Re: [Exim] Ignoring bounce messages to alias - How?

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: auj
CC: exim-users
Subject: Re: [Exim] Ignoring bounce messages to alias - How?
Alun <auj@???> wrote:
>
>On outgoing mail, add a header containing a tag which changes every
>hour (e.g. MD5(secret . int(time/3600)))
>
>Keep a list of recent (say a month's worth?) tags that have been used.
>
>When a message from <> comes in, search it for any used tag and, if not
>present, drop the bounce.
>
>You could go further and make the tag cryptographically dependent on
>the message ID or something, but I think it would be best to keep the
>search simple.


That's what I'm planning to do, but I won't record the tags -- they
are hard to forge so the search merely needs to be for a valid tag
rather than one that has definitely been used. This is an important
simplification because it allows the bounce to come in to a different
machine from the one the original email left via, without the machines
needing to co-ordinate with each other.

The following adds the magic both to the message-ID (which allows you
to do identify legitimate replies) and to a separate header (so that
messages that already have a message-ID are not excluded). I also
include the authenticated user name, with an aim of making this part
of a q249 scheme. $acl_m0 remembers whether the sender is considered
to be friendly or not.

AUTHID            = ${if def:authenticated_id {$authenticated_id} {-} }
MSGID_XTRA        = ${if or{{ eq{$acl_m0}{true} } \
                      { eq{$sender_host_address}{} }} \
                {AUTHID.${hmac{sha1}{TmIDcftUoCCS} \
                 {E${message_id}.AUTHID@${primary_hostname}}}} \
                {} }
MESSAGE_ID        = <E${message_id}${if eq{MSGID_XTRA}{} {} \
                             {.MSGID_XTRA} }@${primary_hostname}>
message_id_header_text    = MSGID_XTRA


# ...

  warn     condition     = $acl_m0
           message       = X-Cam-MsgID: MESSAGE_ID


  warn     condition     = $acl_m0
           condition     = ${if !def:h_Message-ID: {true} {false} }
           message       = Message-ID: MESSAGE_ID


I plan to make the bounce checking part of our SpamAssassin setup.

>I'm pretty sure I'm not the first person to think of this, so there must
>be a big flaw. Presumably the flaw lies in the previous paragraph. What do
>people think?


The main problem with it here is that there are many ways that messages
can be legitimately sent with a cam.ac.uk domain in the return path
without going through the central hub. This means there's a fair risk
of false positives, hence the use of SpamAssassin to make it a soft check.
Users that do always send email via the hub might be given a knob to make
the check stricter for them, I suppose.

Tony.
--
f.a.n.finch <dot@???> http://dotat.at/
WHITBY TO THE WASH: SOUTHWEST 5 OR 6 LOCALLY 7. CLEAR OR SUNNY SPELLS, DRY,
FAIR. GOOD. MODERATE OR ROUGH.