On Sun, 2008-04-06 at 23:25 -0400, Jeff Koch wrote:
> Thanks for the reply. I thought the purpose of adding the
> 'whitelist_bounce_relays mailserver_name.com'
> in local.cf was so that SA could assign a higher score to bounces that
> never originated at your own mailserver. Thereby identifying return address
> forgery.

Actually quite the opposite. Rather than increasing a score, it is
used to 'rescue' legitimate bounce messages. See the docs [1].

Basically, it serves two purposes: (a) Setting this option enables the
VBounce plugin, and (b) it prevents legit bounces from being marked
with the ANY_BOUNCE_MESSAGE and friends rules.

Of course, we can't stop you from assigning a custom, absurdly high
score to ANY_BOUNCE_MESSAGE to abuse the existing score based filtering.
However, the purpose of this plugin and the low default score is to not
weigh in into classifying spam, but to provide a nice handler (see my
previous post) to identify bounces and treat them specially.


[1] http://spamassassin.apache.org/full/...n_VBounce.html

char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}