You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matthew Newton <mc...@leicester.ac.uk> on 2005/05/11 13:05:27 UTC
Bounces to forged sender addresses
Hi all
I have had reports of someone here having been sent a lot of bounced
messages because their e-mail address has been forged in spam. I know
that this is unavoidable, and that there isn't a lot we can do about it,
but having looked at the sample mail had a slight idea.
The bounce message in this instance contained the actual spam (at least,
cut down headers as displayed by the e-mail client, and the plain text).
In the spam's headers were things that had been added by the
spamassassin on the system that created the bounce. This included stuff
like "X-Spam-Score: ++++++++++++++" and "Subject: *** SPAM ***
whatever".
What would be the benefits of creating rules that fired on bounce
messages only (i.e. came from <>), and hit stuff like this. Are there
any reasons why giving a score of 10 when matching "Spam-Score: ++++++++"
on a bounce would cause a real bounce to get rejected?
Obviously not all bounces include info about the original message, but
this might help cut down some of them, maybe?
Any comments?
Thanks
Matthew
--
Matthew Newton <mc...@le.ac.uk>
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
Re: Bounces to forged sender addresses
Posted by Keith Ivey <kc...@cpcug.org>.
Matthew Newton wrote:
> What would be the benefits of creating rules that fired on bounce
> messages only (i.e. came from <>), and hit stuff like this. Are there
> any reasons why giving a score of 10 when matching "Spam-Score: ++++++++"
> on a bounce would cause a real bounce to get rejected?
Yes, if the real bounce contained those headers, which it might if
SpamAssassin on the recipient's system misidentified a message as spam,
which does occasionally happen, especially if people have added custom
rules.
I have gotten such bounce messages, explained the problem to the remote
mail administrator (messages about breast cancer being misidentified as
being about breast enlargement, for example), and gotten the problem
fixed. If I had the sort of rule you're suggesting I wouldn't have
known the messages were being rejected.
--
Keith C. Ivey <kc...@cpcug.org>
Washington, DC
Re: Bounces to forged sender addresses
Posted by Loren Wilton <lw...@earthlink.net>.
Look at Time Jackson's Bogus Virus Warning ruleset. It is designed to catch
backscatter of this general sort. Might not handle your exact case, but
worth a try.
Loren