nobodyreturn and backscatter

nobodyreturn and backscatter

am 05.12.2007 00:44:18 von Andrew Daviel

We have been having some trouble with an anti-spam company characterizing
us as sending spam. (that's another post)

One possibility is that our DSNs for failed forwarded mail (recipient's
site does miltering, or mailbox full, whatever) contained the entire
message, and when sent to the return address might trigger content-analysis
filtering.

We have tried setting PRIVACY_FLAGS=nobodyreturn, which is not the default
AFAIK in the sendmail 8.13.1 we are running.

I wondered whether other users had come across this problem, and how common
it is now to set this flag (don't return the message body in a DSN).

Another gotcha I found was that orphan aliases (pointing to a now-removed
account) generate DSNs and not error status.


--
Andrew Daviel
TRIUMF

Re: nobodyreturn and backscatter

am 05.12.2007 21:10:00 von gtaylor

On 12/4/2007 5:44 PM, Andrew Daviel wrote:
> One possibility is that our DSNs for failed forwarded mail
> (recipient's site does miltering, or mailbox full, whatever)
> contained the entire message, and when sent to the return address
> might trigger content-analysis filtering.

I can't say how likely or unlikely it is that the content of the third
part of the DSN will trigger DSN receivers filters. It stands to reason
that it would be more likely for the content to be caught than not
having the content. However I have nothing to base this on other than
personal belief. Does any one else have any evidence to this effect?

> We have tried setting PRIVACY_FLAGS=nobodyreturn, which is not the
> default AFAIK in the sendmail 8.13.1 we are running.
>
> I wondered whether other users had come across this problem, and how
> common it is now to set this flag (don't return the message body in
> a DSN).

I have gotten to the point that I set the "nobodyreturn" flag on just
about all my mail servers. I have had too many experiences where people
will send a message with attachments that end up included in the DSNs.
I have never had any problems with this setup that I'm aware of.

> Another gotcha I found was that orphan aliases (pointing to a
> now-removed account) generate DSNs and not error status.

*nod*

If you are doing a lot of forwarding, you probably should look in to
Sender Rewriting Scheme (a.k.a. SRS) in conjunction with SPF, so that
you do not break original message senders SPF records. You can run SRS
with out running SPF your self. Though I think you should seriously
consider SPF (my opinion).



Grant. . . .