I have a spammer using a malformed From header, as follows:
From: <UPS>sha...@marketcrank.com
The envelope from is: direcc...@delher.com.mx, and I've set up blocks
for that address.
Sendmail is munging the From: header to change <UPS> to
<u...@my.host.name>, so it ends up looking like a local address to my users.
How do I detect similar mangled From headers in Spamassassin?
Also does anyone know how to prevent Sendmail from rewriting the From
header like this? The documentation for confFROM_HEADER is a somewhat
cryptic:
https://www.sendmail.org/~ca/email/doc8.12/cf/m4/tweaking_config.html#confFROM_HEADER
I'd rather it say <UPS@suspected-spammer> instead, or reject it entirely.
Thanks,
Kirk
