[Exim] Checking against "seen" Message-ID:'s to drop bounces

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
M\Russell King at ->
Delete this message
Reply to this message
Author: Tor Houghton
Date:  
To: exim-users
Subject: [Exim] Checking against "seen" Message-ID:'s to drop bounces
Hi,

A colleague and I have been discussing ways of avoiding the copious bounce
messages sent by MTA's responding to emails sent using fake From: addresses
(e.g. by spammers or viruses).

For mail administrators this can cause serious headaches if they are doing
their job diligently (as they would be looking at every bounce generated,
however cursory) - even wasting 1/2 second viewing a bounce that wasn't
generated by their users adds up in the course of a day or week on a busy
system.

So; we thought that one way of cutting down the human processing time of
such messages would be to somehow record and check the bounced/undelivered
message's ID. Perhaps this is old news, has been thought of before and was
rejected as a bad idea.

However, the idea is as follows:

1) All legitimate mail that is sent via "our" mail servers have their
Message-ID: stored (temporarily, e.g. 7 days) in a database (dbm, sql,
whatever).

2) Incoming messages are checked to see if they are bounces (e.g. perhaps
using procmail's definitions of FROM_DAEMON and FROM_MAILER).

3) If not seen as a bounce, process mail normally (local delivery, forward,
etc.).

4) If considered to be a bounce, find the bounced message's Message-ID:,
which means some processing of the received bounce's body. If the
Message-ID: exists in the database, allow the bounce to be delivered. If
not, send it to the bit bucket (for example).

In our view, this would allow legitimate "undeliverable mail" responses, but
would drop all bounces that were generated by spam and viruses using fake
sender addresses. It would mean that local users had to make sure their
smart hosts were correctly configured, of course. (From what we can see so
far, all legitimate bounces actually have the originating Message-ID: in the
body, but we are not sure whether or not this is a "protocol requirement").

We haven't yet decided whether or not this should be functionality written
into the MTA, MUA or both (using helper applications). However, if we were
to experiment using Exim, is there any existing functionality that we could
build on?

Regards,

Tor Houghton



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] HELO verification failure for localhost MUA accessRe: [Exim] remote host address is the local host: counter.li.org->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)