On Wed, Dec 21, 2011 at 04:35:14AM -0600, /dev/rob0 wrote:
> > if you reject mails to "nore...@yourdomain.com" you will fail
> > sender-verify everywhere
>
> This is doable. [Most?] sender verify probes QUIT before DATA, so we
> can wait until DATA to reject.
The real solution is not misuse the "nore...@example.com" *header*
address as an envelope sender address.
The envelope sender, especially for no-reply automatically generated
email, must be a valid mailbox that is capable of receiving and
acting on non-delivery reports (bounces).
The "From:" header in such mail is not used for SAV probes, and
can and should be rejected by the MX hosts of the sending domain.
MAIL FROM:<bounce-un1qu31dv...@example.com>
RCPT TO:<one-way-r...@example.org>
DATA
From: Friendly Reminder <nore...@example.com>
To: Joe User <one-way-r...@example.org>
Subject: There's a fire in the crowded theatre (noreply)
...
I've even in some cases created "noreply.example.com" sub-domains,
so that each sender gets a distinct "noreply" address, and the border
MX host rejects mail to the entire domain! Envelope sender addresses
in these "noreply" sub-domains are not allowed to leave, enforcing
proper envelope/header separation for this type of mail.
--
Viktor.
