Hi Francis,
Thanks for your reply.
This is a self-written script that get the following arguments from
filter.post-data.tab
"!aex" "/mailsrv/MailRoot/filters/spfcheck/spfcheck.php" "@@FROM"
"@@CRCPT" "@@REMOTEADDR" "@@FILE"
The @@FROM is the actual variable that is checked by this linux command
(from within a PHP script):
exec("spfquery --name " . $this->_spfServer . " -sender=" . $this->_from . "
-ip=" . $this->_remoteAddress . " -helo=" . $this->_helo, $output, $return);
$this->_from == @@FROM
Spfquery return a digit as the return code which is what I use for either
dropping the email or let it go throught.
Thanks
-fred
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of CLEMENT Francis
Sent: 14 octobre 2009 12:13
To: 'XMail Users Mailing List'
Subject: Re: [xmail] Multiple from inside mail headers
Hello Fred
As this is a filter, the choice made to use 'return-path' in place of 'from'
is filter specific, not related to xmail
To help you we need to know more about this filter, how it works,
parameters, ...
Self-written filter or found on the net ?
Do you have source code for this filter (or can we get it somewhere) ?
Francis
-----Message d'origine-----
De : [email protected] [mailto:[email protected]]de
la part de fred
Envoyé : mercredi 14 octobre 2009 17:56
À : 'XMail Users Mailing List'
Objet : [xmail] Multiple from inside mail headers
Hello guys,
This is not really XMail specific but I am a bit confused there and I need
help from experts.
Here is the problem, I am using a filter that works with SPF, everything is
working fine except one thing.
Sometimes forged froms pass through the filter because the filter is getting
the return-path instead of a faked from, see this example:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from dsldevice.lan ([92.18.93.37]:49281)
by mail with [XMail 1.26 ESMTP Server]
id <SA34818> for <[email protected]> from
<[email protected]>;
Wed, 14 Oct 2009 11:50:35 -0400
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
spamshield.fullmetalpacket.com
X-Spam-Status: No, score=-87.3 required=9.0 tests=BAYES_50,HTML_MESSAGE,
MIME_QP_LONG_LINE,NO_RELAYS,SPAMMY_XMAILER,TVD_RCVD_IP,TVD_RCVD_IP4,
URIBL_BLACK,USER_IN_WHITELIST,XMAILER_MIMEOLE_OL_91287
autolearn=no
version=3.2.4
Received: from 92.18.93.37 by soulofthejedi.net; Wed, 14 Oct 2009 16:40:46
+0000
Message-ID: <000d01ca4ce4$b2b7b9c0$6400a...@munitionb9>
From: "[email protected]"
<[email protected]>
To: <[email protected]>
Subject: The settings for the [email protected] mailbox were changed
Date: Wed, 14 Oct 2009 16:40:46 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01CA4CE4.B2B7B9C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.2300
This guy is sending email like this with links to spread his malware.
My filter is analyzing Return-Path: [email protected] instead of
From: "[email protected]" [email protected]
Is there any way to analyze the faked from?
Thanks
-fred
_______________________________________________
xmail mailing list
[email protected]
http://xmailserver.org/mailman/listinfo/xmail
_______________________________________________
xmail mailing list
[email protected]
http://xmailserver.org/mailman/listinfo/xmail
