Re: Matching Envelope Recipient

14 Jan 2005 14:27:26 -0000 

Keith> Below are headers from spam I received.  Why is the envelope recipient
Keith> not in the received header??? i changed the To: user's email to xxxxxx
Keith> for privacy, but this mail also arrived into a mailbox which was not
Keith> the mailbox in the To: header.

Keith> Received: from ghettofabulous.ca ([222.64.180.23])
Keith>  by tricks.tbmc.ie (8.12.11/8.12.11) with SMTP id j0E00kJZ024303;
Keith>  Fri, 14 Jan 2005 00:00:49 GMT

Short answer: because there was more than one local recipient.

Long answer: the default Received header for sendmail 8.12.11 is thus:

Received: $?sfrom $s $.$?_($?s$|from $.$_)
        $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
        $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
        (version=${tls_version} cipher=${cipher} bits=${cipher_bits} 
verify=${verify})$.$?u
        for $u; $|;
        $.$b

Since neither SMTP AUTH nor TLS are in play here, let's simplify that:

Received: $?sfrom $s $.$?_($?s$|from $.$_)
        $.by $j ($v/$Z)$?r with $r$. id $i
        $?u
        for $u; $|;
        $.$b

Now, the $?x ... $| ... $. syntax is sendmail.cf's baroque way of saying
if macro x is set then ... else ... endif, and likewise $?x ... $. means
if macro x is set then ... endif, and the macros in play here are:

* s: the name the SMTP client claimed in its HELO/EHLO greeting: in your
     above example, this is "ghettofabulous.ca"
* _: the actual IP address of the SMTP client (inside square brackets),
     and, if it reversed-mapped to anything, the name it reverse-mapped
     to ("[222.64.180.23]" in your example)
* j: the fully qualified host name of the SMTP server ("tricks.tbmc.ie")
* v: the sendmail binary version ("8.12.11")
* Z: the sendmail.cf version ("8.12.11")
* r: the protocol used, usually "SMTP" or "ESMTP" ("SMTP")
* i: the queue ID ("j0E00kJZ024303")
* u: the SMTP envelope recipient(s), but (and this is the key to your
     question) if there is more than one recipient, this macro is unset to
     protect the privacy of all recipients (e.g., so if the sender blind
     copied anyone, that the others would not be able to determine this)
     (unset in your example)
* b: the current date & time in RFC 2822 format
     ("Fri, 14 Jan 2005 00:00:49 GMT")

HTH,
-- John

Reply via email to