Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On Wed, 25 Nov 2020 21:57:10 -0600
David Wright <deblis@lionunicorn.co.uk> wrote:
> Perhaps the problem is similar to the one I had with this list
> (hence the change I made above). What happened was that my posts'
> Envelope-from (set to the same as my From address above) was being
> changed by my mail hosting service to an address on their outgoing
> mail gateway. AIUI Debian immediately tries to establish an email
> connection to that address on port 25 to verify it exists, but the
> outgoing gateway apparently is not an incoming mail receiver, and
> is not listening on port 25. So Debian rejects the post.
>
There should/need be no Envelope-From header in an email as sent, it is
inserted by the receiving SMTP server as a copy of the sending address
as used in the SMTP transaction, something which is not a sent header
and that would not otherwise be available to the end recipient.
An SMTP sending server does not need to also receive email. Large
businesses often use separate servers for send and receive, and often
contract out one or both functions to different companies e.g. mass
mailers and spam cleaning services. It should not be assumed that the
MX record for a domain matches its sending address.
What Debian's mail server might well do is to look up the sending
server's HELO/EHLO, sending address and IP address in public DNS, and
refuse or delay emails with missing or incorrect records. Exim4 by
default has rules (thought not enabled by default) for checking these
things with a view to refusing transactions with spammers.
--
Joe
Reply to: