You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Arthur Dent <mi...@blueyonder.co.uk> on 2009/01/20 15:18:00 UTC

Setting up VBounce... ...correctly

Hello all,

Some time ago I had a nasty rash of backscatter so I installed and configured
the VBounce plugin. Coincidentally the backscatter stopped at the same time
and I haven't had much of a problem since. I kind of forgot about it - until
just now when I genuinely sent a message which bounced back to me. It got
caught with the ANY_BOUNCE_MESSAGE rule and was filtered (by procmail) into my
spam folder.

I have the following entry in my /etc/mail/spamassassin/local.cf file:

whitelist_bounce_relays *blueyonder.co.uk

but it was still caught. The instructions in the wiki say to use
whitelist_bounce_relays with the server you normally sent out mail from. I
remember at the time I set it up trying a few different permutations because
it seems that the outbound mail relay can be variations on the theme of
smtp-in2.blueyonder.co.uk (sometimes in1 sometimes in3 sometimes something
else altogether).

The (slightly sanitised) headers from the bounceback can be seen here:
http://pastebin.com/m3112eb51

How should I set up VBounce so that genuine bouncebacks get through but
backscatter is caught?

Thanks for your help...

AD

p.s.
I have also just discovered that notifications of submissions to the Fedora
bugzilla that I recently submitted also hit ANY_BOUNCE_MESSAGE. Why???

Re: Setting up VBounce... ...correctly

Posted by mouss <mo...@ml.netoyen.net>.

Karsten Bräckelmann a écrit :
> On Tue, 2009-01-20 at 15:29 +0000, Arthur Dent wrote:
>> On Tue, Jan 20, 2009 at 03:48:55PM +0100, Karsten Bräckelmann wrote:
> 
>>> I explained it slightly more detailed in Bug 6008.
>>>   https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6008
>> Ahhh.. I see (er I think...)
>>
>> Tell me; when you reported that bugzilla was hitting ANY_BOUNCE_MESSAGE did it
>> hit ANY_BOUNCE_MESSAGE? ;) ...er... OK I'll shut up now...
> 
> No. I didn't even notice that myself, but have been asked about it.

I did and it hit. I should have said so on the bug page...

I no more use vbounce rules (well, I enable them just to see the results
in headers). a long time ago, I posted a case where this hits a message
that is not a bounce at all (the body discussed a bounce). I didn't find
a simple way to differentiate betwenn such "bounce discussions" and
real bounces (unfortunately, many MTAs use non-standard formats, if they
use a format at all!).

> That's because I do *not* scan bugzilla mail for spam, but filter it out
> early.
> 
> There's absolutely no reason to torture my SA with the bulk of bugzilla
> or mailing-list mail. Yes, I do a *lot* of both. They get delivered
> without being scanned by SA. And I highly recommend doing this.
> 
> However, yes, of course, it *would* have hit ANY_BOUNCE_MESSAGE... ;)
> 
>   guenther
>

Re: Setting up VBounce... ...correctly

Posted by Karsten Bräckelmann <gu...@rudersport.de>.

On Tue, 2009-01-20 at 15:29 +0000, Arthur Dent wrote:
> On Tue, Jan 20, 2009 at 03:48:55PM +0100, Karsten Bräckelmann wrote:

> > I explained it slightly more detailed in Bug 6008.
> >   https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6008
> 
> Ahhh.. I see (er I think...)
> 
> Tell me; when you reported that bugzilla was hitting ANY_BOUNCE_MESSAGE did it
> hit ANY_BOUNCE_MESSAGE? ;) ...er... OK I'll shut up now...

No. I didn't even notice that myself, but have been asked about it.
That's because I do *not* scan bugzilla mail for spam, but filter it out
early.

There's absolutely no reason to torture my SA with the bulk of bugzilla
or mailing-list mail. Yes, I do a *lot* of both. They get delivered
without being scanned by SA. And I highly recommend doing this.

However, yes, of course, it *would* have hit ANY_BOUNCE_MESSAGE... ;)

  guenther

-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Setting up VBounce... ...correctly

Posted by Arthur Dent <mi...@blueyonder.co.uk>.

On Tue, Jan 20, 2009 at 03:48:55PM +0100, Karsten Bräckelmann wrote:
> On Tue, 2009-01-20 at 14:18 +0000, Arthur Dent wrote:
> > p.s.
> > I have also just discovered that notifications of submissions to the Fedora
> > bugzilla that I recently submitted also hit ANY_BOUNCE_MESSAGE. Why???
> 
> Because this evaluates to true.
>   __HAVE_BOUNCE_RELAYS && !__MY_SERVERS_FOUND && __BOUNCE_FROM_DAEMON
> 
> I explained it slightly more detailed in Bug 6008.
>   https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6008
> 
Ahhh.. I see (er I think...)

Tell me; when you reported that bugzilla was hitting ANY_BOUNCE_MESSAGE did it
hit ANY_BOUNCE_MESSAGE? ;) ...er... OK I'll shut up now...

AD

p.s.

What about my configuration? Why did my genuine bounce get flagged? What
should I have in my local.cf?

Thanks again.

Re: Setting up VBounce... ...correctly

Posted by Karsten Bräckelmann <gu...@rudersport.de>.

On Tue, 2009-01-20 at 14:18 +0000, Arthur Dent wrote:
> p.s.
> I have also just discovered that notifications of submissions to the Fedora
> bugzilla that I recently submitted also hit ANY_BOUNCE_MESSAGE. Why???

Because this evaluates to true.
  __HAVE_BOUNCE_RELAYS && !__MY_SERVERS_FOUND && __BOUNCE_FROM_DAEMON

I explained it slightly more detailed in Bug 6008.
  https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6008

-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}