On Mon, Mar 12, 2012 at 07:48:14PM -0700, Nataraj wrote:
On 03/12/2012 02:25 PM, m.roth@5-cent.us wrote:
Here's a question: is there any way to inspect an email's headers, and reject it if the alleged FWDN in the From:" doesn't match the oldest "Received: "?
That would be a good test. Postfix does have the ability to match
It would be a _terrible_ test and would fail legitimate mail. e.g. all those people with their domains delegated to google; the source address might be their home internet IP and none of the rest of the machines would contain the FQDN. Heck, even people who use their ISPs mail relay could suffer this one! Some anti-virus software inserts Received headers. Large corporations with multiple DNS domains. Or people with home networks and their smart host that then forwards to an authorised relay. ...
And that's just off the top of my head.
I believe you'd get a fair false-positive with such a test.