How to block mail if Return-Path: and From: are not same

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
sadiq007
Advanced member
Advanced member
Posts: 104
Joined: Sat Sep 13, 2014 12:27 am

How to block mail if Return-Path: and From: are not same

Post by sadiq007 »

to avoid spam i want block mail for which Return-Path: and From: are not same.how can i do that?
because we are getting spam mail for our our users with sent address of our domain but with different Return-Path:

so i want block such kind of mails....
another is there any way to block mail which having perticular word in there subject or body ...for all users.

for example i want all mail which containing word "******" in there subject or body part for my all users.
sadiq007
Advanced member
Advanced member
Posts: 104
Joined: Sat Sep 13, 2014 12:27 am

How to block mail if Return-Path: and From: are not same

Post by sadiq007 »

hi UX,

As per your suggested link i am going to download script from Perl | package FromNotReturnPath; us - Ivan Korotkov - 0m9CYxzV - Pastebin.com

as there is no plugin folder in /spamassassin so i am going to create it , and will save this script as FromNotReturnPath.pm then i will add following lines in to /opt/zimbra/conf/spamassassin/newpre.pre

loadplugin FromNotReturnPath plugins/FromNotReturnPath.pm

header FROM_NOT_RETURN_PATH eval:check_for_from_not_return_path()

describe FROM_NOT_RETURN_PATH From: does not match Return-path:

then i will do following changes in salocal.cf

header __FROM_MYDOMAIN From =~ /@MYDOMAIN.com/i

meta FAKE_MYDOMAIN_ANNOUNCE (__FROM_MYDOMAIN && FROM_NOT_RETURN_PATH)

describe FAKE_MYDOMAIN_ANNOUNCE Fake mail from MYDOMAIN account management
score FAKE_MYDOMAIN_ANNOUNCE 40.0
Plz correct me if i am wrong anywhere..
BUT Ivan in that forum saying-

I'd recommend using it in conjunction with spamming domain (because, technically, return-path does not always equal From even in legitimate e-mail; maillists are counter-example).
So it means this rules will apply to all mails which are coming to my mail server and there Return-path and From address are not same...if this is right then as per him it will create problem incase of mails are from known mailing-lists
So is it possible that this rule will apply to only for my domain only, i mean if the mail have from-path of my domain and not having return-path of my domain then and then only it will be apply.
User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 242
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: How to block mail if Return-Path: and From: are not same

Post by barrydegraaff »

One solution is here:
https://iomarmochtar.wordpress.com/2017 ... om-header/
https://github.com/iomarmochtar/zmbr_check_sender

It uses Milter a postfix extension and compares the users rights in LDAP with what the user is doing
and rejects false FROM. This solution works on 8.7.11 (I tested)


Another solution is here:
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
However some people have reported this solution does not work, anyway I cannot read that wiki
page. Too much headache.
Adiyal
Posts: 2
Joined: Thu Jun 28, 2018 8:33 am

Re: How to block mail if Return-Path: and From: are not same

Post by Adiyal »

barrydegraaff wrote:One solution is here:
https://iomarmochtar.wordpress.com/2017 ... om-header/
https://github.com/iomarmochtar/zmbr_check_sender

It uses Milter a postfix extension and compares the users rights in LDAP with what the user is doing
and rejects false FROM. This solution works on 8.7.11 (I tested)


Another solution is here:
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
However some people have reported this solution does not work, anyway I cannot read that wiki
page. Too much headache.
It uses Milter a postfix extension and compares the users rights in LDAP with what the user is doing
and rejects false FROM. This solution works on 8.7.11 (I tested)

it's not working on latest version.
Release 8.8.8_GA_2009.RHEL7_64_20180322150747 RHEL7_64 FOSS edition, Patch 8.8.8_P6.

is there any way to block the return-path from header ?
User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 242
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: How to block mail if Return-Path: and From: are not same

Post by barrydegraaff »

Milter probably still works, perhaps a binary changed location.

Did you check the log? Also I filed an issue here to track any progress from the forum.

https://github.com/Zimbra-Community/mai ... s/issues/5
Post Reply