Re: [exim] Deny when from and to are the same (Jeremy Harris)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: [exim] Deny when from and to are the same (Jeremy Harris)

Viktor Dukhovni


> On Apr 8, 2019, at 11:33 PM, AC via Exim-users <[hidden email]> wrote:
>
> No, I understand what I'm looking at and I know what I'm asking for.

In point of fact, you really don't understand the message "envelope",
i.e. how messages are processed in transit between systems.

[ The liberating thing about not being an expert, is not knowing what
  you don't know. ]

> I was examining the spam I received and observed that the Envelope-to, To:
> and From: all were identical.

No, the spam had an envelope sender (as recorded in the Return-Path
header on delivery) that was distinct from the RFC2822.From header.

> The envelope-from and Return-path did not

Stored messages don't have an "envelope-from", but they do have a
"Return-Path", which records the last envelope sender at time of
delivery.

> match the first three.  However, nearly every legitmate email I receive
> does not have Envelope-to,

All messages (in transit) have at least one envelope recipient, otherwise
they could/would not be delivered to anyone.

> To and From matching each other exactly (with
> the exception of a couple of mailing lists that I can whitelist).  So I
> tried writing the rules to take care of this.

Much legitimate mail you receive from from automated systems (rather
than individual human authors) will have an envelope sender that is
distinct from the RFC2822.From header.

Take some time to understand what is meant by the message envelope.
You'll see the envelope sender and recipient addresses in mail logs,
and they need not agree with what you later find in the delivered
message.

For example, "Bcc" recipients appear only in the message envelope
recipient list, and not in the message headers.  The envelope sender
is where any non-delivery notifications for the message go, and need
not match the "From" header, but many user agents don't provide the
option of setting them separately.

--
        Viktor.