3

I have a few e-mail aliases that forward to external hosts. Currently, if the external host rejects a message, Exim generates a bounce message and sends it to the original sender. This is bad because if the external host rejects the message as spam (a common case), then I'm a source of backscatter spam.

Thus, if the sender is non-local, I'd like to send the bounce to postmaster (me) instead. Alternately, sending all bounces to postmaster would be good enough.

The Exim documentation hints that this can be done ("when a message fails to be delivered ... Exim sends a message to the original sender, or to an alternative configured address", emphasis added), but I couldn't find how.

For example, here is a log excerpt showing a backscatter spam being created (in this case, the purported source server isn't accepting connections). foo@nacha.net is the purported sender of a spam e-mail to bar@reidster.net, which then forwards to baz@gmail.com; GMail then rejects the message and my server creates a bounce to foo@nacha.net. I want that bounce to go to postmaster@reidster.net instead. (Usernames obfuscated; the rest of the log is verbatim.)

2011-10-03 12:03:08 1RAkyw-0000cj-45 <= foo@nacha.net H=(gyajnj.com [113.190.35.111] P=esmtp S=33927 id=000e01cc51a7$ceee1700$6f23be71@nacha.net
2011-10-03 12:03:09 1RAkyw-0000cj-45 ** baz@gmail.com <bar@reidster.net> R=dnslookup T=remote_smtp: SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [74.125.47.26]: 552-5.7.0 Our system detected an illegal attachment on your message. Please\n552-5.7.0 visit http://mail.google.com/support/bin/answer.py?answer=6590 to\n552 5.7.0 review our attachment guidelines. i3si13239001yhk.107
2011-10-03 12:03:09 1RAkyz-0000cm-H5 <= <> R=1RAkyw-0000cj-45 U=Debian-exim P=local S=35124
2011-10-03 12:03:09 1RAkyw-0000cj-45 Completed
2011-10-03 12:03:30 1RAkyz-0000cm-H5 nacha.net [64.212.215.180] Connection timed out
2011-10-03 12:03:30 1RAkyz-0000cm-H5 == foo@nacha.net R=dnslookup T=remote_smtp defer (110): Connection timed out

Here is the relevant router:

dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  # ignore private rfc1918 and APIPA addresses
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
                        255.255.255.255
  no_more
Reid
  • 302
  • 3
  • 14

3 Answers3

3

Some rules are dumb because they cause more harm than good! And people advocating and creating them know that. I would care more about postmaster ethics than the dumb rules. And I hate dumb rules and obviously the people setting those rules. If you are like me, aware of consequences (see above) and want to screw the rules then sure,

1) Establish sender and recipient verification to secure yourself OR

2) Fail or freeze all null postmaster bounces. Do it with an exim system filter 

system_filter = /etc/exim/screwtherules.exim
vi /etc/exim/screwtherules.exim
if $sender_address is ""
then
if ${lookup{${extract{2}{@}{$recipients}}}lsearch{/etc/localdomains}{yes}{no}} is "no"
then
fail text "Delayed bounce message ignored"
seen finish
endif
endif

3) OR create an ACL at acl_smtp_data check time to forward, fail or freeze the null bounce emails being sent to or not to specific hosts. You can extract received header info as described in https://grepular.com/Exim_Trick_to_Extract_Received_Header_IP_Addresses

MickyMartin
  • 31
  • 2
1

Your approach violates RFC 5321 where you must deliver or bounce back to sender. There are only very limited exceptions: https://www.rfc-editor.org/rfc/rfc5321#section-6.2

So you have three options

  1. Deliver all bounces to postmaster
    This is invalid. No exceptions. Because there are situations where you discard legitimate bounces (quota exceeded, disk errors, ...) for all senders. Legitimate clients and evil Spammers.
  2. Deliver bounces from relayed mail to postmaster
    This is legitimate. But it leaves a hole where you discard bounces that are not related to content violations (Spam, viruses) but user unknown, mailbox full and the like.
  3. Deliver bounces from relayed mail that indicate content violations to postmaster
    Perfect solution but introduces extended configuration.

Go for option 3. But better would be to disallow forwarding mails or increase Spam filtering before forwarding these mails.

Community
  • 1
mailq
  • 17,023
  • 2
  • 37
  • 69
  • 2
    I'm a lot more concerned about being a backscatter spam vector than I am about following the RFCs; see http://en.wikipedia.org/wiki/Backscatter_%28e-mail%29. – Reid Oct 09 '11 at 21:26
  • @Reid Yes I got it. And I support that! So option 3 would fit for pro RFC and against backscatter. – mailq Oct 09 '11 at 21:28
  • @Reid - postmaser **must** follow RFC, Standard Track - without any excuse – Lazy Badger Oct 10 '11 at 06:47
  • 1
    @LazyBadger Very extreme statement. The RFC 5321 makes exceptions as linked. So his approach is covered in the RFC if you tweak the exceptions a bit. – mailq Oct 10 '11 at 08:54
  • @mailq - I disagee and was angry only on statement in common "I'm a lot more concerned about ... than I am about following the RFCs". I **hate** rfc-ignorant posmasters – Lazy Badger Oct 10 '11 at 09:16
  • @mailq: OK, so *how do I implement option 3 in Exim?* That's what the question is asking. – Reid Oct 10 '11 at 12:46
  • @Reid Now this is is the tricky part. I'm no exim guru. I just wanted to outline how you should rephrase the question that someone else can give you the right answer to it. – mailq Oct 10 '11 at 13:00
  • @mailq, OK, one other follow-up question: to which postmaster do you propose sending the bounces? In the above, the purported sending site (i.e., postmaster@nacha.net) is almost certainly fake, so sending the bounce to that postmaster would still be backscatter spam, just to a different address. And sending it to postmaster at my site (reidster.net) is what I asked for in the first place. I'm confused. Thanks. – Reid Oct 10 '11 at 13:35
  • @Reid you only send a subset of all bounces to you. Only this particular subset where the mail was relayed from outside to outside and then was rejected for content violation. The rest of all the bounces go back to sender as defined in the RFC. – mailq Oct 10 '11 at 13:43
1

The way to do this is with the errors_to directive in the router. I believe Exim also supports some conditionals to do it selectively.

Reid
  • 302
  • 3
  • 14