On 19.11.22 12:08, Fourhundred Thecat wrote:
I am receiving spam which has missing Return-Path and envelope-from (in
SPF check):
Return-Path: <>
X-Original-To: a...@aaa.aaa
Delivered-To: a...@aaa.aaa
Received-SPF: Pass (helo) identity=helo; client-ip=185.117.73.75;
helo=bjsabbatini.co.uk; envelope-from=<>; receiver=a...@aaa.aaa
is there any legitimate reason why email would have empty Return-Path?
yes, the (non-)delivery notifications are supposed to be ent with empty envelope
from: so they don't trigger another delivery notifications.
see rfc 5321 section 6.1
Is it safe to block it in header_checks?
/^Return-Path: <>/ REJECT
No. the Return-Path: should not exist prior to delivery to mailbox.
Also, according to rfc 1123, section 5.2.9 empty reverse path MUST be
supported.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
