;
> Jun 12 11:01:58 mail4 postfix/cleanup[1419]: B9F16AC09D: reject: header
> Received: from [192.168.1.xx] (xx [192.168.1.xx])??by mail4.xx.co.uk
> (xx) with ESMTPA id B9F16AC09D??for <ab...@btbroadband.com>; Fri, 12 Jun
> 2009 11:01:58 +0100 (BST) from mail4[192.168.1.xx];
> from=<mung...@munged.co.uk> to=<ab...@btbroadband.com> proto=ESMTP
> helo=<[192.168.1.xx]>: 5.7.1 dynamic host in headers
This Received: header was prepended by Postfix itself.
Observe:
- The logfile record has time stamp "Jun 12 11:01:58".
- The Received: header has time stamp "Fri, 12 Jun 2009 11:01:58".
To make this demonstration more credible, the rejected Received:
header would need to demonstrably come from body content. This
is easy enough: just submit a spam report with a Received: header
from at least a few minutes old.
Wietse
