[Rspamd-Users] Weird behaviour on Return-Path header processing
G.W. Haywood
rspamd at jubileegroup.co.uk
Wed Sep 11 13:34:54 UTC 2024
Hi there,
On Wed, 11 Sep 2024, jose.celestino at gmail.com wrote:
> Noticed what seems a weird behaviour with rspamd processing of the
> return-path header: the setting of the from_envelope seems to depend
> on where the return-path is located on the headers:
>
> - if the return-path is seen earlier (that is, added later and on top
> of the headers), it is properly processed and from_envelope set
> accordingly
>
> - if the return-path is later in the headers (after the from?) then
> from_envelope is not set from its value ...
'Return-Path:' is what's called a 'trace header':
https://datatracker.ietf.org/doc/html/rfc2822#section-3.6.7
> So, is this a side-effect or on purpose?
My (er, educated) guess is that it's on purpose. If a header can be
confidently assumed to have been applied by the local MTA then it can
probably be trusted. For the 'Return-Path:' header, this effectively
means that it's expected to be the *first* header in the message.
Unfortunately forged headers are very common.
If it's way down in the weeds it may be forged and should be ignored.
It's permitted for your mail system to delete it but you may need to
be able to cope with any side effects that might possibly have.
--
73,
Ged.
More information about the Users
mailing list