On 04 June 2002, Scott M. Nolde said:
> I had a spam email enter my exim server and get to my account, but the To:
> header wasn't the proper account at all.
>
> Some of you may have already received this spam, but i'd be very
> interested if someone has information as to why this email got past
> receiver_verify?
Because receiver_verify looks at the envelope recipient, not the header
recipient:
> Here's the headers as I received them:
> From lmn332@??? Tue Jun 04 11:31:16 2002
> Return-path: <lmn332@???>
> Envelope-to: scott@???
^^^^^^^^^^^^^^^^
Presumably this passed sender_verify.
[...]
> To: togo2903d@???
^^^^^^^^^^^^^^^^^^^^^
This is irrelevant to sender_verify.
No, you should not reject messages with a "To" header not pointing at
your domain -- that would prevent users at your site from subscribing to
most mailing lists!
Greg
--
Greg Ward - software developer gward@???
MEMS Exchange http://www.mems-exchange.org
