You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/02/07 13:22:21 UTC

Re: Joe jobbed - Daaaagh!

Steve [Spamassassin] writes:
> Larry Nedry wrote:
> > VBounce works very well for me.
> > <http://wiki.apache.org/spamassassin/VBounceRuleset>
> Thanks for this pointer... I've taken a look at this and installed it on 
> my Spamassassin 3.1 configuration.  I am, however, bemused about a 
> couple of details...
> 
> I understand that this plugin introduces two new tags:
> 
> (a)	BOUNCE_MESSAGE
> (b)	ANY_BOUNCE_MESSAGE
> 
> I'm not clear what is the intended difference in their meaning.

There are several more; 

MY_SERVERS_FOUND: a whitelisted relay a la "whitelist_bounce_relays" was
found

BOUNCE_MESSAGE: an MTA-generated bounce, "message was undeliverable" etc.

CRBOUNCE_MESSAGE: Challenge-response bounce message, eg. "please confirm your message was not spam"

VBOUNCE_MESSAGE: a virus-scanner-generated bounce, e.g. "You sent a virus"

ANY_BOUNCE_MESSAGE: any of the *BOUNCE_MESSAGE types


> Having read about the whitelist_bounce_relays, I thought that looked very neat... and I verified that every bounce message that I want to receive will mention in the headers (ellipsis => something-or-other) :-
> 
>     Received:
> from ... (...) by mail.mydomain.com (Postfix)...
> 
> So, I configured whitelist_bounce_relays to mail.mydomain.com.  
> Unfortunately, as far as I can tell, this has made no difference.  Both 
> bogus bounces and legitimate bounces (where I intentionally send a mail 
> message to a non-existent account on a remote server) are marked 
> identically with both BOUNCE_MESSAGE and ANY_BOUNCE_MESSAGE.... 
> Shouldn't the whitelisted bounce be marked differently?

This relay string should appear in the Received headers of the *bounced*
message, not of the *bounce* message.  in other words, the message
inside the bounce.  That's why you use it to list your own outbound MTAs.

--j.

> Still rather confused...
> 
> Steve

Re: Joe jobbed - Daaaagh!

Posted by "Steve [Spamassassin]" <sp...@shic.co.uk>.

Justin Mason wrote:
> There are several more; 
>
> MY_SERVERS_FOUND: a whitelisted relay a la "whitelist_bounce_relays" was
> found
> BOUNCE_MESSAGE: an MTA-generated bounce, "message was undeliverable" etc.
> CRBOUNCE_MESSAGE: Challenge-response bounce message, eg. "please confirm your message was not spam"
> VBOUNCE_MESSAGE: a virus-scanner-generated bounce, e.g. "You sent a virus"
> ANY_BOUNCE_MESSAGE: any of the *BOUNCE_MESSAGE types
>   
That lot look far more sensible... I don't get MY_SERVERS_FOUND... and I 
think I should for a mail I send to an invalid email address which 
generates the bounce.
>> Having read about the whitelist_bounce_relays, I thought that looked very neat... and I verified that every bounce message that I want to receive will mention in the headers (ellipsis => something-or-other) :-
>>
>>     Received:
>> from ... (...) by mail.mydomain.com (Postfix)...
>>
>> So, I configured whitelist_bounce_relays to mail.mydomain.com.  
>> Unfortunately, as far as I can tell, this has made no difference.  Both 
>> bogus bounces and legitimate bounces (where I intentionally send a mail 
>> message to a non-existent account on a remote server) are marked 
>> identically with both BOUNCE_MESSAGE and ANY_BOUNCE_MESSAGE.... 
>> Shouldn't the whitelisted bounce be marked differently?
>>     
> This relay string should appear in the Received headers of the *bounced*
> message, not of the *bounce* message.  in other words, the message
> inside the bounce.  That's why you use it to list your own outbound MTAs.
>   
I wasn't as clear as I could have been...  mail.mydomain.com is my SMTP 
server... and the "Received:" line above is included in the bounce 
message body... just as I would expect.  My problem appears to be that 
my own bounce messages aren't white-listed (to be marked with 
MY_SERVERS_FOUND) in spite of having:

    whitelist_bounce_relays mail.mydomain.com

in my local.cf; having verified the configuration syntax with 
"spamassassin --lint" and having re-started spamd...

hmmm....  Is the problem that the bounce message I receive is a 
multi-part mime message (with a copy of the mail I sent in the final 
part) or am I barking up the wrong tree?