On Tue, 23 Aug 2011 14:50:22 -0400 Todd Aiken <[email protected]> wrote:
> In the past 24 hours, I've received a ton of spam at our site. The > spam seems to be coming from the same source, in that I see the > spammer using our domain name as a from address, but they are also > using multiple From addresses in the same message! I believe that > this is non-standard, but it's giving our Exchange server a ton of > trouble. It's non-standard, but legal. See section 3.6.2 of http://www.ietf.org/rfc/rfc5322.txt The From: header is allowed to have multiple mailboxes, but the Sender: header (if present) can have only one. > Our Linux gateways are correctly classifying the mail as > spam, but the transport rules on our Exchange server that filter > based on the X-Spam-Level header are not triggering because of the > multiple From addresses, and the spam ends up in everyone's Inbox. > Is there any easy way I can add something into my MIMEDefang's > configuration to detect and reject messages that come in with more > than one From address? Call Microsoft support and ask them to fix Exchange! :) You'll have to parse the From: header, I guess. Use the Mail::Address Perl module to parse it out and if you get back more than one address, take action... but be aware that you may block legitimate mail. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
