[exim] Avoiding backscatter spam generation when forwarding …

Top Page
Delete this message
Reply to this message
Author: Reid Priedhorsky
Date:  
To: exim-users
Subject: [exim] Avoiding backscatter spam generation when forwarding to external hosts
Hi folks,

I have a few e-mail aliases that forward to external hosts. Currently,
if the external host rejects a message, Exim generates a bounce message
and sends it to the original sender. This is bad because if the external
host rejects the message as spam (a common case), then I'm a source of
backscatter spam.

Thus, if the sender is non-local and the e-mail has a non-local
destination, I'd like to send the bounce to postmaster (me) instead.

This is Exim 4.72 on Debian Squeeze.

The Exim documentation hints [1] that this can be done ("when a message
fails to be delivered ... Exim sends a message to the original sender,
or to an alternative configured address", emphasis added), but I
couldn't find how to do just the latter.

For example, here is a log excerpt showing a backscatter spam being
created (in this case, the purported source server isn't accepting
connections, so it didn't actually go anywhere). foo@??? is the
purported sender of a spam e-mail (cj-45) to bar@???, which
then forwards to baz@???; gmail.com then rejects the message and
my server creates a bounce (cm-H5) to foo@???. I want that bounce
to go to postmaster@??? instead. (Usernames obfuscated; the
rest of the log is verbatim.)

> 2011-10-03 12:03:08 1RAkyw-0000cj-45 <= foo@??? H=(gyajnj.com [113.190.35.111] P=esmtp S=33927 id=000e01cc51a7$ceee1700$6f23be71@???
> 2011-10-03 12:03:09 1RAkyw-0000cj-45 ** baz@??? <bar@???> R=dnslookup T=remote_smtp: SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [74.125.47.26]: 552-5.7.0 Our system detected an illegal attachment on your message. Please\n552-5.7.0 visit http://mail.google.com/support/bin/answer.py?answer=6590 to\n552 5.7.0 review our attachment guidelines. i3si13239001yhk.107
> 2011-10-03 12:03:09 1RAkyz-0000cm-H5 <= <> R=1RAkyw-0000cj-45 U=Debian-exim P=local S=35124
> 2011-10-03 12:03:09 1RAkyw-0000cj-45 Completed
> 2011-10-03 12:03:30 1RAkyz-0000cm-H5 nacha.net [64.212.215.180] Connection timed out
> 2011-10-03 12:03:30 1RAkyz-0000cm-H5 == foo@??? R=dnslookup T=remote_smtp defer (110): Connection timed out


Here is the relevant router:

> dnslookup:
>   debug_print = "R: dnslookup for $local_part@$domain"
>   driver = dnslookup
>   domains = ! +local_domains
>   transport = remote_smtp
>   same_domain_copy_routing = yes
>   # ignore private rfc1918 and APIPA addresses
>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
>                         172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
>                         255.255.255.255
>   no_more


Any help would be very much appreciated!

Reid

[1] http://www.exim.org/exim-html-current/doc/html/spec_html/ch46.html