On 2017-05-05 16:00, Merijn van den Kroonenberg wrote: > So the only thing I want with the envelop from is to extract the > domain and test if the mail was DKIM signed (and valid) by that > domain. > > This tells me the envelope from is not some random spoofed address, > but actually controlled by someone who handled the e-mail before it > arrived at our mta.
Yes, this is a valid thing to do. I do this check completely in the MTA (Exim). Even if for some reason you reallly need to do it in SA, the easiest way to get the envelope sender in SA is have the MTA insert a header, such as X-Envelope-From. Exim can do that and I'm guessing other major MTAs such as Postfix can too. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html
