Re: [exim] Alterating / Intercepting bounce messages

On 10/29/2004 12:19, "Marc Perkel" <marc@???> wrote:

> I think maybe I wasn't clear. When I pass the message on to the target
> server - if the message bounces there - sy due to an invalid address -
> then the bounce is returned directly to the sender.

The purported sender. Most of the time, it goes to the innocent third party
whose address was forged as the sender.

Look into SRS (which is what was supposed to fix the forwarding problem for
SPF). You encode the original return path into a verifiable return path you
generate...when the bounce comes you verify that the purported target
address of the bounce came from your server and if so extract the original
return path part.

This is not without problems (maximum length of the return path being one of
them).

--John