Author: Alan J. Flavell Date: To: Exim users list Subject: Re: [Exim] .forward files and spam counterfeits
On Thu, 27 Nov 2003, Pat Lashley wrote:
> My first thought would be to ensure that there's something unique to
> your site in the 5xx rejection response; then set up an ACL for null-
> sender messages, with a condition that does a match on $message_body
> looking for your rejection notice.
Yes, I'm sure something like that is going to be a component of a
solution.
But I'm hurting my head to be sure that it won't end up rejecting
something bona fide.
Suppose, for example, that one of our users was the owner of a mailing
list at a remote mailing list server. Indeed, we happen to know a
couple of them who are, and there could well be others.
Now consider the scenario where some other address at our site is
involved in an incident where we reject a mail from the list: the
rejection would then be notified, and rightly so, to the mailing list
owner. Isn't there a risk that we'll recognise our own rejection
notice tag in there, and refuse the rejection? That would clearly be
wrong, but I don't know how to reliably distinguish the various
situations that can arise.
This is why I was sort-of hoping someone else had actually solved this
kind of problem in practice already and would be willing to pass on
their advice and any got'chas.