I am getting a lot of mail recently that is passing my HELO tests and
callouts
but it has clear fakery that I could test for if I knew how
the envelope from and from address are not the same
in fact the from address is pretending to be me
I basically want to say
if envelope-from is not equal to from and from is equal to me then drop
#here is an example: (my email address has @ replaced with #)
Return-path: <resellmga4@???>
Envelope-to: hill#ruyter.co.uk
Delivery-date: Fri, 05 Jun 2009 14:09:59 +0100
Received: from [74.72.203.118] (helo=cpe-74-72-200-118.nyc.res.rr.com)
by mail.ruyter.co.uk with esmtp (Exim 4.60)
(envelope-from <resellmga4@???>)
id 1MCZBF-00048N-Tn
for hill@???; Fri, 05 Jun 2009 14:09:59 +0100
Message-ID: <000d01c9e5e1$c039b720$6400a8c0@resellmga4>
From: hill#ruyter.co.uk
To: <hill#ruyter.co.uk>
Date: Fri, 5 Jun 2009 09:30:11 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C9E5E1.C039B720"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-SA-Exim-Connect-IP: 74.72.203.118
X-SA-Exim-Mail-From: resellmga4@???
X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on
mail.ruyter.co.uk
X-Spam-Level: ***
X-Spam-Status: No, score=3.4 required=5.0 tests=ALL_TRUSTED,BAYES_00,
HTML_MESSAGE,NO_REAL_NAME,SPF_NEUTRAL,URIBL_JP_SURBL,URIBL_SBL
autolearn=no version=3.1.7-deb
Subject: important discovery for all man kind, acai berry weight loss try it
free
X-SA-Exim-Version: 4.2 (built Thu, 14 Apr 2005 16:52:54 +0000)
X-SA-Exim-Scanned: Yes (on mail.ruyter.co.uk)