On 15/04/22 6:49 pm, Fourhundred Thecat wrote:
I am receiving spam emails, where the "to:" line is entirely missing in
the email header.
The header has "X-Original-To:" and "Delivered-To:", but no "to:" line.
I have pasted the header here: https://ctxt.io/2/AABg30FRFQ
How could I block such emails? Can I use header-check for this?
The short answer is you can't. the long answer is that header_checks
each header individually and compares them against your pcre file.
Since a legitimate email will match several headers that don't start
with To: you can't try to match that and reject the message accordingly.
In order to do it you will need a milter or content filter.
Are there any legitimate cases where "to:" might be missing?
It is possible, although rather unusual. A message must have a
recipient, but not necessarily specified in a To: header. You're not
likely to get much, if any legitimate mail with a missing To: header,
though.
Peter
