Why should I miss legitimate bounces? I thought, since I'm in control of
any mail server which might legitimately identify itself as
mydomain.com, any mail mail which has a Received: line with mydomain.com
and an ip number which does not belong to me is forged.
The reason I asked is that I'm running TMDA and about 20% of the mails
in the pending queue are bounces for such clearly forged mails. If I
could reject such mails, I could have avoided sending challenge messages
for them.
I know, it would be better if the the other mail server had not accepted
the original mail at first. I'm using SPF for my domains so that this
mail could easily be detected as not being legitimate. But then, not
everybody is using qpsmtpd.
Werner
Johan Almqvist schrieb:
Werner,
Werner Fleck wrote:
I receive a lot of bounces for mail messages which I have not
originally sent. Most of this bounces have the original mail somewhere
in the body. The original mail often contains a "Received:" line with
one of my domains but wrong ip addresses.
I wonder wether there exists a plugin to filter those mails, i.e.
bounce mails containing somewhere in the body a line like
Received: from mydomain.com ([some ip])
You could probably make such a plugin, buit you would miss a lot of
legitimate bounces.
What you could do is check whether your mail hub is in ANY of the
received lines of the bounced message, but the bounce message formats
aren't universal so it'll never be a dependable system.
-Johan
