Hi to all
i want to show you my solution about how to fight backscatter, pleas tell me what do you think about that: The concept is to store in a whitelist-db To and CC emails of my outbound emails, and when i receive an email with a delivery error, check if the Final-Recipient is in my whitelist. I've implemented it in 2 php files, one must be run for each outgoing email, and the other one for each incoming email. /* ************************ FOR EACH OUTGOING EMAIL */ <?php /* the content of the email can be retrieved or by stdin or by reading it from a tmpfile */ $content = file_get_contents("Sent"); /* look only in the headers of the email */ $headers = strtoupper(substr($content,0,strpos($content,"Content-Type:"))); /* retrieve To: and CC: destinations */ $start_to = strpos($headers,"\nTO:"); $start_cc = strpos($headers,"\nCC:"); $start_subject = strpos($headers,"\nSUBJECT:"); if($start_cc!==false){ $to = substr($headers,$start_to,$start_cc-$start_to); $cc = substr($headers,$start_cc,$start_subject-$start_cc); }else{ $to = substr($headers,$start_to,$start_subject-$start_to); } $res_to = get_address($to); $res_cc = get_address($cc); $final_email = array_merge($res_to,$res_cc); foreach($final_email as $email){ /* store email in my backscatter whitelist */ } /** * return an array filled with the emails found in $address */ function get_address($address){ $results = array(); $address = explode(",",$address); foreach($address as $email){ if(strpos($email,"<")!==false){ $mail = substr($email,strpos($email,"<")+1,strpos($email,">")-strpos($email,"<")-1); }else{ $mail=$email; } $mail = trim($mail); array_push($results,$mail); } return $results; } ?> /* ************************ FOR EACH INCOMING EMAIL */ <?php $content = file_get_contents("backscatter"); $final_recipient = strpos($content,"Final-Recipient: rfc822;"); if($final_recipient!==false){ /* this is a mail with a delivery failure i try to retrieve the original destination of the email */ $email_final_recipient = substr($content,$final_recipient,strpos($content,"\n",$final_recipient)-$final_recipient); $email_final_recipient = substr($email_final_recipient,strlen("Final-Recipient: rfc822;")); $email_final_recipient = trim($email_final_recipient); $email_final_recipient = strtoupper($email_final_recipient); /* now i check if the email is in my backscatter whitelist */ check.... }else{ /* OK, this email isn't a mail with a delivery failure */ } ?> -- /*************/ nik600 https://sourceforge.net/projects/ccmanager https://sourceforge.net/projects/reportmaker https://sourceforge.net/projects/nikstresser |
nik600:
> Hi to all > > i want to show you my solution about how to fight backscatter, pleas > tell me what do you think about that: > > The concept is to store in a whitelist-db To and CC emails of my > outbound emails, and when i receive an email with a delivery error, > check if the Final-Recipient is in my whitelist. That does not work with recipients who forward their mail to a different address. > /* > retrieve To: and CC: destinations > */ > $start_to = strpos($headers,"\nTO:"); > $start_cc = strpos($headers,"\nCC:"); That does not work because the recipients are in the envelope not in the headers. Proof: you receive this message but you are not in the To: or Cc: headers. Wietse |
>
>> /* >> retrieve To: and CC: destinations >> */ >> $start_to = strpos($headers,"\nTO:"); >> $start_cc = strpos($headers,"\nCC:"); > > That does not work because the recipients are in the envelope > not in the headers. > > Proof: you receive this message but you are not in the To: or Cc: > headers. > > Wietse > sorry, but i don't understand: my problem is to avoid backscatter to the users of my mailserver. I still want to forward them REAL mail delivery error. with this system, i store in a database the destinations of outgoing email (only To: and CC:, retrieved in the header of the outgoing email) When i receive and email that contains the "Final-Recipient: rfc822;" string in the body of the incoming email, i check if the email related to Final-Recipient: in in my database. If i found it, it means that the original mail has been sent to and email that my customers trust (if the email address isn't corrent, is not a problem). If i don't found the email Final-Recipient: rfc822; in my database, it means that i've never sent anything to that address, so i can delete the email. I what other case i send an email to someone that doesn't compare in the header of email? I think only when i send to mailing list, alias or groups, but i think that is a trascurable situation. Or not? Thanks -- /*************/ nik600 https://sourceforge.net/projects/ccmanager https://sourceforge.net/projects/reportmaker https://sourceforge.net/projects/nikstresser |
nik600 wrote:
>>> /* >>> retrieve To: and CC: destinations >>> */ >>> $start_to = strpos($headers,"\nTO:"); >>> $start_cc = strpos($headers,"\nCC:"); >> That does not work because the recipients are in the envelope >> not in the headers. >> >> Proof: you receive this message but you are not in the To: or Cc: >> headers. >> >> Wietse >> > > sorry, but i don't understand: > > my problem is to avoid backscatter to the users of my mailserver. > > I still want to forward them REAL mail delivery error. > > with this system, i store in a database the destinations of outgoing > email (only To: and CC:, retrieved in the header of the outgoing > email) > > When i receive and email that contains the "Final-Recipient: rfc822;" > string in the body of the incoming email, i check if the email related > to Final-Recipient: in in my database. > > If i found it, it means that the original mail has been sent to and > email that my customers trust (if the email address isn't corrent, is > not a problem). > > If i don't found the email Final-Recipient: rfc822; in my database, it > means that i've never sent anything to that address, so i can delete > the email. > > I what other case i send an email to someone that doesn't compare in > the header of email? I think only when i send to mailing list, alias > or groups, but i think that is a trascurable situation. > > Or not? > > Thanks You should use the SMTP enveloppe's as from and to. Your solution could use some improvement but the concept by itself is interesting. Glenn -- | Glenn Matthys [[hidden email]] \ /_ |_ _ _ o _ _| | Zaakvoerder \/\/(/_|_)| | ||| |(_| | | http://www.webmind.be +32 50 67 57 90 | [hidden email] |
In reply to this post by nik600 hotmail
nik600:
> > > >> /* > >> retrieve To: and CC: destinations > >> */ > >> $start_to = strpos($headers,"\nTO:"); > >> $start_cc = strpos($headers,"\nCC:"); > > > > That does not work because the recipients are in the envelope > > not in the headers. > > > > Proof: you receive this message but you are not in the To: or Cc: > > headers. > > > > Wietse > > > > sorry, but i don't understand: > Go read some basic introduction to email. Google for envelope sender recipient. Wietse |
In reply to this post by nik600 hotmail
nik600 wrote:
> If i don't found the email Final-Recipient: rfc822; in my database, it > means that i've never sent anything to that address, so i can delete > the email. > > I what other case i send an email to someone that doesn't compare in > the header of email? I think only when i send to mailing list, alias > or groups, but i think that is a trascurable situation. > When you send mail to "info@domain" and get a response from "jim@domain". Or you give someone your business card with your email address, and they send you an email, Terry |
In reply to this post by nik600 hotmail
nik600 wrote:
> [snip] > sorry, but i don't understand: > > my problem is to avoid backscatter to the users of my mailserver. > > I still want to forward them REAL mail delivery error. > the "mail delivery error" is sent to the original ENVELOPE SENDER, not the the From header. > with this system, i store in a database the destinations of outgoing > email (only To: and CC:, retrieved in the header of the outgoing > email) > First question: what if user BCC'd someone? Stop using headers. Use envelope addresses. > When i receive and email that contains the "Final-Recipient: rfc822;" > string in the body of the incoming email, i check if the email related > to Final-Recipient: in in my database. > you are doing too much assumptions. once again, use the envelope instead of headers. anyway, the idea is not new. see last amavisd-new "anti backscatter" feature. > If i found it, it means that the original mail has been sent to and > email that my customers trust (if the email address isn't corrent, is > not a problem). > > If i don't found the email Final-Recipient: rfc822; in my database, it > means that i've never sent anything to that address, so i can delete > the email. > > I what other case i send an email to someone that doesn't compare in > the header of email? I think only when i send to mailing list, alias > or groups, but i think that is a trascurable situation. > > Or not? > > Thanks > |
Free forum by Nabble | Edit this page |