Discussion:
Delivered-To: message header
(too old to reply)
Wietse Venema
2004-11-19 01:14:58 UTC
Permalink
Some people are seeing mail bounces because of DELIVERED-TO loops.
The mail received by Postfix has a DELIVERED-TO header with the
address of a local recipient. The local delivery agent bounces the
mail because that is the purpose of the DELIVERED-TO header.
Wietse, I hate to think I'm being obtuse (though I admit I was working
in management for a while :-), but why would local(8) bounce mail sent
exists in the email?
LOCAL(8) LOCAL(8)

NAME
local - Postfix local mail delivery

SYNOPSIS
local [generic Postfix daemon options]

...

MAIL FORWARDING

...

In order to stop mail forwarding loops early, the software
adds an optional Delivered-To: header with the final enve-
lope recipient address. If mail arrives for a recipient
that is already listed in a Delivered-To: header, the mes-
sage is bounced.
Andrew Boring
2004-11-19 01:42:30 UTC
Permalink
Post by Wietse Venema
Wietse, I hate to think I'm being obtuse (though I admit I was working
in management for a while :-), but why would local(8) bounce mail sent
exists in the email?
In order to stop mail forwarding loops early, the software
adds an optional Delivered-To: header with the final enve-
lope recipient address. If mail arrives for a recipient
that is already listed in a Delivered-To: header, the mes-
sage is bounced.
So the *spammer* is adding a "Delivered-to:" header, not the OP's
Postfix system? And the OP's local(8) is seeing this Delivered-To:
header and bouncing the original message (saying it's looping) to the
undeliverable address? Okay, I think I understand now.
Victor Duchovni
2004-11-19 02:03:40 UTC
Permalink
Post by Andrew Boring
So the *spammer* is adding a "Delivered-to:" header, not the OP's
header and bouncing the original message (saying it's looping) to the
undeliverable address? Okay, I think I understand now.
This was discussed in detail some time ago. It was also observed that
while one could add authentication "cookies" to the "Delivered-To:"
header, it is far from clear whether doing so is worth the effort. If
someone is determined to generate bounces off your system they will. Is
"raising the bar" by "fixing" just "Delivered-To:" worth the effort,
probably not.
--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:***@postfix.org?body=unsubscribe%20postfix-users>
Andrew Boring
2004-11-19 03:19:06 UTC
Permalink
Post by Victor Duchovni
Post by Andrew Boring
So the *spammer* is adding a "Delivered-to:" header, not the OP's
header and bouncing the original message (saying it's looping) to the
undeliverable address? Okay, I think I understand now.
This was discussed in detail some time ago.
Yep. Even list regulars can't keep up with all past threads. :-)
Though, the more I think about it, the more I recall seeing in the docs
somewhere the reasoning behind the Delivered-To: header in the first
place.

However, if you have a thread reference handy, I'll be happy to sit
down and learn more for my own sake (and for the sake of less noise
next time on the list).
Post by Victor Duchovni
It was also observed that
while one could add authentication "cookies" to the "Delivered-To:"
header, it is far from clear whether doing so is worth the effort. If
someone is determined to generate bounces off your system they will. Is
"raising the bar" by "fixing" just "Delivered-To:" worth the effort,
probably not.
Hmm. I never considered "Delivered-To:" a problem until now. Even
still, I don't necessarily consider it a "problem". I consider spammers
a problem though. I personally would rather "fix" spammers than "fix"
Delivered-To: (after all, mail headers don't respond to a large blunt
object the same way spammers do :-)
Victor Duchovni
2004-11-19 03:46:03 UTC
Permalink
Post by Andrew Boring
Post by Victor Duchovni
This was discussed in detail some time ago.
However, if you have a thread reference handy, I'll be happy to sit
down and learn more for my own sake (and for the sake of less noise
next time on the list).
Why can't people Google for themselves???

http://groups.google.com/groups?hl=en&lr=&th=a95d6e9043a77e28&seekm=cjumdk%242csh%241%40FreeBSD.csie.NCTU.edu.tw&frame=off
--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:***@postfix.org?body=unsubscribe%20postfix-users>
Andrew Ball
2004-11-19 19:36:18 UTC
Permalink
Post by Wietse Venema
LOCAL(8) LOCAL(8)
NAME
local - Postfix local mail delivery
SYNOPSIS
local [generic Postfix daemon options]
...
MAIL FORWARDING
...
In order to stop mail forwarding loops early, the software
adds an optional Delivered-To: header with the final enve-
lope recipient address. If mail arrives for a recipient
that is already listed in a Delivered-To: header, the mes-
sage is bounced.
If I'm reading this correctly, then, this Warning about a loop is *not* a
misconfiguration of my mailserver. This is correct (and documented)
behaviour from Postfix. And it's being caused by manipulation of the
Delivered-To: header by a spammer (or worm, or whatever).

Thanks for the explanation.
--
Andrew Ball 700 Union St.
Systems Ringmaster / Seattle, WA 98101
Technology Sherpa (206) 292-7660 x1337 voice
ACT Theatre (206) 292-7670 fax
***@acttheatre.org

Loading...