[Rspamd-Users] match null sender
Jesse Norell
jesse at kci.net
Tue Oct 5 22:25:45 UTC 2021
Hello,
Does anyone have a tip for matching a null envelope sender?
If useful, the full context in which I need it is a combined rule for
the multimap module, eg. in multimap.conf if I have:
LOCAL_FORGED_FROM {
description "Spoof as local domain.";
type="combined";
rules {
local_smtp_from = {
map = "$LOCAL_CONFDIR/local.d/maps.d/local_domains.inc";
selector = "from('smtp'):domain";
}
local_mime_from = {
map = "$LOCAL_CONFDIR/local.d/maps.d/local_domains.inc";
selector = "from('mime'):domain";
}
}
expression = "local_mime_from & !local_smtp_from";
score = 1.0;
}
This works to catch a random sender spoofing our domain in From:
header, but it also matches on a null sender, which could be part of
mail delivery notifications and such, so seems like that should be
avoided.
Thanks
--
Jesse Norell
Kentec Communications, Inc.
970-522-8107 - www.kci.net
More information about the Users
mailing list