Nullmailer retries unsuccessful deliveries forever. As a result, the queue directory can become very large over time. Since no delivery status notification is sent for failures, a user who accidentally misenters an address will have a tough time figuring out what went wrong. Since the output of mailq doesn't include the envelope addresses of the queued messages, this problem becomes particularly troublesome to debug for users without administrative access.
For temporary failures, some code needs to be added to check the age of the queue file. If the queue file is older than a week (perhaps configurable in /etc/nullmailer/queuelifetime), the temporary failure should be treated as permanent. For permanent failures, nullmailer should queue a bounce message from the null envelope sender to the failed message's envelope sender. Once the bounce has been successfully queued, nullmailer should delete the original message be deleted from the queue. If queueing of the bounce message fails for any reason, the original message must not be removed - to do so would cause mail to be lost silently. As a special case, if the envelope sender of the failed message is null, nullmailer should give the option to either move the message from the queue to a special double bounce directory, or to override the envelope sender of the bounce message to the special address <[EMAIL PROTECTED]> and the recipient to an administrative address (perhaps configured using /etc/nullmailer/doublebouncehost and /etc/nullmailer/doublebounceto). In the case of a grave misconfiguration where delivery of a message with the special envelope sender <[EMAIL PROTECTED]> fails, nullmailer should log an error and delete the message from the queue. -- Brian Ristuccia [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

