OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Postfix ETRN and Exchange mangling To header
From: brian moore (bemrom.org)
Date: Thu Oct 12 2000 - 20:50:08 CDT

On Thu, Oct 12, 2000 at 04:08:33PM -0700, Doug Clements wrote:
> We have a customer who is picking their mail up via ETRN.
>
> Here is an excerpt of his report, with the domains changed to protect
> whoever:
>
> "The attached email is another which says it's to Dear<our mail server>;
> webmaster<our mail server> from rE5g39RJNexcite.com however appears to be
> from rE5g39RJNexcite.com to mitch<his domain>."

Is that the real from?

He's complaining that spam is malformed?

> It looks like the Exchange server is modifying the destination headers when
> it picks them up via ETRN, since they obviously wouldn't get to him if they
> were titled like that in the first place.
>
> This sucks because now when anyone replies to these messages, it goes to
> user<our server> instead of user<his server>. Obviously, his users don't
> exist on our server, so it bounces.
>
> So while I suspect Exchange, I'd still like some confirmation. Has anyone
> experienced this with any other mail servers or with postfix? Any insight?

Spammers suck.

Their 'body from' is reasonably often 'From: hotbabes', and they often
do 'To: studs'. Both of which are malformed, and which most MTA's will
attempt to correct by making them fully qualified.

Sendmail certainly does this. I'd be surprised if postfix didn't (have
been able to block enough spam lately that I haven't noticed :)) and
even if exchange didn't.

The solution is to stop expecting replies to spam to work. Spammers
lie.

Long term solution involves changing the laws regarding lethal force
against spammers.