So, one of the problems I am seeing is that people are trying to fake users into revealing information by sending from an outside domain but with an internal reply to address and claiming to be administration, IT or what not.
I can set up something that will reject if from is outside the domain by reply to is internal. The problem is in some setups, there are fetchmail setups. I do not want to reject these with a message. Which is what I am currently doing for the others. Maybe I should discard them all without rejecting.
However, my question is this:
Since such fetchmail messages will usually end up with two (at least two?!?) Delivered-To headers, one for the fetchmail delivery and one for the original target address's/system's delivery is it possible to do something like this and have it work?
require ["fileinto", "regex","reject"]; if address :regex "Reply-To" ".*@<%= @name -%>" { if not address :regex "From" ".*@<%= @name -%>" { if not header :regex "Delivered-To" " .*@<%= @name -%> { reject "We do not allow emails from outside our system to give Reply-To into our system!"; stop; } } }
Please, not the <% =@name -%> is just that this is from a puppet module I use to maintain these systems. It is the domain name for the mail system. An example would be .*@middleearth.sapphiresunday.org here.
Thank you for any help in figuring this out.
The reason I want a reject in the case of non-fetchmail email is to let users know if they try to do it (as many have multiple email accounts) and may try it. But in fetchmail cases, no need to leak to the outside world that users are doing fetchmail and what their account is in the other system.
Thank you.
Trever