On 5/25/11 9:09 AM, Eric J Esslinger wrote:
> Mac Mail (and others) have a "feature" that allows my customers to generate a
> fake NDR message and send it back through my server. I get about a customer
> every few months that discovers this 'solution' to spam emails, and when it
> happens they cause delivery problems for my customer mail server by
> generating backscatter.
>
> Today I just ended up on a list that won't take me off for quite a while (or
> unless I pay).
>
> Does anyone know of a way for me to block the following, using postfix,
> either via refusing to accept the mail or by dropping it in /dev/null:
> Mail from <> or postmaster that originates within our customer IP blocks/is
> sent using authentication at the submission port and/or that does not have a
> valid local recipient.
>
> I can't find any ready made recipies online for this sort of thing in a short
> dig around for it, and while I think it's possible, I was wondering if anyone
> else was already dealing with this and could say 'oh yeah just put line blah
> in header_checks'. I would think it would be simple once you find it but you
> know how it is.
>
> (I've already dealt with the customer in question but I'm getting tired of
> this popping up every month or three.)
You can check for a combination of two or more of these headers:
Auto-Submitted: auto-generated (failure)
X-Mailer: Apple Mail (x)
Content-Type: multipart/report;
boundary=x;
report-type=delivery-status
~Seth
