External agent access to X-Envelope-From - ORF Forums

We have been receiving a number of Spam messages where the envelope From is an external domain with no SPF record but the From header in the message is from xyz@ourdomain so to the user looking at the message in Outlook it appears to be an internal email.

We are running ORF 4.4. Is there any way for an ORF External Agent to access the value that ORF adds later to the message headers as "X-Envelope-From"? This does not appear to have been added to the temp file {EMAILFILESPEC} at the time the external agent processes it. This feature would allow us to compare the X-Envelope-From and From header for consistency where From says is internal.

Thanks, Tim.

@Krisztian Fekete (Vamsoft): Thanks for the quick response. We are indeed using your CDO OnArrival Event sink script to add the envelope SMTP sender address as an "X-Envelope-From" line to the header.

Running the smtpreg vscript tells me that
Event: SMTP Protocol OnInboundCommand, Name: VS_ORFEnterprise_RCPT, Priority = 24574
Event: SMTP Protocol OnInboundCommand, Name: VS_ORFEnterprise_EOD, Priority = 24574
Event: SMTP Transport OnSubmission, Name: SmtpEnvlIns, SinkClass: CDO.SS_SMTPOnArrivalSink, Priority = 24575

Have I undersood correctly that I want the last of these three to run before the first two so I need either to raise the priority of SmtpEnvlIns by reducing the priority number below 24575 or reduce the priority of the other two by increasing the priority number? Would that be
cscript smtpreg.vbs /setprop 1 OnSubmission "SmtpEnvlIns" Source Priority 1000
Or will the OnSubmission event always follow OnInboundCommand so I need to change the sink to a different event?

Thanks, Tim.

Regarding using the Blacklist to blacklist emails which have own domain in the MIME From field, I think this would block email from external systems which are authorised by SPF to send mail using our domain as a From address.

What I was hoping to do was add a SpamAssassin rule (runs as an exernal agent) something like
header __FAKEFROM1 X-Envelope-From !~ /\@ourdomain\.uk/i
# The From in the envelope IS NOT from @ourdomain.uk
header __FAKEFROM2 From !~ /\@ourdomain\.uk/i
# But the From in the message header IS from @ourdomain.uk
meta FAKEFROM (( __FAKEFROM1 + __FAKEFROM2 ) > 1)
describe FAKEFROM Test for a ourdomain.uk From address with a different envelope probably to try and get around SPF
score FAKEFROM 10.0

Where can I find this DO OnArrival Event sink script? I really want the envelope information added into the header of the message that is delivered to Outlook. Thank you.

Ahh, never mind. The http://vamsoft.com/downloads/smtpreg.zip *is* ths script. It would be nice though if this was simply integrated into ORF as a configurable option. :) Thanks.

I'm getting an error when I run the script:

E:\SMTPEnvelope>cscript smtpreg.vbs /enum > sinks.xt
E:\SMTPEnvelope\smtpreg.vbs(52, 1) Microsoft VBScript runtime error: ActiveX component can't create object: 'Event.Manager'

Any ideas? Doesn't seem to be a commone google-able error either. I ran CMD as Administrator on a Win 2008 R2 with Exchange 2010. Thanks.

Thanks Krisztian... DO you know of any 3rd party product or script that will work with Exchange 2010? I really want to get a hold of the envelope information and have it inserted into the headers of the incoming email. Any thoughts on this would be greatly appreciated.

Integrating into ORF would be best (since you already do Before-Arrival) processing... Thanks.