Mark McArthey <[EMAIL PROTECTED]> writes: > I'm using fetchmail to temporarily pull mail from an old account, and this > spammer was able to get through by faking that old address.
Someday I need to read up on fetchmail to figure out just what it does and what it's capable of doing. I don't know it well at all, so the following is based on some guesses of what it's doing. This might not work. > I'd like to know if there's a rule I can use to avoid this specific > problem in the future. Thanks! I'm guessing that fetchmail generates the envelope sender (when it delivers through SMTP) from the From: field. The Return-Path: field in the email below looks to be generated by preline in your .qmail file. > Return-Path: <[EMAIL PROTECTED]> [...] > From: "jenna teddry" <[EMAIL PROTECTED]> If you do not expect your local qmail to ever receive valid mail *from* <[EMAIL PROTECTED]>, put that address in qmail's badmailfrom file. Then qmail will reject any mail that tries to use the execpc.com address as an envelope sender. If my guess about how fetchmail generates the envelope sender is correct, this will stop all mail with a From: field of <[EMAIL PROTECTED]>. If you expect valid mail with that From: field to be processed by fetchmail, don't do this, as it will be rejected. I don't know how fetchmail handles SMTP errors. If it just gives up forwarding all mail when it encounters an error, then this technique won't work. All I can suggest is that you put the address in badmailfrom, send mail to the execpc.com account with a From: field of <[EMAIL PROTECTED]>, send another, valid, email to that same account and run fetchmail to see if the second gets delivered despite the first being rejected. Hope that helps, Tim _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
