I have a number of lists that I administer that seem to have come across a nasty quirk. I use postfix and spamassassin to keep spam in check but recently I've noticed something different.
I disallow any posts coming in externally with @my_domain via postfix (it uses the envelope sender to do the checks). Mailman, on the other hand, uses the header From: field and thus the problem.
I've recently got mails that looks like this,
From him@outside.com Date: blah blah From: me@my_domain.com
so postfix processes it and allows it into my queues (after all it is not being spoofed - the envelope (first From) is clean). Mailman though sizes up this email based on the From: header field and denotes it a locally generate post which I allow irrespective of subscription (I have non-member filtering to allow posts from '.*@my_domain.com' through via the 'accept_these_nonmembers' setting).
So I have 2 questions,
Anyone know of a decent way to make sure that both the envelope sender and the noted From header field do in fact match ? else reject/discard the email.
Does mailman allow one to check the envelope sender instead of the From: header field ? That way I know both postfix and mailman are looking at the same thing.
I'm using postfix-2.0.16; question-1 above also needs to account for myself being able to mail out without issue (ie. in case someone suggests header filtering within postfix -- that would stop internal emails from going out and I'm unable to upgrade to postfix-2.1 just yet which seems to have hooks for this now).
Regards,
- Nadim
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
participants (1)
-
Nadim Shaikli