On 01-12-17 14:15, RW wrote: > On Fri, 1 Dec 2017 12:01:35 +0100 > Simeon Ott wrote: > >> Hi >> >> Occasionally I get spam mails with non-quoted display names like >> >> John, Doe, Lastname <[email protected] >> <mailto:[email protected]>> >> >> My MTA (Postfix) thinks this are multiple FROM addresses and adds my >> local servername to John and Doe. Spamassassin gets the forwarded >> Mail with a From Header like: >> >> From: John@localservername, Doe@localservername, Example >> <[email protected] <mailto:[email protected]>> >> >> Any suggestion how-to match this kind of From-Headers? > > Does Postfix keep the the original From header with a rewritten > header name? If there's an Original-From or similar it would be better > to detect the original problem rather than a side effect. > > If that mailto thing repeats, I'd go after that too. Maybe > > header ... From =~ />\s*>\s*$/ >
You're mistaken about postfix. It does not rewrite the From headers in the way you describe, unless you explicitly configured it to. You should change your postfix configuration, or verify the input data that postfix receives (maybe the addresses were already malformed before they entered your system? The easy way to catch these messages is to set your machine name to some domain that never receives mail. email addresses: [email protected] server domain: mailserver.company.tld Automatic generated addresses would look like [email protected], these are easily recogized because nobody uses them. Kind regards, Tom
