Re: Relation bettwen MAIL FROM: and From:
Hi All, I'm wondering if some know is this is possible to stop using SA. Look. [r...@cyrus postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to cyrus.sat.gob.mx (127.0.0.1). Escape character is '^]'. 220 mx2.sat.gob.mx ESMTP Postfix EHLO brandmauer.insys-corp.com.mx 250-mx2.sat.gob.mx 250-PIPELINING ... As you see, MAIL FROM (SMTP protocol) and From (DATA) are different, and Amavis+SA+Postfix is acceptiont this. Is this a SA task or Amavis or Postfix, Hi Luis, I am running a custom filter in qmail to do exactly that. To be honest, it took me about 3 months to get that working right. Basically the rules are: a) If the To address matches one of my possible email addresses (the filter is applied after collecting mails from a few pop mailboxes), and I am the only recipient, let the mail through b) if the (mailfrom or from) sender is in a whitelist (populated from mailing list senders, and very few colleagues that send BCC), let the mail through c) If I do not appear in To or Cc at all, quarantine the mail d) If there are more than 3 or so recipients (in particular from @t-online.de, which is a big ISP for private users), and not at least one of them also appears in that whitelist, quarantine e) Potential addition: detect display names that do not match those you use for sending I still look at a quarantine summary - some mailing list could have changed or so, or maybe there is an annual mailing list reminder that does not match the whitelist entry As you can see, this is solution for a single recipient, not for a mailserver, and as such it could perhaps be done in a procmail recipe. Wolfgang
Relation bettwen MAIL FROM: and From:
Hi All, I'm wondering if some know is this is possible to stop using SA. Look. [r...@cyrus postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to cyrus.sat.gob.mx (127.0.0.1). Escape character is '^]'. 220 mx2.sat.gob.mx ESMTP Postfix EHLO brandmauer.insys-corp.com.mx 250-mx2.sat.gob.mx 250-PIPELINING 250-SIZE 1024 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: ra...@insys-corp.com.mx 250 2.1.0 Ok RCPT TO: s...@sat.gob.mx 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF From: Samuel Flores samuel.flo...@sat.gob.mx To: SAS s...@sat.gob.mx Date: Thu, 12 Nov 2009 18:40:06 -0600 MIME-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: 200911121840.06060@sat.gob.mx Status: RO X-Status: RS X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Subject: t2 Mensaje . 250 2.0.0 Ok: queued as CA5426B837 QUIT 221 2.0.0 Bye Connection closed by foreign host. As you see, MAIL FROM (SMTP protocol) and From (DATA) are different, and Amavis+SA+Postfix is acceptiont this. Is this a SA task or Amavis or Postfix, Here are my logs: -- Nov 12 19:31:51 cyrus postfix/smtpd[7412]: CA5426B837: client=cyrus.sat.gob.mx[127.0.0.1] Nov 12 19:34:02 cyrus postfix/cleanup[8795]: CA5426B837: message- id=200911121840.06060@sat.gob.mx Nov 12 19:34:02 cyrus postfix/qmgr[1488]: CA5426B837: from=ra...@insys- corp.com.mx, size=582, nrcpt=1 (queue active) Nov 12 19:34:03 cyrus postfix/lmtp[8896]: CA5426B837: to=s...@sat.gob.mx, relay=127.0.0.1[127.0.0.1]:10025, delay=161, delays=160/0.03/0/0.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 583096B9A1) Nov 12 19:34:03 cyrus postfix/qmgr[1488]: CA5426B837: removed [r...@cyrus postfix]# grep 583096B9A1 /var/log/mail/info.log Nov 12 19:34:03 cyrus postfix/smtpd[8853]: 583096B9A1: client=cyrus.sat.gob.mx[127.0.0.1]:unknown Nov 12 19:34:03 cyrus postfix/cleanup[8796]: 583096B9A1: message- id=200911121840.06060@sat.gob.mx Nov 12 19:34:03 cyrus postfix/qmgr[1488]: 583096B9A1: from=ra...@insys- corp.com.mx, size=1163, nrcpt=1 (queue active) Nov 12 19:34:03 cyrus amavis[6486]: (06486-11) Passed CLEAN, MYNETS LOCAL [127.0.0.1] [127.0.0.1] ra...@insys-corp.com.mx - s...@sat.gob.mx, Message-ID: 200911121840.06060@sat.gob.mx, mail_id: h2ruWAjex7lV, Hits: -2.394, size: 582, queued_as: 583096B9A1, 400 ms Nov 12 19:34:03 cyrus postfix/lmtp[8896]: CA5426B837: to=s...@sat.gob.mx, relay=127.0.0.1[127.0.0.1]:10025, delay=161, delays=160/0.03/0/0.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 583096B9A1) Nov 12 19:34:03 cyrus postfix/smtp[8302]: 583096B9A1: to=s...@sat.gob.mx, relay=10.10.60.10[10.10.60.10]:25, delay=0.07, delays=0.01/0.04/0.01/0.01, dsn=2.0.0, status=sent (250 OK: 075480f29...@sat.gob.mx) Nov 12 19:34:03 cyrus postfix/qmgr[1488]: 583096B9A1: removed Best Regards, LD
Re: Relation bettwen MAIL FROM: and From:
Luis Daniel Lucio Quiroz wrote: Hi All, I'm wondering if some know is this is possible to stop using SA. Look. MAIL FROM and From: are commonly mismatched in legitimate mail. For example, every message that you receive from this list (and every other sanely configured mailing list) will have an apache.org address in the MAIL FROM, and the sender in the From:. That's because apache is remailing, and should receive all DSN's, but they are not the originator of the message. There's quite a few other scenarios where mismatches occur outside of spam. Perhaps you should look more closely at your nonspam email.
Re: Relation bettwen MAIL FROM: and From:
If you search the archives of this list you will find a long-winded discussion of this idea and an explanation of why it is a bad idea. To make a long story short, you will block lots of legitimate mail including almost every mail-list type message. For example, check the Header-From and Envelope-From addresses of any message that you get from this list. A similar argument applies to the Header-To and Envelope-recipient addresses. The SMTP protocol provided for seperate header VS envelope addresses with good reason, trying to block that feature only leads to trouble. On Thu, 12 Nov 2009, Luis Daniel Lucio Quiroz wrote: Hi All, I'm wondering if some know is this is possible to stop using SA. Look. [r...@cyrus postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to cyrus.sat.gob.mx (127.0.0.1). Escape character is '^]'. 220 mx2.sat.gob.mx ESMTP Postfix EHLO brandmauer.insys-corp.com.mx 250-mx2.sat.gob.mx 250-PIPELINING 250-SIZE 1024 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: ra...@insys-corp.com.mx 250 2.1.0 Ok RCPT TO: s...@sat.gob.mx 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF From: Samuel Flores samuel.flo...@sat.gob.mx [snip..] As you see, MAIL FROM (SMTP protocol) and From (DATA) are different, and Amavis+SA+Postfix is acceptiont this. Is this a SA task or Amavis or Postfix, [snip..] -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
Re: Relation bettwen MAIL FROM: and From:
Le jeudi 12 novembre 2009 20:28:51, David B Funk a écrit : If you search the archives of this list you will find a long-winded discussion of this idea and an explanation of why it is a bad idea. To make a long story short, you will block lots of legitimate mail including almost every mail-list type message. For example, check the Header-From and Envelope-From addresses of any message that you get from this list. A similar argument applies to the Header-To and Envelope-recipient addresses. The SMTP protocol provided for seperate header VS envelope addresses with good reason, trying to block that feature only leads to trouble. On Thu, 12 Nov 2009, Luis Daniel Lucio Quiroz wrote: Hi All, I'm wondering if some know is this is possible to stop using SA. Look. [r...@cyrus postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to cyrus.sat.gob.mx (127.0.0.1). Escape character is '^]'. 220 mx2.sat.gob.mx ESMTP Postfix EHLO brandmauer.insys-corp.com.mx 250-mx2.sat.gob.mx 250-PIPELINING 250-SIZE 1024 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: ra...@insys-corp.com.mx 250 2.1.0 Ok RCPT TO: s...@sat.gob.mx 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF From: Samuel Flores samuel.flo...@sat.gob.mx [snip..] As you see, MAIL FROM (SMTP protocol) and From (DATA) are different, and Amavis+SA+Postfix is acceptiont this. Is this a SA task or Amavis or Postfix, [snip..] Many many thanx