Detecting mailer-daemon in 2.0.15 with Postfix


Yes, I know, I really really want to upgrade to RT3, and will do it Any Day
Now, but until then, something’s come up in switching from sendmail to
postfix – I’m seeing a lot of MAILER-DAEMON created tickets.

According to $RTHOME/lib/RT/Interface/

sub CheckForSuspiciousSender {
my $head = shift;

#if it's from a postmaster or mailer daemon, it's likely a bounce.

#TODO: better algorithms needed here - there is no standards for
#bounces, so it's very difficult to separate them from anything
#else.  At the other hand, the Return-To address is only ment to be
#used as an error channel, we might want to put up a separate
#Return-To address which is treated differently.

#TODO: search through the whole email and find the right Ticket ID.

my ($From, $junk) = ParseSenderAddressFromHead($head);

if (($From =~ /^mailer-daemon/i) or
    ($From =~ /^postmaster/i)){
    return (1);


return (undef);


However, I’m still seeing tickets (sample headers):From: (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
X-Virus-Scanned: by amavisd-new-20030616-p7 (Debian) at

The ParseSenderAddressFromHead() function was evaluating Reply-To, From and
Sender in that order – there being no Reply-To, I’d have thought the From
would get the match and return…

Anyone else seen this behaviour or have other additions for rt2 to catch
mailer-daemon replies more globally? My next stop will be to try header
grabbing in postfix itself to intercept these.

Thanks for any thoughts,