Re: [exim] Is there and logical reason to reject mail from: …

Top Page
Delete this message
Reply to this message
Author: Exim User's Mailing List
Date:  
To: Tor Slettnes
CC: Exim User's Mailing List
Subject: Re: [exim] Is there and logical reason to reject mail from: <> ?
[ On Thursday, October 14, 2004 at 17:24:44 (-0700), Tor Slettnes wrote: ]
> Subject: Re: [exim] Is there and logical reason to reject mail from: <> ?
>
> You keep missing the point. It is not about the original spam; the
> issue is the "backscatter" (a.k.a. collateral spam) generated by
> post-SMTP spam/virus filters elsewhere. These send a DSN to the
> original sender addresss (in some cases, that could be
> "postmaster@???").


It doesn't really matter if it's backscatter or not.

There is still no _valid_ excuse for rejecting mail transactions
addressed to the/any postmaster mailbox _just_ because they use a null
return path.

I, the <postmaster@???>, never send mail using those addresses
in the return path of outgoing mail either.

However I never block any mail with a null return path _just_ because it
has a null return path, no matter who it is addressed to.

On the other hand I will block connections, even those with messages to
<postmaster>, for other more important reasons. (I don't even let them
get to the point of giving the "RCPT TO:" command in most cases, but
there are even some simple content filters I often use to reject mail
even after I know it is addressed to the postmaster or abuse mailboxes.)

I.e. I'm not trying to be absolutist about this -- just to make the
point that this one reason isn't valid or sufficient on its own.


> According to "rfc-ignorant.org" it is
> (http://rfc-ignorant.org/policy-postmaster.php):


Yeah, well I'm not "rfc-ignorant.org". :-)

They can make their own rules, and their own mistakes.


> Not really. It is much harder to weed out collateral spam from
> legitimate DSNs.


I the <postmaster@???> receive a lot of backscatter to
postmaster mailboxes. I've got sever domains being spoofed at this
minute.

However it's not very difficult at all to weed out the backscatter --
even when you receive hundreds per day as I do. You just need to learn
to use the right tool for the job. :-)

What really irks me most is when the spammer spoofs my postmaster or
mailer-daemon address to one of my own users and then when I reject the
message for whatever reason, such as "no such user", I still end up
getting the damn bounce!)

I use some simple matching filters in my main mail reader, ViewMail, to
sort out the worst of it. It's all automatic and quite reliable.


> For "real" users, it can be done with "envelope sender signatures" - 
> i.e. attach a hash or cryptographic letter sequence in the "MAIL FROM:" 
> address of outgoing mail:
>      MAIL FROM:<woods=signature@???>


That's just as bogus and idea as SPF is. :-)


> I don't get this. Sender Address Verifcation (in Exim terminology
> "Sender Callout Verification") never happens on NULL senders. These
> are automatically accepted (sans other checks).


It's the "other checks" I'm talking about. :-)


> Precisely. That's why it is perfectly OK to reject NULL senders in for
> inbound-only addresses


yes, except,

> (like, usually, "postmaster").


no. <postmaster> is, and must be, "special".

-- 
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>