Hello Oliver,
On Tue, December 16, 2008 11:15, Oliver Howe wrote:
>
>
> A lot of my users are complaining that they are receiving bounce back
> emails of messages that they did not send. Each message contains some
> kind of spam text at the bottom.
>
> For example, from the headers below the message came from
> [212.40.112.118] (helo=pool-01077.externet.hu) which has nothing to do
> with my domain (postmaster.co.uk).
>
> So I'm thinking I could check the envelope-from on my mailservers and
> reject if it is for a local user who is not coming from one of my
> mailservers (so then they can still send to themselves if they want to).
> Has anyone else had this problem? Is there a better solution?
>
Yes, there is a better solution. Some NDR may come from servers which are
not yours, for example, multistage relays. So you probably don't want to
block legitimate NDRs.
There is a solution to this, which is signing return path.
This can be done either with exim PRVS feature (look in the docs for prvs).
Or with custom signatures like described here:
http://slett.net/spam-filtering-for-mx/collateral.html#signedsender
