>this sobig.f eruption is giving me an all-new dislike of >challenge-response systems.
Indeed; thanks to these and related joe-job spams, I've come to the conclusion that *all* automated responses to the envelope senders or "From:" addresses in emails must be eliminated in the long run -- too easy to exploit. Been deleting bazillions of them on my system, since my address (or random user names at my domain name) has been forged in joe jobs like the sobig.f virus. Anyway, your patch to check for bad "bounce to" addresses has one big problem: *many* SMTP clients that generate bounces (this would include SMTP servers responding to incoming emails) do not properly form those outgoing bounces, so your bounce recognizer won't see them as such. That's not a blocking bug, I don't think, since all it means is that improper bounce messages will just make it through when, ideally, they otherwise wouldn't. But people should be aware of the limitation, and not complain when, even with your plugin installed, they still see lots of bounce messages to addresses that never send email. Here is my current .qmail-default file, which recognizes many of the incorrect envelope senders used in bounce messages I've seen (again, as the result of joe jobs). IMPORTANT: This file gets used *only* for unknown user names on my system; you wouldn't want to *assume* any message coming from a envelope-sender address shown below is necessarily an improper bounce message, since many of the user names are perfectly reasonable for ordinary users. |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^<>.*@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^antivirus@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^uucp@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^null@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^nobody@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^blackhole@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^mmdf@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^response@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^autoresponder@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^hostmaster@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^postmaster@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^master@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^root@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^admin@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^alias@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^MDaemon.*@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^MAILER_DAEMON.*@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^MAILER-DAEMON.*@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "^.*!MAILER-DAEMON.*@"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' sh -c 'echo $SENDER | grep -qi "@crdaniels.com$"' |bouncesaying 'User unknown; see http://www.jcb-sc.com/smtp/servers/?ip=nil' [ "x$SENDER" = "[EMAIL PROTECTED]" ] |condredirect craig-unknown [ "x$SENDER" != "x" ] |bouncesaying 'User unknown.' Note the "@crdaniels.com" entry; last I saw, the had a bounce generator that substituted the user name from the destination ("To:") address, so I'd get bounces to "[EMAIL PROTECTED]" from "[EMAIL PROTECTED]". That's an example of a RE that shouldn't be applied alone to determine whether a message is a bounce; rather, only if the destination user shouldn't be receiving email on the local system. Bleh. Bounce messages and other automated responses via the regular email paper path have got to go, one way or another. Think of the children! (As to why I want to see original emails to unrecognized users on my system, via the craig-unknown address; for years mail to *any* user @ jcb-sc.com went into my mailbox, and I got lazy about handing out unique user names to contacts so I could see if they put me in spam data bases. Plus it gives me the ability to see, detect, and handle, in my own special way, spam, even aside from the spam traps on my system.) -- James Craig Burley Software Craftsperson <http://www.jcb-sc.com>
