How to block mail if Return-Path: and From: are not same

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
sadiq007
Advanced member
Advanced member
Posts: 104
Joined: Sat Sep 13, 2014 12:27 am

How to block mail if Return-Path: and From: are not same

Postby sadiq007 » Sat Jul 10, 2010 2:45 am

to avoid spam i want block mail for which Return-Path: and From: are not same.how can i do that?
because we are getting spam mail for our our users with sent address of our domain but with different Return-Path:

so i want block such kind of mails....
another is there any way to block mail which having perticular word in there subject or body ...for all users.

for example i want all mail which containing word "******" in there subject or body part for my all users.


sadiq007
Advanced member
Advanced member
Posts: 104
Joined: Sat Sep 13, 2014 12:27 am

How to block mail if Return-Path: and From: are not same

Postby sadiq007 » Sat Jul 10, 2010 7:09 am

hi UX,

As per your suggested link i am going to download script from Perl | package FromNotReturnPath; us - Ivan Korotkov - 0m9CYxzV - Pastebin.com

as there is no plugin folder in /spamassassin so i am going to create it , and will save this script as FromNotReturnPath.pm then i will add following lines in to /opt/zimbra/conf/spamassassin/newpre.pre

loadplugin FromNotReturnPath plugins/FromNotReturnPath.pm

header FROM_NOT_RETURN_PATH eval:check_for_from_not_return_path()

describe FROM_NOT_RETURN_PATH From: does not match Return-path:

then i will do following changes in salocal.cf

header __FROM_MYDOMAIN From =~ /@MYDOMAIN.com/i

meta FAKE_MYDOMAIN_ANNOUNCE (__FROM_MYDOMAIN && FROM_NOT_RETURN_PATH)

describe FAKE_MYDOMAIN_ANNOUNCE Fake mail from MYDOMAIN account management
score FAKE_MYDOMAIN_ANNOUNCE 40.0
Plz correct me if i am wrong anywhere..
BUT Ivan in that forum saying-

I'd recommend using it in conjunction with spamming domain (because, technically, return-path does not always equal From even in legitimate e-mail; maillists are counter-example).
So it means this rules will apply to all mails which are coming to my mail server and there Return-path and From address are not same...if this is right then as per him it will create problem incase of mails are from known mailing-lists
So is it possible that this rule will apply to only for my domain only, i mean if the mail have from-path of my domain and not having return-path of my domain then and then only it will be apply.
User avatar
barrydegraaff
Posts: 41
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: How to block mail if Return-Path: and From: are not same

Postby barrydegraaff » Sat Nov 18, 2017 2:43 pm

One solution is here:
https://iomarmochtar.wordpress.com/2017 ... om-header/
https://github.com/iomarmochtar/zmbr_check_sender

It uses Milter a postfix extension and compares the users rights in LDAP with what the user is doing
and rejects false FROM. This solution works on 8.7.11 (I tested)


Another solution is here:
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
However some people have reported this solution does not work, anyway I cannot read that wiki
page. Too much headache.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 19 guests