Author: Brian Candler Date: To: Marc Perkel CC: exim-users Subject: Re: [exim] Filtering Garbage Warnings and other Junk bounce type or
postmaster messages
On Wed, Mar 30, 2005 at 03:21:02AM -0800, Marc Perkel wrote: > Anyone got and good filter rules for various error messages that are
> really spam or otherwise junk messages?
If you're talking about bounces (aka Delivery Status Notifications), then
the fundamental problem is that a junk bounce is still a valid bounce. That
is, if a spammer forges the return address on a spam as your address, and it
bounces, you will get the bounce; but your local Exim can't use content
filtering to determine whether it's a bounce to a message you sent or a
bounce to a message that someone else sent, because both are valid bounces.
However, if you have control of both your outbound mail and inbound mail,
there are solutions to this. Google for SES, SRS, BATV. Each of these
rewrites the envelope sender by adding a cryptographic cookie. If you
receive a bounce to your normal address, rather than your address with valid
cookie, then you know the bounce is invalid and can be rejected.
Where you *could* write a filter is for bounces of the form "you are
infected with a virus". These are entirely useless, because viruses always
forge the return address (so even if you *were* infected with a virus, the
bounce would go somewhere else). I don't have a filter ruleset for these,
but perhaps someone else on this list has one that they would share.
