whitelist
Dominic Raferd
dominic at timedicer.co.uk
Sat Jul 13 12:26:52 CEST 2019
On Sat, 13 Jul 2019 at 10:47, Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
>
> On 12.07.19 16:47, Deeztek Support wrote:
> >> BUT... amavis identifies the address by matching the envelope sender OR
> >> the From: header sender. So (in theory) a spammer can easily fake the
> >> envelope sender and get whitelisted.
> >
> >I was under the impression that amavis uses the Return-Path header and not the From header.
>
> It's actually envelope from header.
> Yes, amavis uses that one.
I quote again from amavis 2.6.6 release notes: "white and blacklisting
now takes into account both the SMTP envelope sender address, as well
as the author address from a header section (address(es) in a 'From:'
header field). Note that whitelisting based only on a sender-specified
address is mostly useless nowadays." You can confirm this by looking
at the code.
More information about the amavis-users
mailing list