Author: David Woodhouse Date: To: Axel Rau CC: List: exim, Nigel Metheringham Subject: Re: [exim] hole in acl_smtp_mail
On Sun, 2010-08-01 at 14:07 +0100, Nigel Metheringham wrote: > On 1 Aug 2010, at 13:43, Jeremy Harris wrote:
>
> > Are you assuming that
> > header From: is the same as envelope MAIL FROM ?
>
> By the way, don't take that as a suggest you should be checking header
> From: - for a reason why look at messages you sent to this mailing
> list as they come back to you...
Well, in the general case it's just as broken to do it on the envelope
MAIL FROM:.
Some "mailing lists" turn out to be just aliases which expand to a bunch
of people, and don't rewrite the envelope sender either. I noticed a few
days ago that the Fedora packager-sponsors list is an example of this,
for example.
So if one of your users sent a message to such a "list", you'd reject
that message. So none of your other users would receive it (and neither
would the original sender, of course).
You'd also reject valid messages if you have users who forward an
external mail account to their account on your server. If any of your
local users then send mail to that account, it's going to come back to
you, quite correctly, with your *own* sender address in the envelope.
And get wrongly rejected.
You cannot safely reject mail based on comparing the MAIL FROM: address
with the IP address from which it comes.
You'd do better to look at BATV -- where you can reject the message
based on the MAIL FROM: address *alone*. For example, I never send
MAIL FROM:<dwmw2@???> and thus I can reject all messages with
that in the envelope, regardless of where they come from.