Provide options for bounce processing.
Each feature can be enabled/disabled with a true/false toggle in the check
Some features can have rejections disabled in the reject section.
[check] reject_all=false single_recipient=true empty_return_path=true bad_rcpt=true bounce_spf=true non_local_msgid=true [reject] single_recipient=true empty_return_path=true bounce_spf=false non_local_msgid=false
When enabled, blocks all bounce messages using the simple rule of checking
It is generally a bad idea to block all bounces. This option can be useful for mail servers at domains with frequent spoofing and few or no human users.
Valid bounces have a single recipient. Assure that the message really is a bounce by enforcing bounces to be addressed to a single recipient.
This check is skipped for relays or hosts with a private IP, this is because Microsoft Exchange distribution lists will send messages to list members with a null return-path when the 'Do not send delivery reports' option is enabled (yes, really...).
Valid bounces should have an empty return path. Test for the presence of the Return-Path header in bounces and disallow.
Disallow bounces to email addresses listed in
Include email addresses in that file that should never receive bounce messages. Examples of email addresses that should be listed are: autoresponders, email@example.com, firstname.lastname@example.org, and any other email addresses used solely for machine generated messages.
Parses the message body and any MIME parts for Received: headers and strips out the IP addresses of each Received hop and then checks what the SPF result would have been if bounced message had been sent by that hop.
If no 'Pass' result is found, then this test will fail. If SPF returns 'None', 'TempError' or 'PermError' then the test will be skipped.