Re: [exim] $h_from or $sender_addres

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] $h_from or $sender_addres
Hi,

soumya tr <soumya.324@???> (Mo 17 Feb 2014 18:32:08 CET):
> Hi,
>
> I am in the process of adding some condtions to prevent from address
> spoofing. But now I am confused on weather to use $h_from or
> $sender_address .
>
> Which one should I use? Please help


The $sender_address is the envelope sender. $h_from gets its value from
the "From:" header.

Both may be forged.

The "From:" is even more forged mostly. (As many MTA take care about
checking the envelope sender in some way, but don't care about the
message headers.)

The $sender_address is guaranteed to contain a valid address (or is
empty, if the envelope sender was empty (bounce), since Exim extracts
this from the SMTP MAIL FROM command.

The $h_from contains that what the sender put into the "From:" header,
this can be literally anything. Except you do not use "verify = header",
Exim does not take care about the (syntactical) correctness of this
header.

To make it more complicated, the "From:" header may contain multiple
addresses, thus checking is more difficult, but possible.

And, if you receive your own message via a mailing list (like this
exim-users), it contains your own address in the "From:" header. But the
envelope sender (sender_address) is set to something like
"<exim-users-bounces+…@exim.org>". It's this should be far away from
spoofing.

Now it's up to you :)

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
 gnupg fingerprint: 9288 F17D BBF9 9625 5ABC  285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B)-