Fair warning: This post is pretty darn technical and is of little interest to people who don’t muck around with Linux and/or mail servers.
Recently I had a problem with someone on a midrange.com mailing list where they sent obvious spam.
The problem was, they were a subscriber to the list and had posted before … so the normal counter measures for that didn’t work (the first post for all subscribers are held until approved, to prevent people from subscribing, posting spam, and unsubscribing).
The puzzling thing about this was … the ‘from address’ on the message was not in the subscriber list.
Turns out that Mailman will accept message based on the FROM address of the message or the SENDER address (also known as the envelope-from). The sender addressed is set by the sending mail server and is not normally in the body of the message.
After a bit of digging around, I figured out a way to add this information to the message headers so I can more easily diagnose the problem in the future.
What I did is add some additional text to the “Received” header that sendmail adds to message.
The received header, as defined by the confRECEIVED_HEADER macro, is constructed of a pre-defined set of macros: ‘_REC_HDR_’, ‘_REC_AUTH_’, ‘_REC_BY_’, ‘_REC_TLS_’, and ‘_REC_END_’.
So I added a variable to the end of the ‘_REC_END_’ macro that will include the envelope-from value.
The M4 code needed for the sendmail.mc file is:
define(`_REC_END_', `for $u; $|; $.$b (envelope-from: $f)')
The header that will show up in the message will look something like this:
Received: from mail.example.com (mail.example.com [18.104.22.1689]) by mail1.midrange.com (8.14.3/8.14.3) with ESMTP id qAG2KQIe028670 for <firstname.lastname@example.org>; Thu, 15 Nov 2012 20:20:32 -0600; (envelope-from email@example.com)
Turns out spamassassin knows how to parse this … so it won’t cause a problem processing the headers.
This won’t prevent someone from sending spam … but at least I’ll be able to tell who sent it.
You’re saying that sendmail doesn’t add the envelope sender to the headers of incoming emails by default??? I use postfix (not nearly as extensible as sendmail but much easier to set up) and it adds a Return-Path header line to incoming emails out of the box. In fact I don’t think there’s a way to tell postfix to not do that.
I’ve never run a mailing list and have no personal experience with mailing list software, so you can decide what orifice of my body I’m talking out of , but I would want the email acceptance to be based on the envelope sender, with an option to specify whether the From header:
1. must match the envelope sender (which seems to be me to be the best option), or
2. does not have to match, but must also be a subscriber, or
3. isn’t checked.
Well, the issue was the fact that the message that was getting sent out was re-sent by Mailman … so the ‘sender’ of the message was mailman and not the original sender. My modification to the sendmail config basically adds redundant information … in case the envelope sender is removed.
Okay, that makes more sense.
Without that I suppose you end going back through sendmail logs trying to match up the original incoming email with the re-sent email, which would be a real pain.
Which is pretty much what I did for the issue that came up..