From: Craig Sanders (no email)
Date: Wed Jun 02 2004 - 00:18:56 EDT
On Tue, Jun 01, 2004 at 06:05:37PM +0200, Alex van den Bogaerdt wrote:
> Note that "the following changes" are allowed at the origin, not on an
> intermediate relay!
>
> A spammer sends mail with just a bare "From: spammer" as the RFC822 sender
> address. Postfix appends $myorigin to it. Users get mail from a supposedly
> local user. Difficult to explain to them *that* postfix adds its own name,
> not possible to respond to the general response of "But... thats stupid. Why
> does it do that?"
the answer is that lots of local users are stupid and configure their mail
clients to send mail from just plain "john" rather than "".
in this particular instance, postfix IS the originating SMTP server, acting on
behalf of the client and what it does is a Good Thing. it drastically reduces
the number of stupid questions from stupid users with misconfigured mail
clients. the one or two stupid questions per year from people puzzled by the
behaviour are a tiny price to pay.
it's probably not possible to implement without radical changes to the way that
postfix works (which would cost far more than it is worth), but a strong
argument could be made that postfix should only append $mydomain when the
client IP address is in $mynetworks or has been authenticated.
another possibility is to only make these changes IF there aren't any Received:
headers (apart from the one added by the local postfix). it won't help with
direct-to-mx spam/viruses(*), but otherwise it is a pretty good indicator of
whether the local postfix is the first smtp server that has seen the message or
not.
(*) these often have several forged Received headers anyway.
craig
-- craig sanders <> The next time you vote, remember that "Regime change begins at home"
|
|
|