From: Cami (no email)
Date: Wed Jun 02 2004 - 01:35:36 EDT
>>A spammer sends mail with just a bare "From: spammer" as the RFC822 sender
>>address. Postfix appends $myorigin to it. Users get mail from a supposedly
>>local user. Difficult to explain to them *that* postfix adds its own name,
>>not possible to respond to the general response of "But... thats stupid. Why
>>does it do that?"
>
> the answer is that lots of local users are stupid and configure their mail
> clients to send mail from just plain "john" rather than "".
You are making huge presumptions..
> in this particular instance, postfix IS the originating SMTP server, acting on
> behalf of the client and what it does is a Good Thing. it drastically reduces
> the number of stupid questions from stupid users with misconfigured mail
> clients. the one or two stupid questions per year from people puzzled by the
> behaviour are a tiny price to pay.
Clearly you do not work for any large ISP..
> it's probably not possible to implement without radical changes to the way that
> postfix works (which would cost far more than it is worth), but a strong
> argument could be made that postfix should only append $mydomain when the
> client IP address is in $mynetworks or has been authenticated.
Agreed..
> another possibility is to only make these changes IF there aren't any Received:
> headers (apart from the one added by the local postfix). it won't help with
> direct-to-mx spam/viruses(*), but otherwise it is a pretty good indicator of
> whether the local postfix is the first smtp server that has seen the message or
> not.
*Why*? This is exactly what you do not want..
Cami
|
|
|