Moin can send mails on several occasions, mostly related to user handling and notifications on changes. It currently does not handle bounces and they usually get unnoticed. Moin should be able to handle bounces and re-act on them.
Two things are needed to do this. It needs a script that receives mails, parses them and acts on them. It should also encode some more information into the from address, like user-id, so each bounce can be easily identified without extra code to handle many broken systems out there.
Each mail should get some more information about the recipient. This is usually encoded into the from-address of the e-mail, like email@example.com. All major MTA supports this recipient delimiter addressing, so all mails are delivered firstname.lastname@example.org. With this information the mail can be accounted to the correct account even if some system in between does not support DSN.
All sent mails must follow some rules. They must be sent with a Auto-Submitted: auto-generated header (see RFC 3834). Also Moin should assume DSN is supported by the local MSA (ten years is enough) and send mails with RET=HDRS, NOTIFY=FAILURE and ORCPT=… (see RFC 3461).
Moin needs a script that can be called by the MDA. This script gets the recipient of the mail and the contents at least. It parses the mail as needed and possible. It can act on the contents depending on the type of mail.
A DSN as specified in RFC 3464 can be handled completely automatic. Each failed account should be disabled. However we need some way to tell the user the account was disabled on the next attempted log-in. He may get the option to specify a new e-mail-address to regain access to the account.
All other mails should be forwarded to the admin for inspection. This mail should include all available user information if the id encoded into the bounce address is available.