Another reason to allow mail origin address forgery

July 5, 2011

I've written before about my desire that Unix mailers would allow more forgery of outgoing email addresses, back in PleaseAllowForgery. At the time I was thinking of direct usage for sending email yourself, but I've recently realized that there's another important use for this: remailing things from forwarding setups.

If you just want simple forwarding, you can do that in .forward. But if you want more sophisticated conditional forwarding, around here the tradition approach is to use procmail with a suitably complex .procmailrc that winds up forwarding selected email with procmail's ! directive. So far, so good.

The problem is that this doesn't forward the message as such; instead it causes procmail to re-mail it. When it's remailed, it gets your own address as the envelope origin address. Should your remailed message bounce, which has been known to happen, the bounce will go to your address where it will be re-processed by your procmail setup and quite possibly 'forwarded' to your other address again. Repeat until the mail system melts down.

(These days our mail system has a circuit breaker that tries to detect and cut off such bounce loops, but it's not a sure thing.)

If Unix MTAs were more willing to allow you to set the envelope origin address, it would be entirely sensible for procmail and similar programs to do so when they 'forwarded' email. This would avoid the looping bounce problem (now bounces would go to the original sender, although this has its own problems) and make procmail-based forwarding much more like just using a simple .forward setup. As a bonus, it would avoid the general problems with remailing since, well, things wouldn't be remailing any more.

(Possibly some procmail alternatives already try to do forwarding this way, and leave it up to the MTA to decide whether it works or not. If so, I applaud them.)

Sidebar: the forwarding bounce problem

The problem with bounces of forwarded email is that there is no good place to report the problem. Even if the sender address isn't forged, the sender can't do anything about broken forwarding, so the most that sending bounces to them does is let them know that their message didn't get through. Sending the bounce to the user's local mailbox is likely pointless because the user probably doesn't check their local mailbox since, after all, their email is being forwarded. Trying to send any sort of note to the forwarding address runs into the issue that, well, at least some email to it is already bouncing.

Written on 05 July 2011.
« Our ZFS spares handling system (part 2)
Our solution to the spam forwarding problem »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Jul 5 01:24:26 2011
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.