On Wed, Sep 20, 2006 at 09:35:45AM -0400, Cormack, Ken wrote: > As I was thinking more about this thread, something occurred to me. > > I wondered, what about external sources that generate email on behalf of a > user, where the user keys in their email address as the sender... For > example, sites that let you send "E-Cards" and such, where you type in your > address as the sender. If one of my users did something like that, would > the rule discussed in this thread reject the mail as "forged"? > > I looked specifically at the American Greetings site, at their e-cards, and > sent myself a test e-card, to observe the header I would receive. That site > puts a "Sender:" line in the header just before the "From:" line, like this: > > Sender: <[EMAIL PROTECTED]> > From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > > My email client displays it as: > > From: [EMAIL PROTECTED]; on behalf of; Cormack, Ken > > Looking at my log entries for this email, I was pleasantly surprised to see > that sendmail and/or MIMEDefang, are recording the "Sender:" as the $sender, > and I assume that if "Sender:" is not present, "From:" is used by MD as > $sender, as that is what I've seen logged and evaluated in the past. > > Could anyone validate this observation?
What MIMEDefang puts in $sender is the _envelope_ sender, which you did not specify in this email. The envelope sender need not be visible in the header, but it usually is, either as Return-Path, in the (in case of mbox format) "From " line, or in the Received: ... from ... header. In the above case, I'm _guessing_ that the envelope sender is the same as what is put in the "Sender:" header, so in that case, your check would work fine. > I'm trying to think of ways that legitimate emails might be broken by > implimenting the rule discussed in this thread (such as one of my users > having a third-party web-site generate an email on behalf of the user.) Oh, there will be broken web forms somewhere that send email with whatever someone will type in a form. It remains to be seen whether those are "legitimate". -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang