On 17 Feb 2002, Craig Hughes wrote:
> So, for envelope from checking, we should use the "Return-Path" header.
> I'll make a rule which compares Return-Path to From: and see how it does
> at differentiating spam from nonspam.
Hadn't even thought of checking the sender - interesting. I'm curious to
hear how this goes. In a few seconds of checking I notice that lots of
mailing lists will trip this up. I do see that some spam might get
caught, though. Worth feeding to the GA.
> For the envelope TO, there seem to be 2 "standards", depending on when
> the info is added to the message header. One is added on SMTP-reception
> (such as with exim I think), in which case the header used is
> "Envelope-To".
Erm, I don't know about that. I doubt that anything will add envelope
recipients to a message during SMTP, because of the Bcc privacy issue.
That might work for single-recipient messages, but doesn't work for
multi-recipient ones.
In fact, postfix does exactly that for the Received line.
Single-recipient:
Received: from tisch.mail.mindspring.net (tisch.mail.mindspring.net [207.69.200.157])
by cadmium.frontier.net (Postfix) with ESMTP id B113D7A6D5
for <[EMAIL PROTECTED]>; Sun, 17 Feb 2002 15:03:43 -0700 (MST)
Multi-recipient:
Received: from cadmium.frontier.net (localhost [127.0.0.1])
by cadmium.frontier.net (Postfix) with ESMTP
id EAE2A7A717; Sun, 17 Feb 2002 14:32:00 -0700 (MST)
Oops, looking at the Exim docs - yes, Exim does support it correctly. Hrm.
http://www.fr.exim.org/exim-html-1.90/doc/html/spec_15.html#SEC365
]Option: envelope_to_add
]Type: boolean
]Default: true
]
]If this option is true, an `Envelope-to:' header is added to the message.
]This gives the original address(es) in the incoming envelope that caused
]this delivery to happen. More than one address may be present if `batch'
]or `bsmtp' is set, or if more than one original address was aliased or
]forwarded to the same final address. As this is not a standard header,
]Exim has a configuration option (`envelope_to_remove') which requests its
]removal from incoming messages, so that delivered messages can safely be
]resent to other recipients.
> The other is added during delivery, after local alias resolution, etc,
> and is called "Delivered-To" -- qmail does this, and it's basically what
> Charlie is doing too.
I didn't realize how close this was to that ... but yes, my stamping comes
after local rewriting. With the problem you mention ...
> I think what we really want to do for spam-id purposes is to compare the
> "RCPT TO:" info from SMTP to the "To:"/"Cc:" fields in the message
> header. If you compare To/Cc to the delivery address, then you'll think
> messages To: [EMAIL PROTECTED] are spam (assuming that postmaster is an
> alias for a real user), because the delivery-to will be [EMAIL PROTECTED] not
> [EMAIL PROTECTED], which will be the envelope-to value.
Yes, absolutely. However, I don't (without major heroics) have any way to
modify the message until after local re-writing. If a message comes into
the system, To: cewatts, Bcc: bob, the message is only -one message- until
it is split out for local delivery. So even if I had access to it, I
couldn't tag it yet because that would break Bcc: privacy.
In fact ... it looks to be nearly impossible w/ Postfix:
http://archives.neohapsis.com/archives/postfix/2000-12/1119.html
> So, Charlie, I would suggest altering your mail system to insert a
> Envelope-To instead of X-Delivery-To (or at least standardize and use
> Delivery-To). I'll implement Charlie's patch below but using
> Envelope-To and add it to the SA distro. Then people can just make sure
> their mail system adds the right header, and they'll automatically get
> this feature.
It does look like postfix's local delivery agent can prepend a
"Delivered-To" header upon local delivery. I'm just not using the local
delivery agent, so I made my own one up. I'll switch it to just use
Delivered-To.
But, using Postfix, I can't get an Envelope-To header.
So ... perhaps we should support both. Envelope-To (which can have
multiple addresses in it, remember) for folks who can use it, and
Delivered-To for folks who can't. Simple enough.
The nice thing about doing it with headers (instead of command-line args,
that sort of thing) is that the GA will be able to use it.
--
Charlie Watts
[EMAIL PROTECTED]
Frontier Internet, Inc.
http://www.frontier.net/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
