Well, I've confirmed that EOP (protection.outloko.com, our external Spam filter provider) is adding in the "Delivered-To:" head when emails that have been quarrantined are released to be delivered in to us.
I'm amazed others haven't seen this problem yet, but maybe we're strange. In any case, now I need to figure out a way to fix this. Would it be enough to simply remove the header if it arrives from them? I know it's a bad idea... but my customers are complaining about this. So a simple header_check like this might be what I want: /^Delivered-To: (.*$)/ REPLACE EOP-Delivered-To: "$1" But I only want this replamcent to happen for email that comes from a specific set of outside servers. I think I might have to run my own milter here to do this. I really can't depend on the headers not being forged somehow, but I can depend on the host which connects to me being who it says. To a degree. Am I making sense? John
