Re: [sa] Comparing the envelope-from/sender to the body from to prevent fake local users spams?

[Charles Gregory <cg...@hwcn.org>]

On Wed, 6 Jan 2010, lstep wrote:
: Is there something implemented in Spamassassin to test and prevent mails
: that come from 'outside' that have the header 'From' set to an internal
: user?

And here are YOUR headers on your email, which you would have received on 
your server from an 'outside system' (the apache list server):

: From: lstep <li...@gradstein.info>
: Reply-To: users@spamassassin.apache.org

And this is why blocking on a 'forged' From header cannot be done 
as simply as you suggest. If you can check for whether the forged sender 
*exists* you may catch a percentage of spam that has ignorantly used a 
once-valid but now-deleted address..... 

- C