Hi folks, Spammers have an easy trick against OpenSMTPD: they send a message that bounces for some reason (say, it's forwarded to another MTA that rejects it on on the basis of it being spam), and the bounce message then contains the original spam message. Egress spam filters on various hosting networks -- such as OVH -- then will spot that bounce message as spam, and block the IP on the basis of it being the spammer.
The solution is obvious, and other MTAs have incorporated this: for networks with egress filters like this, opensmtpd should have a configuration option to only send headers, not bodies, in bounce messages. This has the additional benefit too of lowering bandwidth usage. For the same reason that mask-source was added as a config flag, not sending bodies in bounce messages should also be added as a config flag: opensmtpd generates this data in a very unstructured way (random text in a message body that's then queued like other messages), and then ships it off. It would be wasteful implement this as a filter using the filter api, which would parse an unstructured format, and remove bits of data based on a buggy heuristic, when opensmtpd is the one adding it in the first place. The obvious solution is to simply add a flag so that this information doesn't get added in the first place. Thus, I propose a configuration flag for not adding bodies to bounce messages. Thanks Jason -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
