"spoofed" email messages coming from recepient
Professional Software Engineering
PSE-L at mail.professional.org
Sat Jan 31 00:15:20 CET 2009
At 12:10 2009-01-30 -0800, Alex Rodriguez wrote:
>I am a junior Linux admin with very limited experience with procmail.
>I need to have procmail dump email messages which have the same address on
>both sender and receiver field on the email envelope.
If it's envelope data, you should specify what headers your MTA is adding
to the message such that programs such as Procmail can see the envelope
data. This isn't inherently part of the headers.
Also, you may be better off setting up a filter in your MTA to reject these
at SMTP delivery time - thus advising legitimate senders (perhaps your
users) that the message is being rejected. Accepting and THEN bouncing the
message is problematic.
Consider also whether you want the rule to apply only to addresses at your
domain(s), or to ANY address pair - it isn't wholly uncommon for people to
address a group of recipients as BCC and themselves as the TO:. This
wouldn't meet the criteria of an ENVELOPE TO: and FROM: match unless of
course that person was your customer (and is receiving the individual copy
addressed to themselves), but if you're using non-envelope - plain From:
and To: headers - then such messages will match.
If the emails you're trying to block are spoofing your own domain, you
should consider setting up your MTA to require SMTP authentication. Local
(shell) users would have no problems sending, and any users mailing into
your SMTP would need to authenticate in order to do so. This protects your
own server from being hijacked to send mail out to other sites as if they
came from your users.
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
More information about the procmail