On Sat, Nov 30, 2002 at 06:27:58PM -0500, Derrick 'dman' Hudson wrote: > > | > > The reason the mail was not delivered at this time is: > | > > <[EMAIL PROTECTED]>: unknown user: "debian_user" > > The mail bounced because it was attempted to be delivered to > [EMAIL PROTECTED] However, the server handling the > domain green.hartshorne.net can't find a user named "debian_user".
I think I can shed some light on this problem. (see From: address...) I have spamassassin running on my mail server. It does it's thing and tries to identify spam. When it tags something, it adds all its fun headers and changes the subject line and so on. When I suck mail down to my machine from my mail server, procmail sorts spam into its own folder, and also pipes it to a program that tries to send a bounce to the sender. :0c * ^Subject: *****SPAM***** | /home/ben/mail-bounce/mail-bounce -d -c TBR # filter out spam :0: * ^Subject: *****SPAM***** Mail/spam mail-bounce is a perl script (http://www.spots.ab.ca/~gary/mail-bounce/) that reads in mail, and tries to parse the message to figure out who its from, and bounces the mail back to that person. The idea is for it to be used on the other side of virus and spam detectors (catch the mail and send a bounce saying you're infected or the addr doesn't exist). I use it on the theory that addresses that bounce are more likely to be removed from spammers lists than adresses that successfully deliver their message. This theory might be flawed, since many spammers never look at anything that comes back, but I figured it probably couldn't hurt. I suppose I have confused some people now though... ;) So, for some reason spamassassin tagged Michelle's original mail as spam, so it generated a bounce. Only one bounce was generated because spamassassin didn't tag any subsequent messages as spam. It's a pity she didn't Cc: [EMAIL PROTECTED] or postmaster or something cuz then I could have cleared this up a bit sooner (I'm slow at reading debian_user -- too high volume) > This is only half of the story, though. The mail server for > green.hartshorne.net is horridly broken. There are two locations in > an email for the sender and two for the recipient(s). One location, > which you are familiar with, is the message headers. The other is the > envelope. Just like snail-mail, the message has contents (headers and > body) and an envelope. Snail-mail works like this : > 1) The postoffice reads the envelope to determine where to deliver it. > 2) If delivery can't succeed, the postoffice reads the envelope to > see where to return the package with notification of the > problem. > Email is works the same way. However, some systems decide that the > envelope isn't good enough. They rip open and read mail that isn't > theirs, and then decide to deliver the bounce to the sender mentioned > in the headers, not the one on the envelope. For my purposes (trying to have whatever address spam is sent to tagged as 'broken'), should I be sending mail to the envelope sender instead of the from: sender? I've actually never read the mail-bounce source closely enough to figure out exactly how it chooses what address to send the bounce to... hmm.. Skipping sources, but reading documentation instead: (from the mail-bounce manual, http://www.spots.ab.ca/~gary/mail-bounce/mail-bounce-1.3.4/MANUAL.html) > Mail-bounce looks for a return address in the following places and in > the following order: > > 1) Errors-To header; > 2) Return-Path header; > 3) Reply-To header; > 4) From header; > 5) Last Received: from header, first trying the sender, then the host > name, then the IP address. I don't really know enough about the nitty gritty details of spam, but the order above seems like it makes sense to me. Comments? Thanks! (and sorry for the confusion) -ben -- Ben Hartshorne benAThartshorneDOTnet http://ben.hartshorne.net PGP keyserver:pgp.dtype.org Please encrypt all communications
msg16997/pgp00000.pgp
Description: PGP signature
