Bryan Scott wrote:
The Point:
I wrote a plugin called "check_badbounce" that rejects *bounces only*
from specific remote servers that try to bounce messages that didn't
originate from my network in the first place. It does it using the
HELO message received from the remote machine, so it's not meant for
the spammers as much as it is for the few poorly configured big guns'
servers.
What are you looking at to identify a "bounce"?
I let a few things go beyond my normal queue
and they go into .qmail-default maildir.
-Bob
It may be better to accept the message, but silently discard it,
thereby appearing RFC compliant and pleasing end-users at the same
time. Have we built a framework for that (accept but don't queue)?
Anybody else have a use for this?
Background:
Some RoadRunner customer in Texas is infected with a virus that is
attempting to deliver email to non-existent users on one of our
domains using webmaster, admin, support, etc. addresses as the sender
address from that same domain. The RoadRunner SMTP server happily
relays the message, stripped of its viral payload (either the user's
PC is doing it or their server is, can't tell which).
RoadRunner doesn't apparently support SPF, or they don't apply it to
their relaying customers.
After no response whatsoever from RoadRunner's abuse dept., I've
decided to simply blacklist *only the bounces* coming from two
specific subdomains of rr.com, since each has about 3 or 4 relaying
servers. Our customers can still receive valid email from them, they
just won't get any failure notices.
Although this is technically a no-no, it doesn't seem RoadRunner cares
to do anything about it, since they are letting their customers craft
whatever kind of email they want, and they don't respond to my abuse
complaints. So I've justified protecting my users from their ignorance.
The idea that, of course, is that it's tool to use as a bandaid for
temporary problems. It has kept our group inboxes clean which makes
me and my users happy.
Anyone else have a need or use for this? I thought I'd ask before I
post the plugin, as there are "RFC ethics" involved. (Wouldn't want
anyone to show up on RFC-ignorant.) :)
-- Bryan
