Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

Trouble with VBounce

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


erik at frenchguys

May 12, 2008, 8:32 AM

Post #1 of 10 (304 views)
Permalink
Trouble with VBounce
Hi all,

I am having trouble with VBounce. I think I followed the FAQ to the
letter yet most of the backscatter still ends up in my mailbox. For
example, if I analyze the attached sample email (which I received this
morning), I get the following:

[ .... ]

Spam detection software, running on the system
"li9-234.members.linode.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root for details.

Content preview: Your message did not reach some or all of the
intended recipients.
The e-mail account does not exist. Check the e-mail address or
contact the
recipient directly to confirm the address. "Devon Roy"
<jhrc[at]cov.com> [...]


Content analysis details: (-2.0 points, 3.0 required)

pts rule name description
---- ----------------------
--------------------------------------------------
-2.3 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
0.3 AWL AWL: From: address is in the auto white-
list


As you see, no bounce related analysis. However some messages get
filtered out as bounce (just not the one attached and quite a few of
its bretheren) which tells me it's at least working a bit :

X-Spam-Report: * 1.9 URIBL_AB_SURBL Contains an URL listed in the
AB SURBL blocklist * [URIs: bambinidimanina.org] * 1.5
URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist *
[URIs: bambinidimanina.org] * 2.0 URIBL_BLACK Contains an URL listed
in the URIBL blacklist * [URIs: bambinidimanina.org] * 0.0
BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score:
0.5000] * 0.1 CRBOUNCE_MESSAGE Challenge-response bounce message *
0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message


Any idea for me ?

Erik
Attachments: sample-vbounce.txt (1.67 KB)


erik at frenchguys

May 13, 2008, 5:14 AM

Post #2 of 10 (274 views)
Permalink
Re: Trouble with VBounce [In reply to]
Anyone ? Do you get the same analysis with the attached message that I
got ? Is my VBounce setup wrong then ?

Erik

(did my message get ignored because of the text attachment ?)

On May 12, 2008, at 11:32 AM, Erik Dasque wrote:

> Hi all,
>
> I am having trouble with VBounce. I think I followed the FAQ to the
> letter yet most of the backscatter still ends up in my mailbox. For
> example, if I analyze the attached sample email (which I received
> this morning), I get the following:
>
> [ .... ]
>
> Spam detection software, running on the system
> "li9-234.members.linode.com", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or
> label
> similar future email. If you have any questions, see
> root for details.
>
> Content preview: Your message did not reach some or all of the
> intended recipients.
> The e-mail account does not exist. Check the e-mail address or
> contact the
> recipient directly to confirm the address. "Devon Roy" <jhrc[at]cov.com
> > [...]
>
>
> Content analysis details: (-2.0 points, 3.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> -2.3 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 0.3 AWL AWL: From: address is in the auto white-
> list
>
>
> As you see, no bounce related analysis. However some messages get
> filtered out as bounce (just not the one attached and quite a few of
> its bretheren) which tells me it's at least working a bit :
>
> X-Spam-Report: * 1.9 URIBL_AB_SURBL Contains an URL listed in the
> AB SURBL blocklist * [URIs: bambinidimanina.org] * 1.5
> URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
> * [URIs: bambinidimanina.org] * 2.0 URIBL_BLACK Contains an
> URL listed in the URIBL blacklist * [URIs: bambinidimanina.org]
> * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% *
> [score: 0.5000] * 0.1 CRBOUNCE_MESSAGE Challenge-response bounce
> message * 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce
> message
>
>
> Any idea for me ?
>
> Erik
>
>
>
> <sample-vbounce.txt>


erik at frenchguys

May 13, 2008, 5:25 AM

Post #3 of 10 (273 views)
Permalink
Re: Trouble with VBounce [In reply to]
I checked the debug result of my a --lint and got:

ed[at]li9-234:~$ spamassassin 2>&1 -D --lint | grep ounce
[13492] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from
@INC
[13492] dbg: config: fixed relative path: /var/lib/spamassassin/
3.002004/updates_spamassassin_org/20_vbounce.cf
[13492] dbg: config: using "/var/lib/spamassassin/3.002004/
updates_spamassassin_org/20_vbounce.cf" for included file
[13492] dbg: config: read file /var/lib/spamassassin/3.002004/
updates_spamassassin_org/20_vbounce.cf

This seems right, yes ?

Erik

On May 13, 2008, at 8:14 AM, Erik Dasque wrote:

> Anyone ? Do you get the same analysis with the attached message that
> I got ? Is my VBounce setup wrong then ?
>
> Erik
>
> (did my message get ignored because of the text attachment ?)
>
> On May 12, 2008, at 11:32 AM, Erik Dasque wrote:
>
>> Hi all,
>>
>> I am having trouble with VBounce. I think I followed the FAQ to the
>> letter yet most of the backscatter still ends up in my mailbox. For
>> example, if I analyze the attached sample email (which I received
>> this morning), I get the following:
>>
>> [ .... ]
>>
>> Spam detection software, running on the system
>> "li9-234.members.linode.com", has
>> identified this incoming email as possible spam. The original
>> message
>> has been attached to this so you can view it (if it isn't spam) or
>> label
>> similar future email. If you have any questions, see
>> root for details.
>>
>> Content preview: Your message did not reach some or all of the
>> intended recipients.
>> The e-mail account does not exist. Check the e-mail address or
>> contact the
>> recipient directly to confirm the address. "Devon Roy" <jhrc[at]cov.com
>> > [...]
>>
>>
>> Content analysis details: (-2.0 points, 3.0 required)
>>
>> pts rule name description
>> ---- ----------------------
>> --------------------------------------------------
>> -2.3 BAYES_00 BODY: Bayesian spam probability is 0 to
>> 1%
>> [score: 0.0000]
>> 0.3 AWL AWL: From: address is in the auto white-
>> list
>>
>>
>> As you see, no bounce related analysis. However some messages get
>> filtered out as bounce (just not the one attached and quite a few
>> of its bretheren) which tells me it's at least working a bit :
>>
>> X-Spam-Report: * 1.9 URIBL_AB_SURBL Contains an URL listed in
>> the AB SURBL blocklist * [URIs: bambinidimanina.org] * 1.5
>> URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
>> * [URIs: bambinidimanina.org] * 2.0 URIBL_BLACK Contains an
>> URL listed in the URIBL blacklist * [URIs:
>> bambinidimanina.org] * 0.0 BAYES_50 BODY: Bayesian spam
>> probability is 40 to 60% * [score: 0.5000] * 0.1
>> CRBOUNCE_MESSAGE Challenge-response bounce message * 0.1
>> ANY_BOUNCE_MESSAGE Message is some kind of bounce message
>>
>>
>> Any idea for me ?
>>
>> Erik
>>
>>
>>
>> <sample-vbounce.txt>
>


luis.otegui at gmail

May 13, 2008, 5:57 AM

Post #4 of 10 (273 views)
Permalink
Re: Trouble with VBounce [In reply to]
Hi, Eric

2008/5/13 Erik Dasque <erik[at]frenchguys.com>:
> I checked the debug result of my a --lint and got:
>
>
> ed[at]li9-234:~$ spamassassin 2>&1 -D --lint | grep ounce
> [13492] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC
> [13492] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf
> [13492] dbg: config: using
> "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf" for
> included file
> [13492] dbg: config: read file
> /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf
>
> This seems right, yes ?
>
> Erik
>
>
>
> On May 13, 2008, at 8:14 AM, Erik Dasque wrote:
>
> Anyone ? Do you get the same analysis with the attached message that I got ?
> Is my VBounce setup wrong then ?
>
> Erik
>
> (did my message get ignored because of the text attachment ?)
>
>
> On May 12, 2008, at 11:32 AM, Erik Dasque wrote:
>
> Hi all,
>
> I am having trouble with VBounce. I think I followed the FAQ to the letter
> yet most of the backscatter still ends up in my mailbox. For example, if I
> analyze the attached sample email (which I received this morning), I get the
> following:
>
> [ .... ]
>
>
> Spam detection software, running on the system "li9-234.members.linode.com",
> has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or label
> similar future email. If you have any questions, see
> root for details.
>
> Content preview: Your message did not reach some or all of the intended
> recipients.
> The e-mail account does not exist. Check the e-mail address or contact
> the
> recipient directly to confirm the address. "Devon Roy" <jhrc[at]cov.com>
> [...]
>
>
> Content analysis details: (-2.0 points, 3.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> -2.3 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 0.3 AWL AWL: From: address is in the auto white-list
>
>
> As you see, no bounce related analysis. However some messages get filtered
> out as bounce (just not the one attached and quite a few of its bretheren)
> which tells me it's at least working a bit :
>
>
>
> X-Spam-Report: * 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL
> blocklist * [URIs: bambinidimanina.org] * 1.5 URIBL_JP_SURBL Contains
> an URL listed in the JP SURBL blocklist * [URIs: bambinidimanina.org] *
> 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs:
> bambinidimanina.org] * 0.0 BAYES_50 BODY: Bayesian spam probability is 40
> to 60% * [score: 0.5000] * 0.1 CRBOUNCE_MESSAGE Challenge-response
> bounce message * 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce
> message
>
>
> Any idea for me ?

Yup. Did you whitelist your servers? If you don't do it, SA doesn't
know how to tell a legit bounce from UBE-generated bounces.

You should have something like

whitelist_bounce_relays my.server.name other.server.name

in your local.cf.

Then you'll start to notice how bounce notifications start to get
tagged as spam.


>
> Erik
>
>
>
> <sample-vbounce.txt>
>
>
>

Regards,


Luis
--
_____________________________________

GNU/GPL: "May The Source Be With You...

Linux Registered User #448382.
_____________________________________


jm at jmason

May 13, 2008, 6:22 AM

Post #5 of 10 (273 views)
Permalink
Re: Trouble with VBounce [In reply to]
actually, the message simply isn't in a format known to the ruleset.
The problem is that it doesn't contain a bounced message at all...
just the bounce, and no copy of the original message.

Since there's no copy of the original, there's no way to tell what message
it was in reply to, and whether it was in response to a fake or real mail.
So vbounce won't fire on it.

--j.

Erik Dasque writes:
> Anyone ? Do you get the same analysis with the attached message that I got
> ? Is my VBounce setup wrong then ?
> Erik
> (did my message get ignored because of the text attachment ?)
> On May 12, 2008, at 11:32 AM, Erik Dasque wrote:
>
> Hi all,
> I am having trouble with VBounce. I think I followed the FAQ to the
> letter yet most of the backscatter still ends up in my mailbox. For
> example, if I analyze the attached sample email (which I received this
> morning), I get the following:
> [ .... ]
> Spam detection software, running on the system
> "li9-234.members.linode.com", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or label
> similar future email. If you have any questions, see
> root for details.
> Content preview: Your message did not reach some or all of the intended
> recipients.
> The e-mail account does not exist. Check the e-mail address or
> contact the
> recipient directly to confirm the address. "Devon Roy" <jhrc[at]cov.com>
> [...]
>
> Content analysis details: (-2.0 points, 3.0 required)
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> -2.3 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 0.3 AWL AWL: From: address is in the auto white-list
> As you see, no bounce related analysis. However some messages get
> filtered out as bounce (just not the one attached and quite a few of its
> bretheren) which tells me it's at least working a bit :
>
> X-Spam-Report: * 1.9 URIBL_AB_SURBL Contains an URL listed in the AB
> SURBL blocklist * [URIs: bambinidimanina.org] * 1.5 URIBL_JP_SURBL
> Contains an URL listed in the JP SURBL blocklist * [URIs:
> bambinidimanina.org] * 2.0 URIBL_BLACK Contains an URL listed in the
> URIBL blacklist * [URIs: bambinidimanina.org] * 0.0 BAYES_50 BODY:
> Bayesian spam probability is 40 to 60% * [score: 0.5000] * 0.1
> CRBOUNCE_MESSAGE Challenge-response bounce message * 0.1
> ANY_BOUNCE_MESSAGE Message is some kind of bounce message
>
> Any idea for me ?
> Erik
> <sample-vbounce.txt>


guenther at rudersport

May 13, 2008, 7:26 AM

Post #6 of 10 (267 views)
Permalink
Re: Trouble with VBounce [In reply to]
> Yup. Did you whitelist your servers? If you don't do it, SA doesn't
> know how to tell a legit bounce from UBE-generated bounces.
>
> You should have something like
> whitelist_bounce_relays my.server.name other.server.name
> in your local.cf.

True, and the OP did. He included another header snipped, showing
ANY_BOUNCE_MESSAGE hitting.


> Then you'll start to notice how bounce notifications start to get
> tagged as spam.

This is not true, however. VBounce will add a mere 0.1 or 0.2 to the
score, which hardly can be seen as "tagging as spam". The purpose of
VBounce is to *identify* backscatter. Not to treat it as spam. Please,
let me re-iterate what I have posted in here a bunch of times
already... :)

$ grep -A 2 procmail /usr/share/spamassassin/20_vbounce.cf

# If you use this, set up procmail or your mail app to spot the
# "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move
# messages that match that to a 'vbounce' folder.

guenther


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}


erik at frenchguys

May 13, 2008, 7:44 AM

Post #7 of 10 (267 views)
Permalink
Re: Trouble with VBounce [In reply to]
My problem is that despite the fact that VBounce is enabled very few
of the backscatter gets trapped (5% ?).

Even messages that include the headers of the original message such as
the following don't get trapped (I thought VBounce was able to analyze
included headers to look for the SMTP white listing. So VBounce cannot
do anything if the headers from the joe-jobbing message are not
included. What of the message that I just included, while it doesn't
contain the body of the message, it includes headers from the original
message that should tell VBounce it wasn't sent from one of my SMTP
servers, right ? :

Final-Recipient: rfc822; burgess[at]rcpls.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=02133-01-112
Last-Attempt-Date: Tue, 13 May 2008 09:56:07 -0400 (EDT)
Received: from 79.131.82.115 (localhost [127.0.0.1])
by relay.u-s-c-co.com (Spam Firewall) with ESMTP id 83CEB15F4FE
for <burgess[at]rcpls.com>; Tue, 13 May 2008 09:56:05 -0400 (EDT)
Received: from 79.131.82.115 ([79.131.82.115]) by relay.u-s-c-co.com
with ESMTP id K81IVHFwdqDLBFGh for <burgess[at]rcpls.com>; Tue, 13 May
2008 09:56:05 -0400 (EDT)
Message-ID: <000a01c8b501$0495fb35$2237faad[at]bsqsw>
From: "hussein anil" <6edasque[at]frenchguys.com>
To: <burgess[at]rcpls.com>
Subject: million selections
Date: Tue, 13 May 2008 12:09:15 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C8B501.0491D065"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198



On May 13, 2008, at 10:26 AM, Karsten Bräckelmann wrote:

>
>> Yup. Did you whitelist your servers? If you don't do it, SA doesn't
>> know how to tell a legit bounce from UBE-generated bounces.
>>
>> You should have something like
>> whitelist_bounce_relays my.server.name other.server.name
>> in your local.cf.
>
> True, and the OP did. He included another header snipped, showing
> ANY_BOUNCE_MESSAGE hitting.
>
>
>> Then you'll start to notice how bounce notifications start to get
>> tagged as spam.
>
> This is not true, however. VBounce will add a mere 0.1 or 0.2 to the
> score, which hardly can be seen as "tagging as spam". The purpose of
> VBounce is to *identify* backscatter. Not to treat it as spam. Please,
> let me re-iterate what I have posted in here a bunch of times
> already... :)
>
> $ grep -A 2 procmail /usr/share/spamassassin/20_vbounce.cf
>
> # If you use this, set up procmail or your mail app to spot the
> # "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move
> # messages that match that to a 'vbounce' folder.
>
> guenther
>
>
> --
> char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a
> \x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i
> %8? c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h])
> { putchar(t[s]);h=m;s=0; }}}
>
>


luis.otegui at gmail

May 13, 2008, 8:42 AM

Post #8 of 10 (266 views)
Permalink
Re: Trouble with VBounce [In reply to]
Karsten:

2008/5/13 Karsten Bräckelmann <guenther[at]rudersport.de>:
>
> > Yup. Did you whitelist your servers? If you don't do it, SA doesn't
> > know how to tell a legit bounce from UBE-generated bounces.
> >
> > You should have something like
> > whitelist_bounce_relays my.server.name other.server.name
> > in your local.cf.
>
> True, and the OP did. He included another header snipped, showing
> ANY_BOUNCE_MESSAGE hitting.
>
>
>
> > Then you'll start to notice how bounce notifications start to get
> > tagged as spam.
>
> This is not true, however. VBounce will add a mere 0.1 or 0.2 to the
> score, which hardly can be seen as "tagging as spam". The purpose of
> VBounce is to *identify* backscatter. Not to treat it as spam. Please,
> let me re-iterate what I have posted in here a bunch of times
> already... :)

Well, you're right. I didn't express myself clearly. However, I have a
heavily modified vbounce2.cf in the /etc/spamassassin/ folder, which
assigns a default score of 7 so many bounce messages, since we don't
accept foreign bounces here.

>
> $ grep -A 2 procmail /usr/share/spamassassin/20_vbounce.cf
>
> # If you use this, set up procmail or your mail app to spot the
> # "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move
> # messages that match that to a 'vbounce' folder.
>
> guenther
>
>
> --
> char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
>
>

Anyway, thanks for pointing out the real aim of VBounce. I lost it
completely, and now you've got me thinking if what I'm doing is wrong.

Regards,


Luis
--
_____________________________________

GNU/GPL: "May The Source Be With You...

Linux Registered User #448382.
_____________________________________


erik at frenchguys

May 15, 2008, 6:38 AM

Post #9 of 10 (241 views)
Permalink
Re: Trouble with VBounce [In reply to]
Ok, I think something is still wrong with my VBounce setup as a great
% of backscatter doesn't get tagged with "ANY_BOUNCE_MESSAGE".

Could I request from a few people on the list to send me a sample
message attached as text which I can use "spamassassin -Lt < sample-
vbounce.txt" on to see if I get the right content analysis (please
send your content analysis of it).

As a sample, I'll attach another message to this one which gave me the
following (but not ANY_BOUNCE_MESSAGE):

X-Spam-Report: * 0.4 URI_HEX URI: URI hostname has long hexadecimal
sequence * 0.0 NUMERIC_HTTP_ADDR URI: Uses a numeric IP address in
URL * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% *
[score: 0.0000] * 1.5 URIBL_SBL Contains an URL listed in the SBL
blocklist * [URIs: veloxzone.com.br] * 1.0 AWL AWL: From:
address is in the auto white-list


As you can see from the attachment this email contains the original
headers (but not the body) of the bouncing message. The Received:
fields of these headers contain none of my whitelisted servers. As a
result, I would expect VBounce to tag it with "ANY_BOUNCE_MESSAGE".

My local.cf file, found in ~/.spamassassin contains the following
(should anything be in my user_prefs ?) :

whitelist_bounce_relays smtp.onething.net
whitelist_bounce_relays mail.anotherthing.com
whitelist_bounce_relays owa.otherserver.com
whitelist_bounce_relays mail.otherserver.com

Again, my spamassassin 2>&1 -D --lint | grep ounce gives me the
following:

[13492] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from
@INC
[13492] dbg: config: fixed relative path: /var/lib/spamassassin/
3.002004/updates_spamassassin_org/20_vbounce.cf
[13492] dbg: config: using "/var/lib/spamassassin/3.002004/
updates_spamassassin_org/20_vbounce.cf" for included file
[13492] dbg: config: read file /var/lib/spamassassin/3.002004/
updates_spamassassin_org/20_vbounce.cf

Thanks in advance,

Erik
Attachments: message-rfc822.eml (4.00 KB)


rmueller at thinxsolutions

May 15, 2008, 7:31 AM

Post #10 of 10 (240 views)
Permalink
Re: Trouble with VBounce [In reply to]
Hi,

just check Bug 5901, I had the same problems with googlemail bounces,
there is no header rule within 20_vbounce.cf matching on them. I found
the following, what I posted several days before:

+++++++++++++
After digging a little bit into this (I'm not a SA-expert), it showed
that the body-rule " __HAVE_BOUNCE_RELAYS" is giving a "1", but often no
header rule "__BOUNCE*" seems to give a hit.
One of the most likely rules to be IMHO true is the
"__BOUNCE_FROM_DAEMON" one, but this one nearly never gives a hit.
Looking at the regexp in this line, the "+" after the \S seems not to be
correct from my point of view, I would suggest a "*" here, as it is in
"__BOUNCE_RPATH_MD".
So for testing purposes I modified the line
old:
header __BOUNCE_FROM_DAEMON From =~
/(?:(?:daemon|deamon|majordomo|postmaster|virus|scanner|devnull|automated-response|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S+\@|<>)/i

to new:
header __BOUNCE_FROM_DAEMON From =~
/(?:(?:daemon|deamon|majordomo|postmaster|virus|scanner|devnull|automated-response|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S*\@|<>)/i
++++++++++++++

After that, those bounces were recognized, but also several FPs occured.
In the meantime, I have modified the line this way:

header __BOUNCE_FROM_DAEMON From =~
/(?:(?:mailer-(?:daemon|deamon)|majordomo|postmaster|virus|scanner|devnull|automated-response|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S*\@|<>)/i

Regards,
Robert


Erik Dasque schrieb:
> Ok, I think something is still wrong with my VBounce setup as a great
> % of backscatter doesn't get tagged with "ANY_BOUNCE_MESSAGE".
>
> Could I request from a few people on the list to send me a sample
> message attached as text which I can use "spamassassin -Lt <
> sample-vbounce.txt" on to see if I get the right content analysis
> (please send your content analysis of it).
>
> As a sample, I'll attach another message to this one which gave me the
> following (but not ANY_BOUNCE_MESSAGE):
>
> *X-Spam-Report: * * 0.4 URI_HEX URI: URI hostname has long
> hexadecimal sequence * 0.0 NUMERIC_HTTP_ADDR URI: Uses a numeric IP
> address in URL * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to
> 1% * [score: 0.0000] * 1.5 URIBL_SBL Contains an URL listed in
> the SBL blocklist * [URIs: veloxzone.com.br] * 1.0 AWL AWL:
> From: address is in the auto white-list
>
>
>
> As you can see from the attachment this email contains the original
> headers (but not the body) of the bouncing message. The Received:
> fields of these headers contain none of my whitelisted servers. As a
> result, I would expect VBounce to tag it with "ANY_BOUNCE_MESSAGE".
>
> My local.cf file, found in ~/.spamassassin contains the following
> (should anything be in my user_prefs ?) :
>
> whitelist_bounce_relays smtp.onething.net
> whitelist_bounce_relays mail.anotherthing.com
> whitelist_bounce_relays owa.otherserver.com
> whitelist_bounce_relays mail.otherserver.com
>
> Again, my spamassassin 2>&1 -D --lint | grep ounce gives me the following:
>
> [13492] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC
> [13492] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf
> [13492] dbg: config: using
> "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf"
> for included file
> [13492] dbg: config: read file
> /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf
>
> Thanks in advance,
>
> Erik
>
>
> ------------------------------------------------------------------------
>
> Betreff:
> Delivery Status Notification (Delay)
> Von:
> Mail Delivery Subsystem <mailer-daemon[at]googlemail.com>
> Datum:
> Wed, 14 May 2008 09:51:40 -0700 (PDT)
> An:
> edasque[at]frenchguys.com
>
> An:
> edasque[at]frenchguys.com
>
>
> This is an automatically generated Delivery Status Notification
>
> THIS IS A WARNING MESSAGE ONLY.
>
> YOU DO NOT NEED TO RESEND YOUR MESSAGE.
>
> Delivery to the following recipient has been delayed:
>
> ahalka[at]worldmag.com
>
> Message will be retried for 1 more day(s)
>
> ----- Message header follows -----
>
> Received: by 10.141.88.3 with SMTP id q3mr3743149rvl.46.1210605546345;
> Mon, 12 May 2008 08:19:06 -0700 (PDT)
> Return-Path: <edasque[at]frenchguys.com>
> Received: from 20178235020.user.veloxzone.com.br ([201.78.235.20])
> by mx.google.com with ESMTP id f21si10936600rvb.0.2008.05.12.08.19.00;
> Mon, 12 May 2008 08:19:06 -0700 (PDT)
> Received-SPF: neutral (google.com: 201.78.235.20 is neither permitted nor denied by best guess record for domain of edasque[at]frenchguys.com) client-ip=201.78.235.20;
> Authentication-Results: mx.google.com; spf=neutral (google.com: 201.78.235.20 is neither permitted nor denied by best guess record for domain of edasque[at]frenchguys.com) smtp.mail=edasque[at]frenchguys.com
> Message-ID: <000501c8b443$0565cfa7$382cf694[at]cdgxl>
> From: "dukey babak" <edasque[at]frenchguys.com>
> To: <ahalka[at]worldmag.com>
> Subject: Mother's day special discount prices
> Date: Mon, 12 May 2008 13:31:29 +0000
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0002_01C8B443.0563A481"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
>
> ----- Message body suppressed -----
>
>
>
> ------------------------------------------------------------------------
>

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.