[Rspamd-Users] Prevent sender address spoofing envelope/header FROM

Taco de Wolff tacodewolff at gmail.com
Mon Jan 22 15:02:24 UTC 2024


Thanks Gerald, that's worth a try. I had another idea that might work and
wanted to check.

While SPF verifies the envelope FROM address, and DKIM signs the message,
it is DMARC that enforces the header FROM address which makes it sent to
spam at the destination server. By default, Rspamd disables DMARC for
outgoing messages, what if we enable it so that it verifies DMARC locally
before sending out. This prevents it from getting to spam on the
destination server as it isn't sent out in the first place. Would that work?

Kind regards,
Taco de Wolff


On Sun, Jan 21, 2024 at 3:33 PM Gerald Galster <list+rspamd at gcore.biz>
wrote:

> > I'd like to block sending out emails that have a different header FROM
> > address domain than their envelope FROM address domain.
>
> I don't think there is an easy way to accomplish that and you need to
> keep in mind legitimate reasons for "header/envelope from" to differ,
> e.g. sender rewriting scheme (SRS).
>
> There is a symbol named FROM_NEQ_ENVFROM which you could use as an
> example for a custom lua rule and then act upon authenticated users:
>
> https://github.com/rspamd/rspamd/blob/master/rules/headers_checks.lua
> Line 630 - 676.
>
> https://rspamd.com/doc/tutorials/writing_rules.html
> https://rspamd.com/doc/lua/
>
> Best regards,
> Gerald
>
>
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users
>


More information about the Users mailing list