[Mimedefang] More than one From address

Todd Aiken todd.aiken at ubishops.ca
Thu Aug 25 09:42:19 EDT 2011 

-----Original Message-----

From: "David F. Skoll" <dfs at roaringpenguin.com>
Reply-To: "mimedefang at lists.roaringpenguin.com"
<mimedefang at lists.roaringpenguin.com>
Date: Tue, 23 Aug 2011 16:01:01 -0400
To: "mimedefang at lists.roaringpenguin.com"
<mimedefang at lists.roaringpenguin.com>
Subject: Re: [Mimedefang] More than one From address

>>Our Linux gateways are correctly classifying the mail as
>> spam, but the transport rules on our Exchange server that filter
>> based on the X-Spam-Level header are not triggering because of the
>> multiple From addresses, and the spam ends up in everyone's Inbox.
>> Is there any easy way I can add something into my MIMEDefang's
>> configuration to detect and reject messages that come in with more
>> than one From address?
>
>Call Microsoft support and ask them to fix Exchange! :)
>
>You'll have to parse the From: header, I guess.  Use the Mail::Address
>Perl module to parse it out and if you get back more than one address,
>take action... but be aware that you may block legitimate mail.

Thanks for your assistance.  I was able to modify my Mimedefang
configuration with the following code in filter_end, right after I discard
messages with a spam rating > 15:

if ($hits > 5) {
    my $From = $entity->head->get("From");
    if ($From =~ /\@ubishops\.ca/i) {
        md_graphdefang_log('spam', $hits, $RelayAddr);
        md_syslog('info', "$MsgID, filter_end changed HEADERS because spam
level = $hits AND sender says they are from ubishops.ca");
        action_change_header("X-Old-From", "$From");
        action_change_header("From", "$Sender");
    }
}


This fixes two problems in Exchange.  1) It prevents the transport rules
from crapping out due to multiple From addresses, and 2) It prevents our
Outlook safe senders rules from leaving the spam in a user's mailbox
because Outlook thinks the message is from us.  And it also doesn't block
any mail because the mail is already classified as spam and is supposed to
end up in the user's Junk Mail folder anyways.

Thanks also for the information about multiple From addresses... in the
15+ years I've been in IT and managing email, I'd never seen messages with
multiple From addresses before.


Todd A. Aiken
Systems Analyst & Administrator
ITS Department
BISHOP'S UNIVERSITY
2600 College Street
Sherbrooke, Quebec
CANADA   J1M 1Z7

More information about the MIMEDefang mailing list