I have a few e-mail aliases that forward to external hosts. Currently, if the external host rejects a message, Exim generates a bounce message and sends it to the original sender. This is bad because if the external host rejects the message as spam (a common case), then I'm a source of backscatter spam.
Thus, if the sender is non-local, I'd like to send the bounce to postmaster (me) instead. Alternately, sending all bounces to postmaster would be good enough.
The Exim documentation hints that this can be done ("when a message fails to be delivered … Exim sends a message to the original sender, or to an alternative configured address", emphasis added), but I couldn't find how.
For example, here is a log excerpt showing a backscatter spam being created (in this case, the purported source server isn't accepting connections). foo@nacha.net is the purported sender of a spam e-mail to bar@reidster.net, which then forwards to baz@gmail.com; GMail then rejects the message and my server creates a bounce to foo@nacha.net. I want that bounce to go to postmaster@reidster.net instead. (Usernames obfuscated; the rest of the log is verbatim.)
2011-10-03 12:03:08 1RAkyw-0000cj-45 <= foo@nacha.net H=(gyajnj.com [113.190.35.111] P=esmtp S=33927 id=000e01cc51a7$ceee1700$6f23be71@nacha.net
2011-10-03 12:03:09 1RAkyw-0000cj-45 ** baz@gmail.com <bar@reidster.net> R=dnslookup T=remote_smtp: SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [74.125.47.26]: 552-5.7.0 Our system detected an illegal attachment on your message. Please\n552-5.7.0 visit http://mail.google.com/support/bin/answer.py?answer=6590 to\n552 5.7.0 review our attachment guidelines. i3si13239001yhk.107
2011-10-03 12:03:09 1RAkyz-0000cm-H5 <= <> R=1RAkyw-0000cj-45 U=Debian-exim P=local S=35124
2011-10-03 12:03:09 1RAkyw-0000cj-45 Completed
2011-10-03 12:03:30 1RAkyz-0000cm-H5 nacha.net [64.212.215.180] Connection timed out
2011-10-03 12:03:30 1RAkyz-0000cm-H5 == foo@nacha.net R=dnslookup T=remote_smtp defer (110): Connection timed out
Here is the relevant router:
dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
# ignore private rfc1918 and APIPA addresses
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
255.255.255.255
no_more
Best Answer
Some rules are dumb because they cause more harm than good! And people advocating and creating them know that. I would care more about postmaster ethics than the dumb rules. And I hate dumb rules and obviously the people setting those rules. If you are like me, aware of consequences (see above) and want to screw the rules then sure,
1) Establish sender and recipient verification to secure yourself OR
2) Fail or freeze all null postmaster bounces. Do it with an exim system filter
3) OR create an ACL at acl_smtp_data check time to forward, fail or freeze the null bounce emails being sent to or not to specific hosts. You can extract received header info as described in https://grepular.com/Exim_Trick_to_Extract_Received_Header_IP_Addresses