Mailing List Archive: SpamAssassin: users

bounced message spam

Index | Next | Previous | View Threaded

smcbutler at gmail

May 24, 2008, 12:11 AM

Post #1 of 3 (156 views)
Permalink

bounced message spam

hi, i'm getting a lot of bounced emails where a spammer is using my email in
their return address

The original message was received at Thu, 22 May 2008 09:01:04 -0500
from adsl-pool2-248.metrotel.net.co [190.1.176.248] (may be forged)

----- The following addresses had permanent fatal errors -----
<winstondd[at]talleytech.com>
(reason: 550 5.7.1 Requested action not taken: message refused)

etc etc

how do folks get round this issue? are there any rules around i could try?

TIA
--
View this message in context: http://www.nabble.com/bounced-message-spam-tp17445103p17445103.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

jarif at iki

May 24, 2008, 1:02 AM

Post #2 of 3 (145 views)
Permalink

Re: bounced message spam [In reply to]

----- Original Message -----
From: "smcbutler" <smcbutler[at]gmail.com>
To: <users[at]spamassassin.apache.org>
Sent: Saturday, May 24, 2008 10:11 AM
Subject: bounced message spam

>
>
> hi, i'm getting a lot of bounced emails where a spammer is using my email in
> their return address
>
> The original message was received at Thu, 22 May 2008 09:01:04 -0500
> from adsl-pool2-248.metrotel.net.co [190.1.176.248] (may be forged)
>
> ----- The following addresses had permanent fatal errors -----
> <winstondd[at]talleytech.com>
> (reason: 550 5.7.1 Requested action not taken: message refused)
>
>
> etc etc
>
> how do folks get round this issue? are there any rules around i could try?
>

There is VBounce plugin, which can be activated in /etc/spamassassin/v320.pre, by uncommenting

loadplugin Mail::SpamAssassin::Plugin::VBounce

In addition to that, you have to declare your smarthost(s) in /etc/spamassassin/local.cf like this:

whitelist_bounce_relays pena.fred.pp.fi
whitelist_bounce_relays hurricane.fred.pp.fi
whitelist_bounce_relays smtp.nblnetworks.fi
whitelist_bounce_relays smtp-69.nebula.fi

That should do it, what comes to SpamAssassin. Personally I don't trust it too much, and I have a custom rules for my maildrop to handle backscatter.

jarif at iki

May 24, 2008, 1:12 AM

Post #3 of 3 (146 views)
Permalink

Re: bounced message spam [In reply to]

>>
>> how do folks get round this issue? are there any rules around i could try?
>>
>
>There is VBounce plugin, which can be activated in /etc/spamassassin/v320.pre, by uncommenting
>
> loadplugin Mail::SpamAssassin::Plugin::VBounce
>

It is also important to notice, that VBounce does not declare bounces as SPAM! It raises a rule of ANY_BOUNCE_MESSAGE, which can be used to move the messages to a "Bounce" directory or such.

In my /etc/maildroprc is a record

# SpamAssassin detected that this is a bounce of some kind.
if ( /^X-Spam-Status.*ANY_BOUNCE_MESSAGE/ )
{
xfilter "reformail -a'X-Bounce: Yes '"
}

and later all "X-Bounce: Yes" items are directed to "Joe Job Bounces" folder.

Maybe complicated out of context that X-Bounce, but the point is that

Regexp: X-Spam-Status.*ANY_BOUNCE_MESSAGE

--

You have to deal that ANY_BOUNCE_MESSAGE, as SpamAssassin does not mark bounces as Spam (gets only 0.1 - 0.3 points) which is the right thing to do in my opinion.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com