[Kolab-devel] rejected mail with the following error: "does not match envelope"

Bernhard Reiter bernhard at intevation.de
Fri Nov 19 17:53:14 CET 2004


On Friday 19 November 2004 16:20, Steffen Hansen wrote:
> On Friday 19 November 2004 13:57, Bernhard Reiter wrote:
> > On Friday 19 November 2004 03:04, Steffen Hansen wrote:
> > > On Friday 12 November 2004 15:31, Bernhard Reiter wrote:
> > > > On Thursday 11 November 2004 10:31, Peter Berry wrote:
> > > > > I updated my Kolab2 install with the lastest packages and I am
> > > > > now getting the following error for alot of legitimate incoming
> > > > > mail:
> > > >
> > > > I am just thinking about this.
> > > > Are there reasons to define exceptions for incoming hosts?
> > > >
> > > > Steffen: Do we do this check on all incoming email, even when
> > > > from trusted hosts?
> > > > (Just curious.)
> > >
> > > Yes. I don't really have access to any information besides what is
> > > in the mail. And I can't set up two different smtpds where one
> > > listens to the localhost interface and the other one to the public
> > > one -- because we always receive mail for the filtering smtpd from
> > > localhost. The reason is that we do our own filtering _after_ the
> > > virus filter, and that is always local.
> > >
> > > Suggestions are welcome of course
> >
> > I think we need to refine this check to only check our own email
> > addresses and the ones that are on top of our domain, so
> >
> > .*@.*\.our.mail.domain
> > for the "envelope" address and from address.
> >
> > That would allow legitimate mail in and
> > forged email from inside needs to have the envelop correctly,
> > when authenticating (right?) so it will checked.
>
> So you want to check for envelope and From: match only for "our own"
> addresses and allow anything from the outside?

Basically yes, but we also want to prevent somebody from outside
that sends mail inside claiming that it came from somewhere inside.
Maybe a list of options for kolabfilter is interesting so in the future more can be excluded
when we can do virtual-domains on one server properly. 

Outside envelope <-> From discrepancies will be notes by the spam checking
component and taken into account.

Do you see any drawbacks of this approach?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2145 bytes
Desc: signature
URL: <http://lists.kolab.org/pipermail/devel/attachments/20041119/8547c016/attachment.p7s>


More information about the devel mailing list