On Wed, Jul 12, 2017 at 1:43 PM, Frank Richter
<frank.richter@???> wrote:
> My aim is that the envelope from (Return-Path) is set to the header from
> (whatever it is) for some of our webservers, where PHP programmers send
> email, but don't set the envelope from, so that bounces will go to
> apache@mydomain. They should go to the header-From …
This is something you should avoid, unless you have very strict
control over what From addresses you permit.
In other words, you need to ensure that you have egress filtering of
>From addresses for these cases. Please ensure, for your own sake, that
the From (or envelope-from!) addresses are restricted to domains under
your control, so that they won't contain e.g. Outlook-hosted e-mail
addresses.
Consider using SRS (sending rewrite scheme, see e.g.
https://github.com/Exim/exim/wiki/SRS) for rewriting the sender
address, and sure, use apache@mydomain as the base address for your
rewrites, so that you get e.g.
<SRS0.....gmail.com=frettled=apache@mydomain> as the envelope sender.
--
Jan