[Mimedefang] Rejecting forged senders - comments?
Cormack, Ken
ken.cormack at roadway.com
Wed Sep 20 11:29:00 EDT 2006
> What MIMEDefang puts in $sender is the _envelope_ sender, which you
> did not specify in this email. The envelope sender need not be visible
> in the header, but it usually is, either as Return-Path, in the (in
> case of mbox format) "From " line, or in the Received: ... from ...
> header.
Good point...
> In the above case, I'm _guessing_ that the envelope sender is the same
> as what is put in the "Sender:" header, so in that case, your check would
> work fine.
...And Outlook is obviously looking at the header "Sender:".
> Oh, there will be broken web forms somewhere that send email with
> whatever someone will type in a form. It remains to be seen whether
> those are "legitimate".
I agree. For the broken ones, I can add in a provision to use my existing
whitelisting code to exempt if needed. It's faster for me to do that than
to get the site to fix their code.
Thanks again.
Ken
More information about the MIMEDefang
mailing list