On Wed, Dec 21, 2011 at 04:35:14AM -0600, /dev/rob0 wrote: > > if you reject mails to "nore...@yourdomain.com" you will fail > > sender-verify everywhere > > This is doable. [Most?] sender verify probes QUIT before DATA, so we > can wait until DATA to reject.
The real solution is not misuse the "nore...@example.com" *header* address as an envelope sender address. The envelope sender, especially for no-reply automatically generated email, must be a valid mailbox that is capable of receiving and acting on non-delivery reports (bounces). The "From:" header in such mail is not used for SAV probes, and can and should be rejected by the MX hosts of the sending domain. MAIL FROM:<bounce-un1qu31dv...@example.com> RCPT TO:<one-way-r...@example.org> DATA From: Friendly Reminder <nore...@example.com> To: Joe User <one-way-r...@example.org> Subject: There's a fire in the crowded theatre (noreply) ... I've even in some cases created "noreply.example.com" sub-domains, so that each sender gets a distinct "noreply" address, and the border MX host rejects mail to the entire domain! Envelope sender addresses in these "noreply" sub-domains are not allowed to leave, enforcing proper envelope/header separation for this type of mail. -- Viktor.