Re: Autoreplies from RT are hitting on ANY_BOUNCE_MESSAGE

[Karsten Bräckelmann <gu...@rudersport.de>]

On Wed, 2011-02-23 at 14:34 +1100, Con Tassios wrote:
> On Tue, 29 Jun 2010, Karsten Bräckelmann wrote:

[ Rather large *snip*, mostly me asking the OP for info that he never
provided. ]

> > Lastly, as Alex hinted, stock SA would *not* have classified the mail as
> > spam. That is due to your incredibly high custom score.
> >
> > The vbounce rule-set is meant to identify backscatter, and action is
> > supposed to be taken on the rules hit. It is not meant and better not be
> > used to classify these spam. See the vbounce rule-set cf file for proper
> > usage.
> 
> Sorry to be replying to such an old message, but SA 3.3.1 seems to be hitting

A new post probably would have been better. Some of us do read the list
in threaded view, and I wouldn't have found this post if it wasn't for
you "helpfully" Cc'ing me privately. (Since it's been another week, I'll
Cc you too, despite my habit.)

BTW, I hope you didn't notice this because, like the OP of the original
thread, you assigned bounces a high spam score. That would be wrong to
do.

> these rules simply when a message has the word 'AutoReply' in the subject
> header.  As such, it would be difficult to accurately identify mail as
> backscatter, as some web sites (Dell, for example) send emails that contain the
> word 'AutoReply' in the subject after a web form is submitted.

Almost. It also depends on actually configuring the VBounce plugin, and
not hitting the rules to protect real bounces. To be precise, this is
the logic, stripped down from the larger meta rule -- where the last
sub-rule is the Subject header RE.

  meta BOUNCE_MESSAGE  __HAVE_BOUNCE_RELAYS && (!__MY_SERVERS_FOUND && !ALL_TRUSTED && !__NONBOUNCE_READ_RECEIPT && (... || __BOUNCE_AUTO_REPLY))

If you want a quick fix, re-define __BOUNCE_AUTO_REPLY in your site
config local.cf to not include the offending string, or disable that
particular OR-ed sub-rule altogether.

  meta __BOUNCE_AUTO_REPLY (0)

If you believe that particular string and sub-rule doesn't help much in
detecting bounces, and thus should either be constrained further or
possibly removed from the set, please file a bug.


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}