Recently, upon being added to a "webmaster" email alias, I found myself deluged with a significant number of bounce messages every morning. Turns out one of the hosted web sites was sending out notifications every time a page was modified, but (since the envelope header was set to the default webserver user) bounces were not going to the site's admin.

The envelope header needed to be rewritten, but only for messages coming from the site in question - i.e. if based on the content of the message. The following example, for the rewrite section, sets the envelope header to "bounces@example.com" if the message "From:" header contains the string "@example.com", otherwise it moves to the next rule.

www@webserver "${if match {$h_From:}{@example.com} {bounces@example.com}fail}" Fs

(Note that this is not "secure" since anyone can set From headers, but in my case this was not done in an environment with untrusted users.)