[ On Wednesday, June 29, 2005 at 23:27:32 (-0400), Stephen Gran wrote: ]
> Subject: Re: [exim] a large number of domains fronted by Exim are refusing bounces...
>
> I guess you missed my point. If you expose the $sender_is_null or
> senders = : at any point, you have exposed it. It could also be written
> as
> IF $sender IS $the_null_return_path THEN
> :fail:
OK, forget that stupid idea of mine. So much for trying to accommodate
lazy people. :-)
Exim should must never allow $sender to expand to anything that can be
represented in the configuration language whenever it is set by an
incoming SMTP (or SUBMIT, or LMTP, etc.) transaction to be a null return
path. That's going to be the only way to properly prevent idiots from
causing harm, at least given the current architecture and flexibility.
> I do. However, some aliases, like postmaster, can legitimately get
> messages with a non-null sender, but are never used for outbound email.
Bounces of sent mail are not, and never will be, the only reason for a
legitimate, valid, incoming message to arrive with a null sender. RTFRFCs
If you properly classify junk as junk because it's junk then you don't
need to worry what the sender address is. It's junk. Don't look at the
sender address. Do to it whatever your junk-handling policy says to do,
and leave the sender address out of it.
You cannot trust the value of the sender address anyway -- it's provided
by the sender and received over the network in a clear and
un-authenticated and un-trustable channel.
--
Greg A. Woods
H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
