Thank you John
That was very clear and I now understand much better what is happening
I guess I will read up and start some more aggressive spam filtering by
switching on more stuff in SA-Exim
and you were right it is "envelope to"
Thanks again
Hill Ruyter
----- Original Message -----
From: "John W. Baxter" <jwblist3@???>
To: "Exim Mailing List" <exim-users@???>
Sent: Thursday, November 16, 2006 9:49 PM
Subject: Re: [exim] Not sure how to block this spam ?
> On 11/16/06 11:21 AM, "Hill Ruyter" <hill@???> wrote:
>
>> I am receiving spam to one of my email domains now that does not have my
>> address in the TO or CC headers which I thought should not work as the
>> server only delivers to addresses that are configured.
>>
>> When I look at the headers there is a field called "envelope for" which
>> contains the address to which it is delivered
>>
>> I am sure it must be easy to stop this but I am a little lost
>> which document will best explain what I should do ?
>>
>> Will this be in ACLs somewhere or the router ?
>
> Unless you go to special trouble, the To: and Cc: headers are meaningless
> for the purpose of getting the messages into your mailbox.
>
> Messages are delivered based on their envelope addresses (I'm a bit
> surprised you found "Envelope for:" rather than "Envelope to:" In the
> SMTP
> conversation, the addresses come in in the RCPT TO: commands. Exim makes
> them available as $local_part, and $domain (but not after that part of the
> SMTP conversation is finished...that is not after the DATA command, and if
> told to puts them into Envelope To: (at the last moment, when it knows
> there
> is only one recipient being considered, so it is OK to reveal that
> recipient).
>
> That's a summary, look in the spec at 11.9 (for the variables) and various
> other places.
>
> If you elect to block because the visible addressee headers don't contain
> some address, you prevent that address from receiving mail from
> 1. most mailing lists,
> 2. friends who for one reason or another include the address in Bcc: to
> hide it from other recipients. (The Bcc: header is an odd duck in that
> addressees who are in the Bcc: header as the message was prepared may see
> 1. nothing related to it (probably the most common case)
> 2. a reduced Bcc: header containing only their address
> 3. the full Bcc: header.
> Those who are in the To: and Cc: headers should remain unaware of the Bcc
> addresses.
>
> Why three possibilities? My guess is that it was a political thing during
> RFC production. ("My way is clearly right, and I'll vote against if it
> isn't allowed.")
>
> --John
>
>
>
>
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>