whitelist

Matus UHLAR - fantomas uhlar at fantomas.sk
Sat Jul 13 14:27:25 CEST 2019


>On Sat, 13 Jul 2019 at 10:47, Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
>>
>> On 12.07.19 16:47, Deeztek Support wrote:
>> >> BUT...  amavis identifies the address by matching the envelope sender OR
>> >> the From: header sender.  So (in theory) a spammer can easily fake the
>> >> envelope sender and get whitelisted.
>> >
>> >I was under the impression that amavis uses the Return-Path header and not the From header.
>>
>> It's actually envelope from header.
>> Yes, amavis uses that one.

On 13.07.19 11:26, Dominic Raferd wrote:
>I quote again from amavis 2.6.6 release notes: "white and blacklisting
>now takes into account both the SMTP envelope sender address, as well
>as the author address from a header section (address(es) in a 'From:'
>header field). Note that whitelisting based only on a sender-specified
>address is mostly useless nowadays." You can confirm this by looking
>at the code.

sorry, I only checked the docs:
https://www.amavis.org/amavisd-new-docs.html

seems that the header from is only mentioned in changelog and the code...
-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.


More information about the amavis-users mailing list