To quarantine email if "from address" not match with "Return-Path"

[jourdan]

Hi,

I have created a Whitelist email domain in "Who Objects" to prevent malicious and spam mail for my email users. However, we noticed some malicious email pretend to be sender from the whitelist domain (e.g. xyz.com).

I would like to confirm, is there any filter, objects or rules can be applied to check against the "Return-Path" and "From address" or "Return-Path" and "Whitelist Domain"? If it doesn't match, then quarantine those messages.




Example of malicious email
Message from address
support@xyz.com

Message header info
Return-Path: 0102018707469cf0-90aaf017-1511@beleco.com


Thanks & regards,

 

[jourdan]

To admin and support team.

I'm unable to delete this thread. So, please ignore this thread as I've already submitted a ticket in Customer Portal.

Sorry for any inconveniences caused.

 

[hpolatkan]

Hi,

Since the topic is written here, it would be great if you could share the solution as well

 

[szumi83]

Hi.
I love to know how to do that too

 

[thiagotgc]

I would also like to know!

 

[Stoiko Ivanov]

see for example: https://forum.proxmox.com/threads/mail-filter-whitelisting-addresses.121038/post-526213

the Return-path header usually contains the envelope address - you match these with Who Object
the From header is matched with a Match field What object

I hope this helps!

 

[ralma]

@Stoiko Ivanov:

thank you - but the question was

check against the

"Return-Path" and "From address"

or

"Return-Path" and "Whitelist Domain"

So your link to the example is "only" an explanation for one of these and not in combination.

Any further hint?

ralph