Hello guys, This is not really XMail specific but I am a bit confused there and I need help from experts. Here is the problem, I am using a filter that works with SPF, everything is working fine except one thing. Sometimes forged froms pass through the filter because the filter is getting the return-path instead of a faked from, see this example: Return-Path: <munitio...@soulofthejedi.net> Delivered-To: r...@fullmetalpacket.com Received: from dsldevice.lan ([92.18.93.37]:49281) by mail with [XMail 1.26 ESMTP Server] id <SA34818> for <r...@fullmetalpacket.com> from <munitio...@soulofthejedi.net>; Wed, 14 Oct 2009 11:50:35 -0400 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on spamshield.fullmetalpacket.com X-Spam-Status: No, score=-87.3 required=9.0 tests=BAYES_50,HTML_MESSAGE, MIME_QP_LONG_LINE,NO_RELAYS,SPAMMY_XMAILER,TVD_RCVD_IP,TVD_RCVD_IP4, URIBL_BLACK,USER_IN_WHITELIST,XMAILER_MIMEOLE_OL_91287 autolearn=no version=3.2.4 Received: from 92.18.93.37 by soulofthejedi.net; Wed, 14 Oct 2009 16:40:46 +0000 Message-ID: <000d01ca4ce4$b2b7b9c0$6400a...@munitionb9> From: "notificati...@fullmetalpacket.com" <notificati...@fullmetalpacket.com> To: <r...@fullmetalpacket.com> Subject: The settings for the r...@fullmetalpacket.com mailbox were changed Date: Wed, 14 Oct 2009 16:40:46 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01CA4CE4.B2B7B9C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.2300 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.2300 This guy is sending email like this with links to spread his malware. My filter is analyzing Return-Path: munitio...@soulofthejedi.net instead of From: "notificati...@fullmetalpacket.com" notificati...@fullmetalpacket.com Is there any way to analyze the faked from? Thanks -fred
_______________________________________________ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail