fake emails with multiple addresses in "From:"

Question

I receive fake emails with several addresses in "From:". For example:

Received-SPF: None (mailfrom) identity=mailfrom; client-ip=129.232.213.67; helo=peewee.webdevworld.com; envelope-from=karen@reachouttransport.co.zw; receiver=<UNKNOWN> 
... 
Date: Tue, 13 Nov 2018 10:51:03 -0500
From:  John Sample <some@domain.com> <karen@reachouttransport.co.zw>
To:

The email seems sent by some@domain.com (It is one of our real contacts) but the real sender is karen@reachouttransport.co.zw

I want to deny emails with multiple addresses in the FROM field. What tool or postfix parameter can I use to stop this?

I use Postfix 3.3 + ESET Mail Security + RBL + SPF

Thank!

score 1 · Accepted Answer · answered Nov 22 '18 at 10:05

1

As I said in the comment, I was able to filter these emails by adding in Postfix's header_checks:

/From:."+.".+<.@+.>.<.@+.>|From:.+<.@+.>.<.@+.*>/ REDIRECT fake@domain.com

Any improvement in this regular expression I'll be appreciated. Thank!

answered Nov 22 '18 at 10:05

strobering

21

fake emails with multiple addresses in "From:"

1 Answers1