I've recently seen a new, at least to me, form of spam.
The envelope header "From" is "[EMAIL PROTECTED]".
The Header "From" is rob76-5-82-245-93-7.fbx.proxad.net
When I looked at the first of these, that was reported to me, I saw the Header
"From" as "[EMAIL PROTECTED]". This, at first,
caught me by surprise, since I have a rule, in "filter_sender" that will
reject senders that come from outside and claim to be from my domain. It
took me a bit to realize that since there was not domain, on the Header
"From" my sendmail had rewritten it, as a local address, and added my
domainname.
Several of the messages, of this sort, that I've found in the logs were scored
high enough, by spamassassin, to be blocked, but a good number flew below the
SPAM radar and were delivered untagged.
I guess my questions are:
1. Is there a mimedefang rule (or sendmail config option) that would
detect
that the Envelope and Header senders differ?
2. Are there "legitimate" reasons that the these headers may differ (I
don't
want to trigger false positives).
Any help or pointers would be appreciated.
Thank you,
--
Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED]
Software Engineer: Full Compass Systems LTD.
Phone: 608-831-7330 x 1347 FAX: 608-831-6330
===================================================================
There are only three sports: bullfighting, mountaineering and motor
racing, all the rest are merely games! - Ernest Hemmingway
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
