Fair warning: This post is pretty darn technical and is of little interest to people who don’t muck around with Linux and/or mail servers.
Recently I had a problem with someone on a midrange.com mailing list where they sent obvious spam.
The problem was, they were a subscriber to the list and had posted before … so the normal counter measures for that didn’t work (the first post for all subscribers are held until approved, to prevent people from subscribing, posting spam, and unsubscribing).
The puzzling thing about this was … the ‘from address’ on the message was not in the subscriber list.
Turns out that Mailman will accept message based on the FROM address of the message or the SENDER address (also known as the envelope-from). The sender addressed is set by the sending mail server and is not normally in the body of the message.
After a bit of digging around, I figured out a way to add this information to the message headers so I can more easily diagnose the problem in the future.
What I did is add some additional text to the “Received” header that sendmail adds to message.
The received header, as defined by the confRECEIVED_HEADER macro, is constructed of a pre-defined set of macros: ‘_REC_HDR_’, ‘_REC_AUTH_’, ‘_REC_BY_’, ‘_REC_TLS_’, and ‘_REC_END_’.
So I added a variable to the end of the ‘_REC_END_’ macro that will include the envelope-from value.
The M4 code needed for the sendmail.mc file is:
define(`_REC_END_', `for $u; $|; $.$b (envelope-from: $f)')
The header that will show up in the message will look something like this:
Received: from mail.example.com (mail.example.com [126.96.36.1999]) by mail1.midrange.com (8.14.3/8.14.3) with ESMTP id qAG2KQIe028670 for <firstname.lastname@example.org>; Thu, 15 Nov 2012 20:20:32 -0600; (envelope-from email@example.com)
Turns out spamassassin knows how to parse this … so it won’t cause a problem processing the headers.
This won’t prevent someone from sending spam … but at least I’ll be able to tell who sent it.