Author: Brian Candler Date: To: Fred Viles CC: exim-users Subject: Re: [exim] Heads up?
On Wed, Mar 23, 2005 at 02:58:50PM -0800, Fred Viles wrote: > Are you talking about doing a 5xx rejection, with the "challenge" in
> the response code text, rather than sending an email? That's a
> different story. No, your hypothetical C/R system would not be
> directly responsible for collateral spam in that case since you're
> not sending messages at all (bounces generated by relay MTAs are not
> your problem, IMHO).
Unfortunately, most messages by the time they appear at your inbound MX
server have already been through at least one smarthost. That smarthost will
then forward the bounce to the envelope-sender, and the same damage is done.
There's not much you can do about that. Many smarthosts do some kind of
basic check on the envelope sender before accepting the mail in the first
place; some may even do callback verification. But that then just
*guarantees* that some innocent bystander will receive the bounce :-(
 Smarthosts could require users to authenticate themselves using SMTP
AUTH, but in practice this is almost never done for users sending from a
local IP address. And even if they did, they would still have to allow the
legitimate cases where the envelope sender may not be the same as the
authenticated username. And it won't become widespread practice, because
the benefit of doing this work accrues to the rest of the Internet, not to
the organisation doing it.
This message was posted to the following mailing lists: