web@??? <web@???> (Mi 01 Mai 2013 12:35:38 CEST):
> Hello
>
> I'm dealing with spoofed email addresses in From header of emails I've
> recive.
>
> Here are sample headers of such message:
>
> Return-path: <fountains7@???>
…
> Date:Tue, 30 Apr 2013 21:25:08 -0400
> From: <<my.email@???>>
…
> Until today I've successfuly denied messages with from like this:
> From: my.email@???
I'd not reject such messages, it is not illegal to see ones own address
in some From: header line. Your secretary might send such messages in
your name (but with sender: set to her address).
> I used such ACL rules to stop spoofed email:
>
> condition = ${if or {\
> {match_domain{${domain:$rh_from:}}{+local_domains}}\
> {match_domain{${domain:${address:$rh_from:}}}{+local_domains}}\
> {match_domain{${domain:${reduce{${addresses:$h_from:}}{}{$item}}}}{+local_domains}}\
> {match_domain{${domain:${reduce{${addresses:$h_from:}}{}{${if
> eq{$value}{}{$item}{$value}}}}}}{+local_domains}}\
> }{yes}{no}}
Looks "write only" to me. But you could enforce correct header lines for
your incoming mails:
require verify = header_syntax
verify = header_sender
… before you apply your above condition.
(Check the relevant spec parts to be sure :))
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
gnupg fingerprint: 9288 F17D BBF9 9625 5ABC 285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B)-
