Once again, thanks for clearing things up. So I guess I'm confused. Isn't the only way to have an empty sender having no "MAIL FROM" during the smtp session?
Does courier accept smtp sessions where there's a RCPT TO but no valid MAIL FROM? I'm sorry for my ignorance... I'm just trying to understand this better. I'm building a system where messages are only accepted if the sender matches an entry in the recipient's addressbook. So basically it's an "authenticated" delivery system. However, I do need to let through messages from postmaster/mailer-daemon and any other valid system-generated messages, including DSN and the like. But if I also allow any message with an empty sender, then it might defeat the purpose of the system. I thought that the $SENDER variable was set to whatever the "MAIL FROM" was set to during the smtp session. Thanks for any insight. Ricardo > > Thanks Sam. > > So let me put it another way... other than internally generated courier > messages, and delivery status notifications, could there be an empty sender? Anyone can use any return address for any message, including an empty one; but officially only delivery status notifications (which includes bounces, delivery receipts, and vacation messages) are supposed to have an empty return address. And, of course, anyone can be running a vacation autoresponder. > I'm trying to determine if in my mailfilter it is "safe" to accept > messages with empty sender, or if there are possibilities of malicious or > junk mail in which the sender is empty? Of course there's junk mail around with an empty sender; just like there's plenty of junk mail where the sender address is set to <[EMAIL PROTECTED]>.
