On 1 Dec 2017, at 6:01 (-0500), Simeon Ott wrote:
Hi
Occasionally I get spam mails with non-quoted display names like
John, Doe, Lastname <[email protected]
<mailto:[email protected]>>
My MTA (Postfix) thinks this are multiple FROM addresses and adds my
local servername to John and Doe.
That's a Postfix misconfiguration. Ancient versions of Postfix did that
and you can make modern Postfix continue that misbehavior if you really
need it, but you really should fix it. You should leave
remote_header_rewrite_domain and local_header_rewrite_clients at their
defaults (since v2.2) unless you have very special local needs to
support no-domain mail coming from external sources.
If you are using the classic amavisd sandwich rig (with 2 smtpd
instances) then you may need to look at which smtpd is doing the header
rewrites and assure that it is the external-facing (port 25) one ONLY.
Spamassassin gets the forwarded Mail with a From Header like:
From: John@localservername, Doe@localservername, Example
<[email protected] <mailto:[email protected]>>
META: Your mail client mangled your message to this list by adding the
'mailto:' garbage above, confusing the details of your issue. If you can
make it send only plain text to mailing lists that would help prevent
such problems.
Any suggestion how-to match this kind of From-Headers? I would like to
score the mail when multiple FROM addresses exist (I know that
multiple FROM addresses are allowed according to the specific RFC)
Or is there a possible option to reject this mail earlier on MTA level
(Postfix)?
Postfix first needs to be fixed to not append any domains to non-local
mail, then you can catch *some* of the problem messages with
carefully-crafted Postfix header_checks. Unfortunately, that can't catch
all cases because headers can be encoded to allow non-ASCII characters
and header_checks doesn't decode such headers before checking them.
You can probably get more and better help if you need it on the
Postfix-Users list (see http://www.postfix.org/lists.html) where the
active participants include the creator of Postfix and other real
Postfix experts (I just play one on other lists...)
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
