How to get correct "From address" of incoming messages

[Squiggle]

In PMG, I create an action "disclaimer" to insert the sender's address into the message body for inbound messages:

[----- This email send from external address: __SENDER__ -- please review before any action, clicking on links, or opening attachments -----]

However, in some cases, these addresses don't match what I see in the Zimbra web interface. For example:

• The message in PMG shows a 'From' address of infoiratc@gmail.com,
• but in Zimbra, it shows a 'From' address of mdalikoc4@gmail.com

Mesage header in ZImbra:

Return-Path: infoiratc@gmail.com
Received: from localhost (LHLO zimbra-mail.server.name) (127.0.0.1) by
 mail.server.name with LMTP; Mon, 8 Apr 2024 01:24:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
    by zimbra-mail.server.name (Postfix) with ESMTP id 0E1273E2045;
    Mon,  8 Apr 2024 01:24:07 -0700 (PDT)
Authentication-Results: mail.server.name (amavisd-new);
    dkim=fail (2048-bit key) reason="fail (message has been altered)"
    header.d=gmail.com
Received: from zimbra-mail.server.name ([127.0.0.1])
    by localhost (mail.server.name [127.0.0.1]) (amavisd-new, port 10032)
    with ESMTP id 5Dq7gA1TOlhQ; Mon,  8 Apr 2024 01:24:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
    by zimbra-mail.server.name (Postfix) with ESMTP id C93C93E2058;
    Mon,  8 Apr 2024 01:24:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at server.name
Received: from zimbra-mail.server.name ([127.0.0.1])
    by localhost (mail.server.name [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id 0CIb5pLOqyFu; Mon,  8 Apr 2024 01:24:06 -0700 (PDT)
Received: from mail.server.name (unknown [mail-lan-ip])
    by zimbra-mail.server.name (Postfix) with ESMTPS id 69EAC3E2045
    for <info@server.name>; Mon,  8 Apr 2024 01:24:06 -0700 (PDT)
Received: from mail.server.name (localhost.localdomain [127.0.0.1])
    by mail.server.name (Proxmox) with ESMTP id 3D7401419A2
    for <info@server.name>; Mon,  8 Apr 2024 15:24:06 +0700 (+07)
Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'infoiratc@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=mail.server.name; identity=mailfrom; envelope-from="infoiratc@gmail.com"; helo=mail-ej1-f41.google.com; client-ip=209.85.218.41
Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41])
    by mail.server.name (Proxmox) with ESMTPS
    for <info@server.name>; Mon,  8 Apr 2024 15:24:02 +0700 (+07)
Received: by mail-ej1-f41.google.com with SMTP id a640c23a62f3a-a44f2d894b7so478812966b.1
        for <info@server.name>; Mon, 08 Apr 2024 01:24:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1712564634; x=1713169434; darn=server.name;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=8CXHQgsJnMxUtsn7CoJM11DqOu47s8P8VoaVJ995CZs=;
        b=VulyjxGyTJX7cgYPykU8pGfyDUquiFH8u+tDbTvvTkSHlJ/nSZt9AqzZXVtW1OcC3X
         ZegWxXb6L/5DpksF1WfADWptLH76co1qr0cOPTJT1QPmPdexx0S5Ap7LuNTcjr6YWGgp
         2jlarYUAp65nBtoAaGuXaw3y8H0wVJCvzlmydBj7YEn9Kmn91bKjHmna5qovhiJtlm+w
         dcXSzBXw0qNcDwsNpbG8jKdzRbZzESdw03WdJVM6aoboYnNV63umeNQjrowY1EvJvj2a
         SA8vmGvxfG/sxDoHlwo3NzYmCum2EDOrRvIU/B09P9WstlLgvFpujNnI8vLHfVpSRD54
         kGRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1712564634; x=1713169434;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=8CXHQgsJnMxUtsn7CoJM11DqOu47s8P8VoaVJ995CZs=;
        b=LcsVpU9Q6bFxhnZzIfuNtCqgZyVd9hxUvWtOCuaqhjyIp2zFuO0pwrtFfcMMj75NKY
         l32FTZp08So7ppZ/IjvcFa0tCDmrjwgecbLRyHx8Ks7YBPcRNIdoglkhiG5QxJPPvdDt
         BG+wNril0ILuZGyq0woGpSC9UTxw52+ZF1X1jIm7OvB4TxbhSriE05USJXfWHn0rmJJ4
         70KuraAVPgNQpFDPikbSAbCsqjWF9SJmYbzLTzO64vgpccJI1eu0KzRXUQn8wOwzE6C9
         2Gh/y8Hc4L9Gf2VpxydTL1WZsWQULSpQM2mZzicw6u8Ed7QYn33rCf1kdrr/Ea9PJV1z
         iesA==
X-Forwarded-Encrypted: i=1; AJvYcCVzGOdorCH3zfNyOaWnAB/rp8f5Zy79O12iC22YIL0G9N9pYDJ1a3AhTppkNCVNufE3JHVvkF8H6sXhxSZkbWM=
X-Gm-Message-State: AOJu0Yz7SBrYsTXmerGbFu4aXZorrzXyguFYiOQb1GmeaO1JA+OvIj0O
    E+beyVom7fMlJ2Hj/YBb9GtvjI+r4RXdjX+ChVQ1ahxQsaCIhQ8QnFezNc+ZIRaGndmk/Ts3uO0
    vy0+Iw9RgZ+85pRBCWJJFgaq4Ht0=
X-Google-Smtp-Source: AGHT+IGXyC3vy7pILLjxGZFPvULmtoJO7rylA6d8WdWGim292ulYh3qiGFPWxR3LsV2+6LKbsb3B9s8Wun/l9xW3qnM=
X-Received: by 2002:a17:907:7d90:b0:a51:ce36:1534 with SMTP id
 oz16-20020a1709077d9000b00a51ce361534mr2657260ejc.48.1712564633971; Mon, 08
 Apr 2024 01:23:53 -0700 (PDT)
MIME-Version: 1.0
From: Md Ali Yunus <mdalikoc4@gmail.com>
Date: Mon, 8 Apr 2024 09:23:42 +0100
Message-ID: <CAMcbuqp=3CqpGHeNQGzjUqxOw92-Du8CQZKGQorkegEiiLAxyw@mail.gmail.com>
subject: [EXTERNAL] T-shirt Contract Supply Order
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000a9b41106159186ed"

My question is: Which address is the real sender address, and how can I view both addresses in PMG?

Thanks.

 

[mbrother]

Hello @Squiggle,

Real sender is infoiratc@gmail.com. You can find it in header:

Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'infoiratc@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=mail.server.name; identity=mailfrom; envelope-from="infoiratc@gmail.com"; helo=mail-ej1-f41.google.com; client-ip=209.85.218.41

Zimbra shows sender in 'From' header, it may not be the real sender.
PMG shows sender in 'Return-path', that's the real sender.