am 20.02.2007 17:56 schrieb Peter Velan: > am 20.02.2007 16:50 schrieb David Woodhouse: >> On Tue, 2007-02-20 at 15:38 +0100, Peter Velan wrote: >>> I don't see a situation where a foreign server sends me a legit email >>> with envelope-from = "[EMAIL PROTECTED]"? >> >> If there is any external email address for which email is just >> automatically forwarded to your systems, and if any of your users send >> mail to that address, then it'll happen. > > Hmm, I will check this very, very carefully. > >>> > - your mail server in turn rejects the forwarded mail because it was >>> > not sent via SMTP AUTH >>> > - your user will receive an error mail from the forwarding mail server >>> > >>> > I would stongly recommend not to implement this kind of blocking. >>> >>> If the scenario you described above is real, then for sure, it would be >>> a stupid thing to implement this! >> >> It's very real; it's very stupid :) > > Well, I will take a very close and thorough look to my mainlog-files > before doing such a stupid stupid thing.
May be its of general interest, so here are my findings: >From a lot of 89901 (accepted) messages from outside world (less authenticated users and less valid relaying from one of our machines), 385 having an envelope-from = @mydomains. Just for clarification: This kind of non-authenticated transfers could only target one of the local accounts - I do not run an open relay ;-) >From the 385 messages (which I originally thought should all be classified as spam) were: a) 258 valid -- A handfull of my users is sending from email-providers which freely allow setting of an arbitrary envelope-from. -- One message was triggered from a news website, where one user informed about an interesting article. The email-system of this website placed the email-address of the informing guy in envelope-from. b) 61 addressed to [EMAIL PROTECTED] (all spam) Because I accept anything adressed to postmaster/abuse-account, I would not prevent this spam from comming in. c) 66 real spam The remainder of 66 real spams, was predominantly killed by spamassassin. Some interesting things about this class of messages: 34 of them came in between January and December 2006; the remaining 32 are from this year: a six-fold increase! And, 37 of this 66 are role accounts [EMAIL PROTECTED] Conclusion: Its not worth the hassle! The only thing I consider to implement: blocking any outside email with enevelope-from = "[EMAIL PROTECTED]". Thank you again for your valuable thoughts! Peter -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
