Suggestions for `canSendBounce` method

[titanism]

Hi there @andris9 and @louis-lau 👋

Just sharing some suggestions for the function here:

https://github.com/zone-eu/zone-mta/blob/49cc03a6dba473f4e6e585ca6f0b2b956a0fa77f/lib/bounces.js#L109C16-L109C29

1. Test for postmaster@ in addition to mailer-daemon@ (if postmaster shouldn't bounce) for both MAIL FROM and From header. You may also want to test against no reply addresses. We maintain a list at https://github.com/forwardemail/reserved-email-addresses-list. We also check for a MAIL FROM and From header that ends with +donotreply and -donotreply (e.g. Google Groups). We also test against root, cron, etc.
2. If Auto-Submitted is anything other than =no, then don't bounce. Right now you only test for auto-replied and auto-generated.
3. If X-Auto-Response-Suppress is (case insensitive) dr, autoreply, auto-reply, auto_reply, or all then don't bounce. Right now you only check for all.
4. You only check Content-Type for multipart/report right now, but you might want to specifically check against report-type of delivery-status or delivery-notification for accuracy.
5. If it contains X-MDDSN-Message and From or MAIL FROM is mdaemon then it probably shouldn't bounce (Microsoft DSN header)
6. If every part of the message had type of message or text AND every subtype was either rfc822-headers or rfc822 (e.g. https://github.com/stalwartlabs/mail-server/blob/4f02e4c96f9dc01f37f077bf2597e5a943bb1f02/resources/config/spamfilter/scripts/bounce.sieve)
7. If there is a Precedence header with a value that is autoreply, auto-reply, auto_reply (case insensitive) then don't send a bounce. Note that bulk and list values are excluded from this check, as similar to how we don't check for list-id nor list-unsubscribe (and neither do you currently in canSendBounce).

Making this changes will help to decrease the amount of misdirected bounces and backscatter spam in your projects.

[titanism]

Also, you may want to set Precedence header with a value of auto_reply and additionally X-Auto-Response-Suppress with a value of All in

zone-mta/plugins/core/email-bounce.js

Lines 29 to 36 in 49cc03a

	rootNode.setHeader('From', fromAddress);
	rootNode.setHeader('To', to);
	rootNode.setHeader('X-Sending-Zone', sendingZone);
	rootNode.setHeader('X-Failed-Recipients', bounce.to);
	rootNode.setHeader('Auto-Submitted', 'auto-replied');
	rootNode.setHeader('Subject', `Delivery Status Notification (${isDelayed ? 'Delay' : 'Failure'})`);

.

[titanism]

There's also a nice conditional check here https://github.com/stalwartlabs/mail-server/blob/4f02e4c96f9dc01f37f077bf2597e5a943bb1f02/resources/config/spamfilter/scripts/bounce.sieve#L2-L21 you might want to incorporate to cut down on misdirected bounces.

[titanism]

I like the approach here of doing a bounce if and only if matches mailer-daemon/root/postmaster/etc and also subject line match

zone-mta/lib/bounces.js

Line 125 in 49cc03a

if (/^mailer-daemon@/i.test(delivery.from) || !delivery.from) {