Re: Disallowing bounces

On Wed, Sep 24, 2008 at 03:35:52PM +0200, Dave Neary wrote:
> Olav Vitters wrote:
> > Per today the mailserver will not accept bounces generated by
> > external systems. This as these things are flooding mailing lists,
> > aliases and the ticketing systems.
> > Note:
> > The server doesn't reject an empty envelope from, it just checks for two
> > content type mime headers. This won't catch all of the bounces, but
> > should prevent most of them.
> Will this result in any false positives i.e. will any legitimate email
> get rejected by the server? I'm unsure what a bounce message is.

The emails that appear to arrive from e.g. mailer-daemon or postmaster.
Meaning: the messages that either a mailbox is full, or that the user
doesn't exit. Also known as a DSN (delivery status notification).

Legitimate bounces will be affected. Other mail won't be. The exact
rules are:
/^Content-Type: multipart\/report; report-type=delivery-status;/ REJECT no third-party DSNs
/^Content-Type: message\/delivery-status;/     REJECT no third-party DSNs

Legitimate bounces could be when e.g. the mailserver delivers
it to a system which doesn't reject immediately but instead sends a
bounce message.
To avoid rejecting legitimate bounces there is something called BATV.
However, that requires some time to set it. Plus I am not sure if it is
speedy enough (the Postfix implementation) for our system (load seems to
be 2.5-3.5; although today it is at 5+).

> > Further:
> > If you use your alias with some external ISP: Make sure the
> > envelope from does NOT contain or you'll never receive bounce
> > messages. The normal From: can of course contain your alias.
> How do I do this? What's "the envelope from"?

I don't know what application you use. In gmail it will work per
default. Often mail programs such as Evolution do not allow you to
set a different envelope from.

Envelope from simply said the Sender: address or Return-Path. It is
where the error messages go to (SMTP level). The From: is what is in the
header of an email.

Note that the change was made after complaints of 3 alias
users, some who received 500+ bounces in a day. I don't like rejecting
bounces, but am unsure about a good solution; it is difficult to solve
as people use their own mailserver when sending mail with their alias. This is logical as using the gnome mailserver isn't
supported atm (AFAICS in the config). BATV would btw require people
to use the mailserver for them to receive the bounces (it
rewrites the envelope from).

> > PS: People employing challenge response systems should FOAD.
> You could have found a nicer way to say this. Politeness & niceness
> counts for something.

I could, but this was already nice. Getting loads of bounces is one
thing (at least easily able to filter 95% of them), but then again the
1001 different challenge response emails that only serve to make the
problem worse...


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]