Am 25.05.22 um 17:20 schrieb Evgeniy Berdnikov via Exim-users:
On Wed, May 25, 2022 at 08:38:32AM -0600, Chad Leigh Shire.Net LLC via
Exim-users wrote:
What is the best strategy to combat and right out reject mail that
has the from: and the recipient address the same? Or alternately to
force things like SPF checking against the from: in addition to the
envelope-sender? (Not sure if that is a good idea — will it mess up
legit email from mail processors etc )
Such a mail may be a test message that user sent to its own address.
So blind comparison of From: and To: is not a good idea, especially taking
into accout that To: can contain several destination addresses and
may be used as Cc: field to keep own copy of outgoing mail.
Take a look at DMARC.
but, a valid user would use SMTP-Auth which the spammer won't use.
so the test: ( From == To || From in To || From in CC ) &&
SMTP-AUTH==FALSE would be a valid methode IMHO.
It ofcourse requires the use of amtp-auth, but that should be enabled
anyway or the server will become or is an open relay for anyone.
best regards,
Marius
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/