Re: blocking annoying 'bounce mail' "feature" from customers use.

[Seth Mattinen <sethm () rollernet us>]

On 5/25/11 9:09 AM, Eric J Esslinger wrote:
> Mac Mail (and others) have a "feature" that allows my customers to generate a fake NDR message and send it back 
> through my server. I get about a customer every few months that discovers this 'solution' to spam emails, and when it 
> happens they cause delivery problems for my customer mail server by generating backscatter.
>
> Today I just ended up on a list that won't take me off for quite a while (or unless I pay).
>
> Does anyone know of a way for me to block the following, using postfix, either via refusing to accept the mail or by 
> dropping it in /dev/null:
> Mail from <> or postmaster that originates within our customer IP blocks/is sent using authentication at the 
> submission port and/or that does not have a valid local recipient.
>
> I can't find any ready made recipies online for this sort of thing in a short dig around for it, and while I think 
> it's possible, I was wondering if anyone else was already dealing with this and could say 'oh yeah just put line blah 
> in header_checks'. I would think it would be simple once you find it but you know how it is.
>
> (I've already dealt with the customer in question but I'm getting tired of this popping up every month or three.)


You can check for a combination of two or more of these headers:

Auto-Submitted: auto-generated (failure)
X-Mailer: Apple Mail (x)
Content-Type: multipart/report;
        boundary=x;
        report-type=delivery-status

~Seth