> ... In my opinion, bounces > should only be sent when the MAILFROM matches the REVDNS > domain,
Don't forget Mail servers that host more then one single domain name. For example igaia.com and igaia.net or in an ISP enviroment with hundreds and thousands of different domains. Maybe it would work if we allow bounces only if MAILFROM matches HELO/EHLO ... But even if this will work it will not give you any chance to block legit NDRs from remote servers that send you the notification because the spammer has used your sender domain. This NDR will come from the remote server (for example [EMAIL PROTECTED]) and will maybe have a EHLO and REVDNS with the same domain (ore the primary hostname). In the case that we are the remote server receiving spam with forged domain and sending back a NDR to the responsable MX I'm not sure if NDRs are processed by declude. If yes, how should we compare MAILFROM, EHLO and REVDNS if the NDR contains only "correct" data. As I can understand there is no correlation to the incomming spam that has caused the NDR. Assuming that our spam filters are "nearly perfect" I expect very few NDRs send from our MTA because there was no matching mailbox. ;-) Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
