You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/12/14 01:59:32 UTC
[Bug 4029] New: RFE: Handle spammer backscatter (rfc1894 DSN bounce reports)
http://bugzilla.spamassassin.org/show_bug.cgi?id=4029
Summary: RFE: Handle spammer backscatter (rfc1894 DSN bounce
reports)
Product: Spamassassin
Version: 3.0.1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Rules
AssignedTo: dev@spamassassin.apache.org
ReportedBy: daveg@dgnode.screaming.net
General:
Spammers use any old address in their faked message submissions and we all (I
hope it's not just me!) occasionally receive a rash of backscatter from MTAs
that don't check credentials as carefully as they should. SpamAssassin has most
of the tools already to delve deeper in to these RFC1894 Deliver Status
Notification (bounce) messages to help identify the dross.
The DSN message itself should initially pass the standard SA test suite, coming
from an valid Internet MTA. All of the potentially offending material is
embedded within MIME multipart components, safely insulated from detailed
analysis.
Possible Tests:
The 'Received-From-MTA' header within the 'message/delivery-status' component
would be "known to us" if the original submission was valid.
The original message, or at least a significant portion of it, can be
reconstructed from the 'message/rfc822' component if it exist. This could then
be subjected to a further pounding by SpamAssassin to see if the original was
spam.
Valid original messages would have originated "locally". This could be tested
for in the reconstructed original message headers.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.