Mailing List CGatePro@mail.stalker.com Message #95979
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: hundreds of non-delivery messages
Date: Fri, 05 Sep 2008 11:51:41 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
 Message Header

Undecoded Message
Hello

The NDR messages are not necessarily formatted in a way to easily extract the returned headers. A large part of NDR messages does not even contain them, or contains only standard ones. The "false positives" ratio would probably be larger than the current "false negatives" ratio. Some NDR messages does not even have the NDR type (multipart/report, message/delivery-status, etc), the are just normal messages with error text in the body.

A safer approach could be to remember all the outbound messages for, say, a week - remember only the From/To pair and the sent date would probably be enough. When a NDR is received, it could be possible to extract all email addresses present in the NDR body and headers and check if any of the pair is matching the known data. As other solutions, this requires that all messages _from_ your users are sent _through_ your server. If any users goes through his ISP, he may never get any NDR as your server will flush them.

Another, probably better approach, which I don't think is currently within the reach of a CGP external filter, would be to rewrite the return-path of a send message with some data in the "detail" part of the address, which could be matched when a NDR is received. Again, this requires all messages to be sent through your server but reduces the required message parsing and would cut in the amount of data needing to be kept by the server.

But none of these solutions would be able to filter NDR messages that does not have the NDR type, as they would appear as normal messages to the filter.

Regards,
Nicolas Hatier

Todd Clayton wrote:
Hello,

Sorry to dig up an old thread, but I wanted to get an opinion on resolving this issue.  Would it be possible to add a header to the message when it is sent from the server?  Then if you get a NDR, you could check to see if that header is in the message and reject it if it is not included.  Then you could distinguish between valid NDRs and SPAM ones.  If this is possible, any suggestions on how to build the rules for this?

Thanks very much,
Todd


From: "Urs Gruetzner" <ugruetzner@ems.ch>
Date: April 21, 2008 6:07:22 AM EDT
Subject: hundreds of non-delivery messages


One of our accounts (mabellanATems.ch) gets in the last days hundreds of
mails whih claim to be answers to undeliverable mails


like the example below.


I guess these non-delivery messages are faked an the attachments may
contain viruses. Has anyone the same experience? How to stop? 


Urs

--

Nicolas Hatier
Niversoft idées logicielles
http://www.niversoft.com


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster