Greg Ward(gward@???)@2002.06.04 16:24:46 +0000:
> On 04 June 2002, Scott M. Nolde said:
> > I had a spam email enter my exim server and get to my account, but the To:
> > header wasn't the proper account at all.
> >
> > Some of you may have already received this spam, but i'd be very
> > interested if someone has information as to why this email got past
> > receiver_verify?
>
> Because receiver_verify looks at the envelope recipient, not the header
> recipient:
>
> > Here's the headers as I received them:
> > From lmn332@??? Tue Jun 04 11:31:16 2002
> > Return-path: <lmn332@???>
> > Envelope-to: scott@???
> ^^^^^^^^^^^^^^^^
> Presumably this passed sender_verify.
>
> [...]
> > To: togo2903d@???
> ^^^^^^^^^^^^^^^^^^^^^
>
> This is irrelevant to sender_verify.
>
> No, you should not reject messages with a "To" header not pointing at
> your domain -- that would prevent users at your site from subscribing to
> most mailing lists!
>
> Greg
> --
> Greg Ward - software developer gward@???
> MEMS Exchange http://www.mems-exchange.org
>
> --
Ok, thanks for the clue. I wasn't thinking about creating a filter based
on the To: header, but thanks for the info. I've LARTed the offending IP
address and added the offending spamvertized domain to my spammers list.
--
Scott Nolde
GPG Key 0xD869AB48
