Re: [exim] Not sure how to block this spam ?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MHill Ruyter at <-
MHill Ruyter at ->
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: Exim Mailing List
Subject: Re: [exim] Not sure how to block this spam ?
On 11/16/06 11:21 AM, "Hill Ruyter" <hill@???> wrote:

> I am receiving spam to one of my email domains now that does not have my
> address in the TO or CC headers which I thought should not work as the
> server only delivers to addresses that are configured.
>
> When I look at the headers there is a field called "envelope for" which
> contains the address to which it is delivered
>
> I am sure it must be easy to stop this but I am a little lost
> which document will best explain what I should do ?
>
> Will this be in ACLs somewhere or the router ?

Unless you go to special trouble, the To: and Cc: headers are meaningless
for the purpose of getting the messages into your mailbox.

Messages are delivered based on their envelope addresses (I'm a bit
surprised you found "Envelope for:" rather than "Envelope to:" In the SMTP
conversation, the addresses come in in the RCPT TO: commands. Exim makes
them available as $local_part, and $domain (but not after that part of the
SMTP conversation is finished...that is not after the DATA command, and if
told to puts them into Envelope To: (at the last moment, when it knows there
is only one recipient being considered, so it is OK to reveal that
recipient).

That's a summary, look in the spec at 11.9 (for the variables) and various
other places.

If you elect to block because the visible addressee headers don't contain
some address, you prevent that address from receiving mail from
1. most mailing lists,
2. friends who for one reason or another include the address in Bcc: to
hide it from other recipients. (The Bcc: header is an odd duck in that
addressees who are in the Bcc: header as the message was prepared may see
1. nothing related to it (probably the most common case)
2. a reduced Bcc: header containing only their address
3. the full Bcc: header.
Those who are in the To: and Cc: headers should remain unaware of the Bcc
addresses.

Why three possibilities? My guess is that it was a political thing during
RFC production. ("My way is clearly right, and I'll vote against if it
isn't allowed.")

--John







This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Unseen Deliver BouncesRe: [exim] Limiting routers to specific hosts (was: Removing the local_user Router)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)