You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Arthur Dent <mi...@blueyonder.co.uk> on 2009/01/20 15:18:00 UTC
Setting up VBounce... ...correctly
Hello all,
Some time ago I had a nasty rash of backscatter so I installed and configured
the VBounce plugin. Coincidentally the backscatter stopped at the same time
and I haven't had much of a problem since. I kind of forgot about it - until
just now when I genuinely sent a message which bounced back to me. It got
caught with the ANY_BOUNCE_MESSAGE rule and was filtered (by procmail) into my
spam folder.
I have the following entry in my /etc/mail/spamassassin/local.cf file:
whitelist_bounce_relays *blueyonder.co.uk
but it was still caught. The instructions in the wiki say to use
whitelist_bounce_relays with the server you normally sent out mail from. I
remember at the time I set it up trying a few different permutations because
it seems that the outbound mail relay can be variations on the theme of
smtp-in2.blueyonder.co.uk (sometimes in1 sometimes in3 sometimes something
else altogether).
The (slightly sanitised) headers from the bounceback can be seen here:
http://pastebin.com/m3112eb51
How should I set up VBounce so that genuine bouncebacks get through but
backscatter is caught?
Thanks for your help...
AD
p.s.
I have also just discovered that notifications of submissions to the Fedora
bugzilla that I recently submitted also hit ANY_BOUNCE_MESSAGE. Why???
Re: Setting up VBounce... ...correctly
Posted by mouss <mo...@ml.netoyen.net>.
Karsten Bräckelmann a écrit :
> On Tue, 2009-01-20 at 15:29 +0000, Arthur Dent wrote:
>> On Tue, Jan 20, 2009 at 03:48:55PM +0100, Karsten Bräckelmann wrote:
>
>>> I explained it slightly more detailed in Bug 6008.
>>> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6008
>> Ahhh.. I see (er I think...)
>>
>> Tell me; when you reported that bugzilla was hitting ANY_BOUNCE_MESSAGE did it
>> hit ANY_BOUNCE_MESSAGE? ;) ...er... OK I'll shut up now...
>
> No. I didn't even notice that myself, but have been asked about it.
I did and it hit. I should have said so on the bug page...
I no more use vbounce rules (well, I enable them just to see the results
in headers). a long time ago, I posted a case where this hits a message
that is not a bounce at all (the body discussed a bounce). I didn't find
a simple way to differentiate betwenn such "bounce discussions" and
real bounces (unfortunately, many MTAs use non-standard formats, if they
use a format at all!).
> That's because I do *not* scan bugzilla mail for spam, but filter it out
> early.
>
> There's absolutely no reason to torture my SA with the bulk of bugzilla
> or mailing-list mail. Yes, I do a *lot* of both. They get delivered
> without being scanned by SA. And I highly recommend doing this.
>
> However, yes, of course, it *would* have hit ANY_BOUNCE_MESSAGE... ;)
>
> guenther
>
Re: Setting up VBounce... ...correctly
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2009-01-20 at 15:29 +0000, Arthur Dent wrote:
> On Tue, Jan 20, 2009 at 03:48:55PM +0100, Karsten Bräckelmann wrote:
> > I explained it slightly more detailed in Bug 6008.
> > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6008
>
> Ahhh.. I see (er I think...)
>
> Tell me; when you reported that bugzilla was hitting ANY_BOUNCE_MESSAGE did it
> hit ANY_BOUNCE_MESSAGE? ;) ...er... OK I'll shut up now...
No. I didn't even notice that myself, but have been asked about it.
That's because I do *not* scan bugzilla mail for spam, but filter it out
early.
There's absolutely no reason to torture my SA with the bulk of bugzilla
or mailing-list mail. Yes, I do a *lot* of both. They get delivered
without being scanned by SA. And I highly recommend doing this.
However, yes, of course, it *would* have hit ANY_BOUNCE_MESSAGE... ;)
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Setting up VBounce... ...correctly
Posted by Arthur Dent <mi...@blueyonder.co.uk>.
On Tue, Jan 20, 2009 at 03:48:55PM +0100, Karsten Bräckelmann wrote:
> On Tue, 2009-01-20 at 14:18 +0000, Arthur Dent wrote:
> > p.s.
> > I have also just discovered that notifications of submissions to the Fedora
> > bugzilla that I recently submitted also hit ANY_BOUNCE_MESSAGE. Why???
>
> Because this evaluates to true.
> __HAVE_BOUNCE_RELAYS && !__MY_SERVERS_FOUND && __BOUNCE_FROM_DAEMON
>
> I explained it slightly more detailed in Bug 6008.
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6008
>
Ahhh.. I see (er I think...)
Tell me; when you reported that bugzilla was hitting ANY_BOUNCE_MESSAGE did it
hit ANY_BOUNCE_MESSAGE? ;) ...er... OK I'll shut up now...
AD
p.s.
What about my configuration? Why did my genuine bounce get flagged? What
should I have in my local.cf?
Thanks again.
Re: Setting up VBounce... ...correctly
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2009-01-20 at 14:18 +0000, Arthur Dent wrote:
> p.s.
> I have also just discovered that notifications of submissions to the Fedora
> bugzilla that I recently submitted also hit ANY_BOUNCE_MESSAGE. Why???
Because this evaluates to true.
__HAVE_BOUNCE_RELAYS && !__MY_SERVERS_FOUND && __BOUNCE_FROM_DAEMON
I explained it slightly more detailed in Bug 6008.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6008
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}