Hello Karsten:

Thanks for the reply. I thought the purpose of adding the

'whitelist_bounce_relays mailserver_name.com'

in local.cf was so that SA could assign a higher score to bounces that=20
never originated at your own mailserver. Thereby identifying return address=
=20
forgery.


At 02:04 PM 4/6/2008, Karsten Br=E4ckelmann wrote:
>On Sun, 2008-04-06 at 13:19 -0400, Jeff Koch wrote:
> > Maybe I'm doing something wrong but the bounces we receive are getting
> > extremely low scores. My understanding was that by enabling VBounce in=

the
> > V3.2.4 config's and by adding:
> >
> > whitelist_bounce_relays mailserver_name.com
> >
> > we would have a shot at filtering out bounces. Instead we are seeing=

very
> > low bounces scores:

>
>The goal of VBounce is to *identify* and spot backscatter, not to flag
>it as spam. Actually, IIRC it's stated intention is, to treat back-
>scatter differently from spam, because (strictly) it is not.
>
> > * 0.1 BOUNCE_MESSAGE MTA bounce message
> > * 0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce=

message
> >
> > A scoring of 0.2 does little. Here's the full header. If anyone can help
> > explain what we're doing wrong or should change I'd appreciate it.

>
>$ grep -A 2 procmail /usr/share/spamassassin/20_vbounce.cf
>
># If you use this, set up procmail or your mail app to spot the
># "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move
># messages that match that to a 'vbounce' folder.
>
> guenther
>
>
>--
>char=

*t=3D"\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
>main(){ char h,m=3Dh=3D*t++,*x=3Dt+2*h,c,i,l=3D*x,s=3D0; for (i=3D0;i
){ i%8? c<<=3D1:
>(c=3D*++x); c&128 && (s+=3Dh); if (!(h>>=3D1)||!t[s+h]){=

putchar(t[s]);h=3Dm;s=3D0; }}}

Best Regards,

Jeff Koch, Intersessions=20