Re: [Exim] mysterious TO: headers

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Jim Savoy
CC: exim-users
Subject: Re: [Exim] mysterious TO: headers
On Mon, 27 May 2002, Jim Savoy wrote:

>
>
> "Dave C." wrote:
>
> > Welcome to the difference between the SMTP envelope and the messages
> > headers. The headers DO NOT have anything to do with where a mesasge
> > gets delivered - only the envlope does.
> >
> > BTW, this is not anything new. Most spam this days has junk or forged
> > To and From headers.
>
> Oh no. What a wicked world you have welcomed me to!
>
>
> > Actually, one of my more effective spam filters specifically counts on
> > it. I check the To and Cc lines for all the addresses that are supposed
> > to come to me, including exceptions for certains lists and whatnot, and
> > if none of them are there, it gets thrown into a junk folder that I look
> > at once in a while to see if anything legit went there - nothing ever
> > had (well, some messages to a list that I forgot to add to my exceptions
> > once, but that was my fault, and it wasnt all that terribly an important
> > list anyway, which probably explains why I forgot to include it)
> >
>
> You are talking about client-side filters though right? Most of
> our users do not know how to create filters. I would much
> rather stop this stuff before it ever gets delivered. Have you got
> a sample filter I could use to dump this stuff at SMTP time?


Well, it really needs to be per-user to work, so not really. Each user
would also needs to make individual exceptions for any legit maiing
lists that they DO want to receive, since those usually have "To:
foo-list@???". Unless you happen to know what legit lists each of
your users subscribe to...

> And I'm still curious as to how "mensa.uleth.ca" gets added.
> If exim itself is tacking this on, how can I stop it from doing that?
> And what did the message look like before mensa.uleth.ca was
> added to it? Just a local part with no domain?


If it originally had no domain, then probably. Hrm.. Im not sure if exim
does this by default in headers. Are you doing any address rewriting?

You could of course reject mail with no domain attached..
'headers_check_syntax' I beleive..


> I apologize for my naivete. I am currently working my way through
> the exim manual. Lots to learn, and very interesting reading, but
> I haven't mastered all of it yet (I would say I have mastered about
> 40% of it so far, which is why example filters (if you have any)
> come in handy. TIA.
>
> - jim -
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>



--