Re: [Exim] Ignoring bounce messages to alias - How?

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] Ignoring bounce messages to alias - How?
On Fri, 6 Feb 2004, Alun wrote:

> We've been getting a lot of bogus bounces here recently (and sending lots
> too (buf not to MyDoom, I hope!),


With exim, there really should not be any justifiable reason to
automatically compose bounces any more. With the increasing volumes
of spam and virus shrapnel being offered, it would IMNSHO be simply
inexcusable not to work urgently towards eliminating all of the causes
of automatically-generated bounce messages from one's own mailer:
reject the item at SMTP time instead.

(Routine response: "that'll only cause the peer MTA to compose
bounces". Well, maybe it will, but that will be on their own
responsibility. By the way, we're seeing several .ac.uk sites who are
still so misguided as to bounce the MyDoom virus, are turning up in
evidence at Spamcop, and one at least was actually blacklisted for a
while.)

> It got me to thinking about what we could do about it.
> I've installed Tim's ruleset,


Tim's ruleset is very useful when the bounce is overtly a bogus virus
alert. We're refusing quite a proportion of these misbegotten bounces
on that basis.

Unfortunately, a sizeable number of bounces are still arriving here
which are attempting to report undeliverable mail (addressee does not
exist, mailbox blocked by policy, mail quota exceeded etc. etc.) which
has, in fact, been provoked by MyDoom - but there is so little overt
evidence of the virus in the non-delivery report that it's not
feasible to block it automatically. Leaving quite a volume of items
for manual inspection lest they should be genuine reports. Bleagh.)

I'm not sure how well your idea would work, sorry, but it's certainly
an interesting suggestion.