Re: [exim] Accepting mail from empty senders

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMRichard Salts at <-
 
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: chris burgess
CC: exim-users
Subject: Re: [exim] Accepting mail from empty senders
On 2008-04-12 at 15:56 +1200, chris burgess wrote:
> I'm having a bit of trouble googling for this one because "<>" is not a
> meaningful term to them.

Try searching for [empty sender email address]. (Brackets not part of
search term).

> Is it required that we handle emails with a sender of <> ? Are these
> legitimate bounces, or only spam attempts?

You are "required" to handle them, to the extent that anyone can be
"required" by a third party to do something in a particular way. The
design of SMTP means that for reliable delivery, either the mail will be
delivered or you will eventually get a bounce back, with an empty
sender. If you reject empty senders, you lose the reliability.
Nonetheless, if you're being flooded with bounces because your
mail-domain is the victim of joe-jobbing (your address forged for
sending email) rejecting mails with an empty sender can be the only
workable technique to combat it; this is a rather dangerous change
though, and you'd better not be relying upon email for anything business
critical, since you've then lost all notifications.

Note that technically any mail can be sent with an empty sender, if the
people sending it don't want a response; most people don't do this, a
few do and get upset when their mail doesn't get through. In practice,
you want to avoid that debate, but, well, don't rely on it working and I
myself wouldn't lose sleep over not receiving such an email, since the
senders have already indicated that it's not important enough that they
should be notified if it doesn't make it through.

> Our mailserver is getting sent spam which has an empty sender (contains only
> <>) , so I'm looking for an ACL check which will enable us to handle it
> correctly.

senders = :

6.21, Empty items in lists

> But I don't want to do this if we SHOULD be accepting these emails.

If all _outbound_ mail which legitimately comes "from" your mail-domain
passes through your servers, then as Richard Salts suggests, you might
investigate BATV to see if it helps; a few days after turning on BATV
for outbound mail, you can consider rejecting empty senders which don't
go to a BATV address, provided that you don't care about the corner case
mentioned above. http://mipassoc.org/batv/

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Recieve mail using DialupRe: [exim] Vacation replies only to chosen addresses->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)