You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/02/07 13:22:21 UTC
Re: Joe jobbed - Daaaagh!
Steve [Spamassassin] writes:
> Larry Nedry wrote:
> > VBounce works very well for me.
> > <http://wiki.apache.org/spamassassin/VBounceRuleset>
> Thanks for this pointer... I've taken a look at this and installed it on
> my Spamassassin 3.1 configuration. I am, however, bemused about a
> couple of details...
>
> I understand that this plugin introduces two new tags:
>
> (a) BOUNCE_MESSAGE
> (b) ANY_BOUNCE_MESSAGE
>
> I'm not clear what is the intended difference in their meaning.
There are several more;
MY_SERVERS_FOUND: a whitelisted relay a la "whitelist_bounce_relays" was
found
BOUNCE_MESSAGE: an MTA-generated bounce, "message was undeliverable" etc.
CRBOUNCE_MESSAGE: Challenge-response bounce message, eg. "please confirm your message was not spam"
VBOUNCE_MESSAGE: a virus-scanner-generated bounce, e.g. "You sent a virus"
ANY_BOUNCE_MESSAGE: any of the *BOUNCE_MESSAGE types
> Having read about the whitelist_bounce_relays, I thought that looked very neat... and I verified that every bounce message that I want to receive will mention in the headers (ellipsis => something-or-other) :-
>
> Received:
> from ... (...) by mail.mydomain.com (Postfix)...
>
> So, I configured whitelist_bounce_relays to mail.mydomain.com.
> Unfortunately, as far as I can tell, this has made no difference. Both
> bogus bounces and legitimate bounces (where I intentionally send a mail
> message to a non-existent account on a remote server) are marked
> identically with both BOUNCE_MESSAGE and ANY_BOUNCE_MESSAGE....
> Shouldn't the whitelisted bounce be marked differently?
This relay string should appear in the Received headers of the *bounced*
message, not of the *bounce* message. in other words, the message
inside the bounce. That's why you use it to list your own outbound MTAs.
--j.
> Still rather confused...
>
> Steve
Re: Joe jobbed - Daaaagh!
Posted by "Steve [Spamassassin]" <sp...@shic.co.uk>.
Justin Mason wrote:
> There are several more;
>
> MY_SERVERS_FOUND: a whitelisted relay a la "whitelist_bounce_relays" was
> found
> BOUNCE_MESSAGE: an MTA-generated bounce, "message was undeliverable" etc.
> CRBOUNCE_MESSAGE: Challenge-response bounce message, eg. "please confirm your message was not spam"
> VBOUNCE_MESSAGE: a virus-scanner-generated bounce, e.g. "You sent a virus"
> ANY_BOUNCE_MESSAGE: any of the *BOUNCE_MESSAGE types
>
That lot look far more sensible... I don't get MY_SERVERS_FOUND... and I
think I should for a mail I send to an invalid email address which
generates the bounce.
>> Having read about the whitelist_bounce_relays, I thought that looked very neat... and I verified that every bounce message that I want to receive will mention in the headers (ellipsis => something-or-other) :-
>>
>> Received:
>> from ... (...) by mail.mydomain.com (Postfix)...
>>
>> So, I configured whitelist_bounce_relays to mail.mydomain.com.
>> Unfortunately, as far as I can tell, this has made no difference. Both
>> bogus bounces and legitimate bounces (where I intentionally send a mail
>> message to a non-existent account on a remote server) are marked
>> identically with both BOUNCE_MESSAGE and ANY_BOUNCE_MESSAGE....
>> Shouldn't the whitelisted bounce be marked differently?
>>
> This relay string should appear in the Received headers of the *bounced*
> message, not of the *bounce* message. in other words, the message
> inside the bounce. That's why you use it to list your own outbound MTAs.
>
I wasn't as clear as I could have been... mail.mydomain.com is my SMTP
server... and the "Received:" line above is included in the bounce
message body... just as I would expect. My problem appears to be that
my own bounce messages aren't white-listed (to be marked with
MY_SERVERS_FOUND) in spite of having:
whitelist_bounce_relays mail.mydomain.com
in my local.cf; having verified the configuration syntax with
"spamassassin --lint" and having re-started spamd...
hmmm.... Is the problem that the bounce message I receive is a
multi-part mime message (with a copy of the mail I sent in the final
part) or am I barking up the wrong tree?