Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Mail from / Envelope-From
  FAQ FAQ  Forum Search   Register Register  Login Login

Mail from / Envelope-From
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
craigeb78 View Drop Down
Newbie
Newbie


Joined: 28 December 2006
Status: Offline
Points: 3 		Post Options Post Options   Thanks (0) Thanks(0)   Quote craigeb78 Quote  Post ReplyReply Direct Link To This Post Topic: Mail from / Envelope-From
    Posted: 19 January 2007 at 2:13pm

I have added an entry to my mail-from Blacklist, and noticed emails still getting through.   While researching, it looks like SF recognized the envelope-from field as the mail from field, and allowed the message because the address is different.    Which should I be blocking?   I would think that I should block the mail from, since that's what most users will report to me.  I've posted the headers and the log below to show you what I mean:

Logs:

Quote

01/19/07 08:40:24:179 -- (42508) Connection from: 66.216.179.115  -  Originating country : United States
01/19/07 08:40:24:820 -- (42508) found SPF record for b.lt05.net: v=spf1 include:listrak.com ?all
01/19/07 08:40:24:882 -- (42508) found SPF record for listrak.com: v=spf1 ptr ?all
01/19/07 08:40:24:960 -- (42508) SPF query result: pass
01/19/07 08:40:24:960 -- (42508) - SPF analysis for listrak.com done: - pass
01/19/07 08:40:24:976 -- (42508) SPF query result: pass
01/19/07 08:40:24:976 -- (42508) - SPF analysis for b.lt05.net done: - pass
01/19/07 08:40:24:992 -- (42508) Mail from: 50A55D31FE60625652A400B74796A4E962299675CD81A870C3DFAC30D409 730A@b.lt05.net
01/19/07 08:40:25:460 -- (42508) - MAPS search done...
01/19/07 08:40:25:460 -- (42508) RCPT TO: me@me.com  accepted
01/19/07 08:40:25:679 -- (42508) EMail from 50A55D31FE60625652A400B74796A4E962299675CD81A870C3DFAC30D409 730A@b.lt05.net to  me@me.com   passes Bayesian filter - 0% spam  (31ms)
01/19/07 08:40:25:804 -- (42508) EMail from 50A55D31FE60625652A400B74796A4E962299675CD81A870C3DFAC30D409 730A@b.lt05.net to me@me.com  was queued. Size: 7 KB, 7168 bytes
01/19/07 08:40:25:929 -- (42508) Disconnect

Headers:

Quote

Received: from 66.216.179.115 by yis10.yorkinternet.net (LogSat Software SMTP Server - Unlicensed Evaluation Copy); Fri, 19 Jan 2007 08:40:25 -0500
Received: by vmta-b-115.listrak.com id hm35e8067nct for <me@me.com>; Fri, 19 Jan 2007 08:42:29 -0500 (envelope-from < 50A55D31FE60625652A400B74796A4E962299675CD81A870C3DFAC30D409 730A@b.lt05.net>)
From: "Wireless Xcessories Group" <sales@wirexgroup.com>
To: "me@me.com" <me@me.com>
Reply-To: sales@wirexgroup.com
Subject: Plantronics Valentines day promo-free carry case w/ 640e/655 purchase
Back to Top
caratking View Drop Down
Groupie
Groupie


Joined: 13 March 2006
Location: United States
Status: Offline
Points: 79 		Post Options Post Options   Thanks (0) Thanks(0)   Quote caratking Quote  Post ReplyReply Direct Link To This Post Posted: 19 January 2007 at 7:54pm
I noticed the same thing the other day - but the emails were from myself.

I had a PHP script that was emailing me some info, and it was being blocked because of an invalid MX record.

The sender in the from field was support@mydomain.com, but SF was blocking the email as it was using the sender it found in the headers as apachie@s90.mydomain.com which of course does not have a valid MX record.  I have not figured out how to set the from in the headers of the message.

I can whitelist the IP, but that does not solve the underlying issue for me.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 19 January 2007 at 8:17pm
The only sender's email address that matters to SpamFilter is the one given in the MAIL FROM command. That is sometimes indicated as the "envelope" or "return path" address. SpamFilter will add the address that was specified by the remote server during the SMTP session in the following header to incoming emails:

X-SF-RX-Return-Path

The address that is specified in the email's "From:" header is ignored and not used by the various filters.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Amadeus0125 View Drop Down
Newbie
Newbie
Avatar

Joined: 12 March 2009
Location: USA
Status: Offline
Points: 5 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Amadeus0125 Quote  Post ReplyReply Direct Link To This Post Posted: 13 March 2009 at 1:31am

 

Hi,

jw-DBL-Update is a Yahoogroups mailinglist on which we post changes to our domain blacklist and 419 scam sender address blacklist. We send a maximum of one mailing per day to all subscribers. If you would like to be automatically notified about additions to or removals from these lists, send an e-mail to: jw-dbl-update-subscribe@yahoogroups.com

List-subscribers who use jwSpamSpy don't have to do anything to benefit, as jwSpamSpy automatically updates its local blacklists whenever it sees DBL-Update messages.
70-293
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.305 seconds.

Copyright (c)2002-2021 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us