[140929] in North American Network Operators' Group
Re: blocking annoying 'bounce mail' "feature" from customers use.
daemon@ATHENA.MIT.EDU (Seth Mattinen)
Wed May 25 12:18:00 2011
Date: Wed, 25 May 2011 09:17:09 -0700
From: Seth Mattinen <sethm@rollernet.us>
To: nanog@nanog.org
In-Reply-To: <D2D37F15EBBD524693E9F3CB32D02080219B775069@exchange.corp.fpu-tn.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 5/25/11 9:09 AM, Eric J Esslinger wrote:
> Mac Mail (and others) have a "feature" that allows my customers to generate a fake NDR message and send it back through my server. I get about a customer every few months that discovers this 'solution' to spam emails, and when it happens they cause delivery problems for my customer mail server by generating backscatter.
>
> Today I just ended up on a list that won't take me off for quite a while (or unless I pay).
>
> Does anyone know of a way for me to block the following, using postfix, either via refusing to accept the mail or by dropping it in /dev/null:
> Mail from <> or postmaster that originates within our customer IP blocks/is sent using authentication at the submission port and/or that does not have a valid local recipient.
>
> I can't find any ready made recipies online for this sort of thing in a short dig around for it, and while I think it's possible, I was wondering if anyone else was already dealing with this and could say 'oh yeah just put line blah in header_checks'. I would think it would be simple once you find it but you know how it is.
>
> (I've already dealt with the customer in question but I'm getting tired of this popping up every month or three.)
You can check for a combination of two or more of these headers:
Auto-Submitted: auto-generated (failure)
X-Mailer: Apple Mail (x)
Content-Type: multipart/report;
boundary=x;
report-type=delivery-status
~Seth
