Return-Path Not checked

koby · Dec 17, 2022

Hello Guys ,
I make a lot of use with "What Object" option to check different field on the header section to avoid spam.
I been more then happy to see that in the current release (7.2-2) these feature got more attention then before.
BUT in my testing I could tell the at list the header field "Return-Path" is not been check / not been check properly
Please see the above the setting

here is the message log :

Delivered-To: asaf@neway1.co.il

[B]Return-Path: 3pKOdYwcJBIU7xmoj2lpvjru.lxvj1jown5j7A.lx.ru@calendar-server.bounces.google.com[/B]

Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com [209.85.208.74])
    by smg01.localdomain (Proxmox) with ESMTPS
    for <asaf@neway1.co.il>; Sat, 17 Dec 2022 13:10:29 +0200 (IST)
Received: by mail-ed1-f74.google.com with SMTP id j11-20020aa7c40b000000b0046b45e2ff83so3438046edq.12
        for <asaf@neway1.co.il>; Sat, 17 Dec 2022 03:10:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

What am I doing wrong here.

Best Regards ,
Koby Peleg Hen

Stoiko Ivanov · Dec 19, 2022

The Return-Path field is usually set to the envelope from address - you can use a Who Object to match for envelop addresses

koby · Dec 19, 2022

As you say , usually , but the hacker do not know that ,
To my best knowladge ,in Proxmox Smg release note they say that all of the header field are searchable now.
the "From" field is very easy to fake.

Stoiko Ivanov · Dec 19, 2022

not sure I understand your comment

The Return-Path header contains the _envelope_ from address - this is _not_ the address in the from header:
see: https://en.wikipedia.org/wiki/Bounce_address

If you want to match on what you see as 'Return-Path' create a Who Object with a regex inside

I hope this explains it!

Search

Search

Return-Path Not checked

koby

Renowned Member

Stoiko Ivanov

Proxmox Staff Member

koby

Renowned Member

Stoiko Ivanov

Proxmox Staff Member