my solution to fight backscatter email

Hi to all

i want to show you my solution about how to fight backscatter, pleas
tell me what do you think about that:

The concept is to store in a whitelist-db To and CC emails of my
outbound emails, and when i receive an email with a delivery error,
check if the Final-Recipient is in my whitelist.

I've implemented it in 2 php files, one must be run for each outgoing
email, and the other one for each incoming email.

/*
************************ FOR EACH OUTGOING EMAIL
*/
<?php

/*
        the content of the email can be retrieved or by stdin or by reading
it from a tmpfile
*/
$content = file_get_contents("Sent");

/*
        look only in the headers of the email
*/
$headers = strtoupper(substr($content,0,strpos($content,"Content-Type:")));


/*
        retrieve To: and CC: destinations
*/
$start_to = strpos($headers,"\nTO:");
$start_cc = strpos($headers,"\nCC:");
$start_subject = strpos($headers,"\nSUBJECT:");

if($start_cc!==false){
$to = substr($headers,$start_to,$start_cc-$start_to);
$cc = substr($headers,$start_cc,$start_subject-$start_cc);
}else{
$to = substr($headers,$start_to,$start_subject-$start_to);
}


$res_to = get_address($to);
$res_cc = get_address($cc);

$final_email = array_merge($res_to,$res_cc);


foreach($final_email  as $email){

/*
        store email in my backscatter whitelist
*/

}



/**
* return an array filled with the emails found in $address
*/
function get_address($address){

        $results = array();

        $address = explode(",",$address);

        foreach($address as $email){

                if(strpos($email,"<")!==false){

                        $mail = substr($email,strpos($email,"<")+1,strpos($email,">")-strpos($email,"<")-1);

                }else{
               
                $mail=$email;
               
                }

                $mail = trim($mail);

                array_push($results,$mail);

        }

        return $results;

}
?>


/*
************************ FOR EACH INCOMING EMAIL
*/
<?php

$content = file_get_contents("backscatter");


$final_recipient = strpos($content,"Final-Recipient: rfc822;");

if($final_recipient!==false){

/*
        this is a mail with a delivery failure
        i try to retrieve the original destination of the email
*/
$email_final_recipient =
substr($content,$final_recipient,strpos($content,"\n",$final_recipient)-$final_recipient);

$email_final_recipient =
substr($email_final_recipient,strlen("Final-Recipient: rfc822;"));

$email_final_recipient = trim($email_final_recipient);

$email_final_recipient = strtoupper($email_final_recipient);


/*
        now i check if the email is in my backscatter whitelist
*/

check....

}else{

/* OK, this email isn't a mail with a delivery failure */

}



?>
--
/*************/
nik600
https://sourceforge.net/projects/ccmanager
https://sourceforge.net/projects/reportmaker
https://sourceforge.net/projects/nikstresser

nik600:
> Hi to all
>
> i want to show you my solution about how to fight backscatter, pleas
> tell me what do you think about that:
>
> The concept is to store in a whitelist-db To and CC emails of my
> outbound emails, and when i receive an email with a delivery error,
> check if the Final-Recipient is in my whitelist.

That does not work with recipients who forward their mail to
a different address.

> /*
> retrieve To: and CC: destinations
> */
> $start_to = strpos($headers,"\nTO:");
> $start_cc = strpos($headers,"\nCC:");

That does not work because the recipients are in the envelope
not in the headers.

Proof: you receive this message but you are not in the To: or Cc:
headers.

        Wietse

sorry, but i don't understand:

my problem is to avoid backscatter to the users of my mailserver.

I still want to forward them REAL mail delivery error.

with this system, i store in a database the destinations of outgoing
email (only To: and CC:, retrieved in the header of the outgoing
email)

When i receive and email that contains the "Final-Recipient: rfc822;"
string in the body of the incoming email, i check if the email related
to Final-Recipient: in in my database.

If i found it, it means that the original mail has been sent to and
email that my customers trust (if the email address isn't corrent, is
not a problem).

If i don't found the email Final-Recipient: rfc822; in my database, it
means that i've never sent anything to that address, so i can delete
the email.

I what other case i send an email to someone that doesn't compare in
the header of email? I think only when i send to mailing list, alias
or groups, but i think that is a trascurable situation.

Or not?

Thanks
--
/*************/
nik600
https://sourceforge.net/projects/ccmanager
https://sourceforge.net/projects/reportmaker
https://sourceforge.net/projects/nikstresser

nik600 wrote:

You should use the SMTP enveloppe's as from and to. Your solution could use some improvement but the concept by itself is interesting.

Glenn

--
                         | Glenn Matthys [[hidden email]]
 \    /_ |_  _ _ o _  _| | Zaakvoerder
  \/\/(/_|_)| | ||| |(_| |
                         | http://www.webmind.be
    +32 50 67 57 90      | [hidden email]

nik600:
Go read some basic introduction to email. Google for envelope
sender recipient.

        Wietse

nik600 wrote:
> If i don't found the email Final-Recipient: rfc822; in my database, it
> means that i've never sent anything to that address, so i can delete
> the email.
>
> I what other case i send an email to someone that doesn't compare in
> the header of email? I think only when i send to mailing list, alias
> or groups, but i think that is a trascurable situation.
>  
When you send mail to "info@domain" and get a response from "jim@domain".

Or you give someone your business card with your email address, and they
send you an email,

Terry

nik600 wrote:
> [snip]
> sorry, but i don't understand:
>
> my problem is to avoid backscatter to the users of my mailserver.
>
> I still want to forward them REAL mail delivery error.
>  

the "mail delivery error" is sent to the original ENVELOPE SENDER, not
the the From header.
> with this system, i store in a database the destinations of outgoing
> email (only To: and CC:, retrieved in the header of the outgoing
> email)
>  

First question: what if user BCC'd someone?
Stop using headers. Use envelope addresses.
> When i receive and email that contains the "Final-Recipient: rfc822;"
> string in the body of the incoming email, i check if the email related
> to Final-Recipient: in in my database.
>  

you are doing too much assumptions. once again, use the envelope instead
of headers.

anyway, the idea is not new. see last amavisd-new "anti backscatter"
feature.