You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Matthew Newton <mc...@leicester.ac.uk> on 2005/05/11 13:05:27 UTC

Bounces to forged sender addresses

Hi all

I have had reports of someone here having been sent a lot of bounced
messages because their e-mail address has been forged in spam. I know
that this is unavoidable, and that there isn't a lot we can do about it,
but having looked at the sample mail had a slight idea.

The bounce message in this instance contained the actual spam (at least,
cut down headers as displayed by the e-mail client, and the plain text).
In the spam's headers were things that had been added by the
spamassassin on the system that created the bounce. This included stuff
like "X-Spam-Score: ++++++++++++++" and "Subject: *** SPAM ***
whatever".

What would be the benefits of creating rules that fired on bounce
messages only (i.e. came from <>), and hit stuff like this. Are there
any reasons why giving a score of 10 when matching "Spam-Score: ++++++++"
on a bounce would cause a real bounce to get rejected?

Obviously not all bounces include info about the original message, but
this might help cut down some of them, maybe?

Any comments?

Thanks

Matthew


-- 
Matthew Newton <mc...@le.ac.uk>

UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom

Re: Bounces to forged sender addresses

Posted by Keith Ivey <kc...@cpcug.org>.

Matthew Newton wrote:

> What would be the benefits of creating rules that fired on bounce
> messages only (i.e. came from <>), and hit stuff like this. Are there
> any reasons why giving a score of 10 when matching "Spam-Score: ++++++++"
> on a bounce would cause a real bounce to get rejected?

Yes, if the real bounce contained those headers, which it might if 
SpamAssassin on the recipient's system misidentified a message as spam, 
which does occasionally happen, especially if people have added custom 
rules.

I have gotten such bounce messages, explained the problem to the remote 
mail administrator (messages about breast cancer being misidentified as 
being about breast enlargement, for example), and gotten the problem 
fixed.  If I had the sort of rule you're suggesting I wouldn't have 
known the messages were being rejected.

-- 
Keith C. Ivey <kc...@cpcug.org>
Washington, DC

Re: Bounces to forged sender addresses

Posted by Loren Wilton <lw...@earthlink.net>.

Look at Time Jackson's Bogus Virus Warning ruleset.  It is designed to catch
backscatter of this general sort.  Might not handle your exact case, but
worth a try.

        Loren