Return-Path Not checked

K

koby

Renowned Member
Jun 21, 2012
138
4
83
Natanya , Israel
Hello Guys ,
I make a lot of use with "What Object" option to check different field on the header section to avoid spam.
I been more then happy to see that in the current release (7.2-2) these feature got more attention then before.
BUT in my testing I could tell the at list the header field "Return-Path" is not been check / not been check properly
Please see the above the setting
Screenshot 2022-12-17 at 19.52.56.png

here is the message log :

Delivered-To: asaf@neway1.co.il [B]Return-Path: 3pKOdYwcJBIU7xmoj2lpvjru.lxvj1jown5j7A.lx.ru@calendar-server.bounces.google.com[/B] Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com [209.85.208.74]) by smg01.localdomain (Proxmox) with ESMTPS for <asaf@neway1.co.il>; Sat, 17 Dec 2022 13:10:29 +0200 (IST) Received: by mail-ed1-f74.google.com with SMTP id j11-20020aa7c40b000000b0046b45e2ff83so3438046edq.12 for <asaf@neway1.co.il>; Sat, 17 Dec 2022 03:10:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

What am I doing wrong here.

Best Regards ,
Koby Peleg Hen
 
The Return-Path field is usually set to the envelope from address - you can use a Who Object to match for envelop addresses
 
As you say , usually , but the hacker do not know that ,
To my best knowladge ,in Proxmox Smg release note they say that all of the header field are searchable now.
the "From" field is very easy to fake.
 
not sure I understand your comment

The Return-Path header contains the _envelope_ from address - this is _not_ the address in the from header:
see: https://en.wikipedia.org/wiki/Bounce_address

If you want to match on what you see as 'Return-Path' create a Who Object with a regex inside

I hope this explains it!
 
You must log in or register to reply here.
Top Bottom