2

I run a Postfix mail server using Spamassassin as after-queue filter.

It works quite well, but sometimes I get spam from the network that has correct MAIL FROM: address, but also contains, in DATA: section, different forged address something <at> mydomain.com.

Most e-mail client programs, including Thunderbird and Outlook, displays it using the second ( forged ) address.

I would like to block such messages automatically, but I can't do it using smtpd_recipient_restrictions ( forged address resides in DATA: section ).

It also have nothing to do with SPF since MAIL FROM: ( envelope sender ) address may be correct according to SPF.

Then how can I do it using Postfix settings or Spamassassin rules ?

malloc4k
  • 831
  • 2
  • 9
  • 16

1 Answers1

3

Postfix doesn't care about the mail content. $smtpd_recipient_restrictions look at the envelope-from, not at the From: header in the mail, and you can't use header_checks for this:

Message headers added by the cleanup(8) daemon itself are excluded from inspection. Examples of such message headers are From:, To:, Message-ID:, Date:.

Not to mention that it's unwise to block messages where the From: header differs from the envelope-from. Mailing lists for instance will use the mailing list address (or a VERP address) in the envelope, while the original From: address will remain in the body.

Ansgar Wiechers
  • 4,247
  • 2
  • 18
  • 26