You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by jonathan <je...@ryerson.ca> on 2007/04/18 21:33:23 UTC

VBounce vs backscatter

We've been getting massive amounts of backscatter spam, large amounts of 
which is making it past SA.  Most of it isn't making any real effort to 
disguise the fact that it didn't originate from our outbound systems, 
and I've been looking at the VBounce plugin to help stop it.

The plugin recommends that you don't score the various _BOUNCE rules 
high, rather use part of your mail system to filter these messages and 
quarantine them somewhere, undelivered.  This seems rather dangerous to 
me, and of dubious benefit compared to just giving these rules a 
score...  am I missing something?

Also - I seem to be seeing false positives in the logs (though I'm not 
seeing the messages themselves) - email that seems to be from one legit 
external address to a legit internal address.

Finally, I'm experiencing this bug:  
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5331, which causes 
some legit bounces to be flagged.

Is anyone using VBounce in a large environment?  How are you configuring 
it to avoid flagging legit mail?

jonathan.