> I added the following script to my mail filter making the assumption
> that all email the comes from paypal server would have received lines
> that include paypal.com. I wanted to share this and also ask if anyone
> knows if there is a reason this wouldn't work.
>
> if "$h_from:" contains "paypal.com"
> then
> if "$h_Received:" does not contain "paypal.com"
> then
> deliver spoof@???
> finish
> endif
> endif
IMO, it would be preferable to block this at SMTP time. Is the from: header
the same as the envelope from? If so, just block it around rcpt doing a
check like what you're doing above. (using $sender_host_address)
By doing the above, you're really becoming an open relay to spoof@???
and could actually be treated as such.
--
Lab tests show that use of micro$oft causes cancer in lab animals
