Author: Chris Lightfoot Date: To: exim-users Subject: [exim] suggestion for those implementing ACLs to suppress
backscatter bounces
Various people are suggesting sender-rewriting schemes to
detect and decline bounces not originating from real mails
sent by their users, which is an all-round good idea.
However, if such rules result in rejection of a bounce
after the RCPT TO then other sites may see false negatives
from recipient verification callouts if they don't use
use_sender (or whatever equivalents there are in other
MTAs).
So anyway, my suggestion is -- if you're going to decline
forged bounces based on rewritten senders, then do so
after the DATA command, rather than after the RCPT TO
(i.e. in acl_smtp_predata). No valid bounce will have >1
recipient, so there's no semantic problem with doing this,
and you still don't accept the message data, so the
additional resource requirements are small (a couple of
round trips to the mail server). All that's needed is to
set an acl_m* variable appropriately and test it in the
later ACL. And that way you won't end up blocking mail
from sites which do recipient verification at submission
time.
--
``The government wants to bring an end to so-called vertical drinking.''
(from the BBC's `Today in Parliament')