PDA

View Full Version : Can I get "Divered-To" header inserted by the MTA



junga
01-29-2004, 09:34 AM
My question is, "How can I get sendmail to insert the 'deliver-to' address from the envelope into the message header?". I don't care which exact header field name is used.

Details:
I want to use procmail to sort my incoming 'catchall' account by the address the mail was delivered to. Aparently this is a well known problem (see http://www.ii.com/internet/robots/procmail/qs/#virtualDomain ).

The problem:
The actual delivery address is in the envelope and by default does not appear in the header. A ^TO_ field may contain it, but it is not reliable because it may be forged by a spammer and in the case of a BCC it is not even listed usually)

The solution:
The solution is to have the MTA (sendmail) insert a header to indicate the actual address that it accepted the mail for (from the envelope data).

Who controls sendmail on a VDS? Is it me, or is the sendmail MTA running above the VDS? I see that when I 'ps -A' on my VDS, there is very little running -- only a few httpd's and my ssh stuff.

I would like to learn more about how the VDS works. I did not find much information in the online manual. Can someone point me to a link where I can study up on it?

Thanks,

SJP
01-29-2004, 01:46 PM
Why SMTP doesn't overwrite the To: with the true deliver-to address is a mystery to me. But it seems you could derive it from the Received: header. Below I replaced my true address with user@host. I did this, because one of the means spammers use to discover e-mail addresses is to extract them from web pages. That's why one of the reccomendations is to use a graphic to represent e-mail addresses instead of hard coding them. Very unlikely the spammer is using OCR (optical character recognition) to decode it. In a couple e-mails I received this information isn't present, but at least in those cases the mail has come from a spammer so if it were missing you could toss the message. Otherwise it ought to agree with the To: header. I studied RFC822 (or which ever one is SMTP) and one of the mandated operations is to specify who the mail is addressed to so you know SMTP must be getting told. As I recall there is a section of the sendmail configuration file that dictates what information to include in the header so getting it to put in a Deliver-to: is probably doable. I know this doesn't really answer your question and maybe the reason this is broken is because spammers have found ways or "holes" in the SMTP protocol that they can exploit. Also I suspect it has something to do with the vendor. MS for instance appears to do a half ass job of implementing standards. Without seeing the transaction logs it's impossible to know exactly what's going on.


Received: from cam (camolyzx.interisland.net [192.168.4.17])
by sucia.interisland.net (8.12.8/8.12.8) with ESMTP id i0QN0Mdb001427
for <user@host>; Mon, 26 Jan 2004 15:00:23 -0800

SJP

jalal
01-30-2004, 06:28 AM
Who controls sendmail on a VDS? Is it me, or is the sendmail MTA running above the VDS? I see that when I 'ps -A' on my VDS, there is very little running -- only a few httpd's and my ssh stuff.

You do. You have full access to the config files in /etc/mail.

Note that sendmail doesn't run as a daemon, it is started each time an email arrives. So it would only ever show up in the process list if you happened to look at the time an email is arriving.
MySQL is a daemon, if installed.
Apache is also, but on name based VDS's it shuts down after a certain time of not being used. On IP based VDS's it keeps going.

junga
01-30-2004, 09:57 AM
Thanks Jalal,

This is just the type of information I am looking for! I am a developer who is switching from Win32 to Linix and I am trying to get a feel for how things are done on the unix side of the world while I try to get more functionality from my mail setup.

So what launches sendmail? I am familar with inetd and see it listed on my local Fedora system, but I don't see it on my WH VDS.

[junga][~]$ ps -A
PID TTY TIME CMD
7813 ? 00:00:00 httpd
8130 ? 00:00:19 httpd
15450 ? 00:00:11 httpd
23122 pts/0 00:00:00 sh
23186 pts/0 00:00:00 ps
[junga][~]$

On a normal system whould inetd launch sendmail, but on a VSD this is one place that it differs. Maybe they control inetd inorder to limit what ports we activate on our VDS?

jalal
01-30-2004, 10:10 AM
Here we step outside of our servers, and so I just have to make a guess...
It seems as you say that inetd (or xinetd) is outside of the VDS's. Certainly SSH seems to be and I guess sendmail must be as well. That would explain why both of them treat '/' as being the home directory, although after the .bashrc is processed then '/home/user' is the home directory.

BTW, 'ps aux' will give you further infos, and 'ps auxwww' even more.

SJP
01-30-2004, 03:56 PM
There isn't a lot of info on VDS out there, but I did find a link that has a general overview.

http://www.html.com/vds-technology.html

My account hasn't been converted to VDS yet so most everything being elaborated on is not available. I'd be very surprised though that VDS somehow could make sendmail more secure, because what I read of it - it's just a different organization of the filesystem and while more options may be at your disposal to filter incoming mail and in many instances weed out the bogus stuff - nothing is absolute. It's not evident to me that adding special headers is going to make a difference. Another difference is that all the e-mail sent to my account is processed by software and if the To: is forged I don't really care. I employ a different kind of authentication mechanism that largely makes me impervious. Of course it's more hassle to the user, but hey this isn't fantasy land.

SJP