Cormack, Ken wrote: > I wondered, what about external sources that generate email on behalf of a > user, where the user keys in their email address as the sender... For > example, sites that let you send "E-Cards" and such, where you type in your > address as the sender.
Properly-written sites will use [EMAIL PROTECTED], as you saw. Badly-written ones will use your address and trigger the problem. > Looking at my log entries for this email, I was pleasantly surprised to see > that sendmail and/or MIMEDefang, are recording the "Sender:" as the $sender, > and I assume that if "Sender:" is not present, "From:" is used by MD as > $sender, as that is what I've seen logged and evaluated in the past. No. MIMEDefang uses whatever was given in the MAIL FROM: SMTP command, which may or may not correspond to anything in any of the headers. (Though Sendmail typically adds the MAIL FROM: address in a Return-Path: header when the message is delivered.) > I'm trying to think of ways that legitimate emails might be broken by > implimenting the rule discussed in this thread (such as one of my users > having a third-party web-site generate an email on behalf of the user.) Some mailing lists use the original poster's address as the MAIL FROM: address. Those will break. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang