Hi Greg,
Apologies if I'm going over territory you have already covered, but in case
not, this may be helpful.
"MAIL FROM" aka. "envelope from" refers to the MAIL FROM: <xxx> command
issued from one SMTP to another, and is different from the "From:" header
in the mail. Basically all headers (From, To, Cc, Received, etc) are part
of the DATA command and could possibly be different (either forged or just
different for some reason).
The exception is often "Return-Path:" especially if it is near the top of
the message, it was probably added by your own mailer, and probably matches
the envelope from address. (The exception is MAIL FROM: <> which may
appear as Return-Path: <MAILER-DAEMON(_at_)your(_dot_)system>)
You can experiment by feeding your smtp daemon with various values (by
telnetting direct to your port 25) and see what it does.
Here is a quick conversation I had with my mailer. I made the MAIL-FROM
different from the From: address in the message to see how it came out in
the logs and on the message.
neko-base> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 neko-base.nekodojo.org ESMTP Sendmail 8.11.6/8.11.6; Tue, 16 Mar 2004
08:00:52 -0800
HELO localhost
250 neko-base.nekodojo.org Hello localhost.localdomain [127.0.0.1], pleased
to meet you
MAIL FROM: <the-real-sender(_at_)nekodojo(_dot_)org>
250 2.1.0 <the-real-sender(_at_)nekodojo(_dot_)org>... Sender ok
RCPT TO: <gconnor(_at_)nekodojo(_dot_)org>
250 2.1.5 <gconnor(_at_)nekodojo(_dot_)org>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Subject: This is the picture
X-Comment: milgrams 37
To: friend(_at_)public(_dot_)com
From: gconnor(_at_)nekodojo(_dot_)org
Hello there Mr. Big Time Sledgehammer
.
250 2.0.0 i2GG1Jl14210 Message accepted for delivery
QUIT
221 2.0.0 neko-base.nekodojo.org closing connection
Connection closed by foreign host.
Later, good luck
gregc
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>