Then maybe you should consider:

Rule 1  Subject line:  "Undeliverable"

Rule 2   Received from: line   any of your ip address block

Action    pass message on to the sender (in your domain) as your user should be told a recipient to their message does not exist.

Martin

I am victim to a spammer using my server's email addresses as "from" addresses in his spams.  The emails were sent from a Japanese ISP, not from my server, but since he used our email addresses as "from", we get the rejection responses and "out of office" responses.  I've looked around for solutions, and it seems that all I can do is set up MY server so it doesn't do this to others - by having it check that an email came from where it says it did before sending automated responses.  The doesn't seem to be anything I can do to stop the barrage of automatic emails from improperly configured servers.  My account alone is getting 2-3 thousand "undeliverable mail" responses per day. 

Since obviously we can't expect every mail server to be configured correctly to not send me these, the answer seems to be on my end.  I'd love other people to chime in with other ideas on how to fix this. 

My suggestion is having an option in Pegasus to add a header to outgoing emails - just a static string.  This way we can filter for the header when getting automated responses - for example, I could set a rule that says:

If it is a "undeliverable mail" email, delete it unless the message contains a header with "SIGNATURE1223".

From reading posts on the 'net, it looks like this problem started getting really bad around the beginning of 2008.  Anyone else have any suggestions for how we or the Pegasus/Mercury developers could work around this sociopathic practice?

And, please pray for me that the spammer switches to a different "from" address REALLY soon! :)

One way to consider is examining the Return-to address for the domain name, and then examining the Received From lines  If the IP address in any of these Received From lines is not in your IP address block (IP address is in form [111.222.333.444], but the Return-To domain is yours, then you have a spoofed address message. This is called Ingress testing. Your own domain messages cannot be seen coming in from outside IP addresses.

Martin

What your suggesting is what was recommended to me - but doesn't this merely make sure that my mail server isn't sending out automated responses to other servers?  I think most mail servers are already capable of doing this, but it is difficult to set up, so the majority of small servers don't have it set up and they are the ones that sent me the 2000+ rejection emails a day. 

I'm not trying to tear you down - I'm asking, am I misunderstanding this suggestion?  How can I use this to protect myself and my users from receiving the rejection letters from the receiving servers?

Thanks!