[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bounced Message but still sent to list

On Sat, Nov 30, 2002 at 06:27:58PM -0500, Derrick 'dman' Hudson wrote:
> | > > The reason the mail was not delivered at this time is:
> | > > <debian_user@green.hartshorne.net>: unknown user: "debian_user"
> The mail bounced because it was attempted to be delivered to
> debian_user@green.hartshorne.net.  However, the server handling the
> domain green.hartshorne.net can't find a user named "debian_user".

I think I can shed some light on this problem.  (see From: address...)

I have spamassassin running on my mail server.  It does it's thing and
tries to identify spam.  When it tags something, it adds all its fun
headers and changes the subject line and so on.

When I suck mail down to my machine from my mail server, procmail sorts
spam into its own folder, and also pipes it to a program that tries to
send a bounce to the sender.  
* ^Subject: *****SPAM*****
| /home/ben/mail-bounce/mail-bounce -d -c TBR

# filter out spam
* ^Subject: *****SPAM*****

mail-bounce is a perl script (http://www.spots.ab.ca/~gary/mail-bounce/)
that reads in mail, and tries to parse the message to figure out who its
from, and bounces the mail back to that person.  The idea is for it to
be used on the other side of virus and spam detectors (catch the mail
and send a bounce saying you're infected or the addr doesn't exist).  

I use it on the theory that addresses that bounce are more likely to be
removed from spammers lists than adresses that successfully deliver
their message.  This theory might be flawed, since many spammers never
look at anything that comes back, but I figured it probably couldn't
hurt.  I suppose I have confused some people now though...  ;)

So, for some reason spamassassin tagged Michelle's original mail as
spam, so it generated a bounce.  Only one bounce was generated because
spamassassin didn't tag any subsequent messages as spam.  It's a pity
she didn't Cc: root@green.hartshorne.net or postmaster or something cuz
then I could have cleared this up a bit sooner (I'm slow at reading
debian_user -- too high volume)

> This is only half of the story, though.  The mail server for
> green.hartshorne.net is horridly broken.  There are two locations in
> an email for the sender and two for the recipient(s).  One location,
> which you are familiar with, is the message headers.  The other is the
> envelope.  Just like snail-mail, the message has contents (headers and
> body) and an envelope.  Snail-mail works like this :
>     1) The postoffice reads the envelope to determine where to deliver it.
>     2) If delivery can't succeed, the postoffice reads the envelope to
>         see where to return the package with notification of the
>         problem.
> Email is works the same way.  However, some systems decide that the
> envelope isn't good enough.  They rip open and read mail that isn't
> theirs, and then decide to deliver the bounce to the sender mentioned
> in the headers, not the one on the envelope.

For my purposes (trying to have whatever address spam is sent to tagged
as 'broken'), should I be sending mail to the envelope sender instead
of the from: sender?  I've actually never read the mail-bounce source
closely enough to figure out exactly how it chooses what address to send
the bounce to...  

hmm..  Skipping sources, but reading documentation instead: 
(from the mail-bounce manual,
> Mail-bounce looks for a return address in the following places and in
> the following order:
> 1) Errors-To header;
> 2) Return-Path header;
> 3) Reply-To header;
> 4) From header;
> 5) Last Received: from header, first trying the sender, then the host 
>    name, then the IP address.

I don't really know enough about the nitty gritty details of spam, but
the order above seems like it makes sense to me.  


Thanks! (and sorry for the confusion)


Ben Hartshorne     benAThartshorneDOTnet     http://ben.hartshorne.net
PGP keyserver:pgp.dtype.org          Please encrypt all communications

Attachment: pgpbC2CohgXs_.pgp
Description: PGP signature

Reply to: