Sorry for previous mail, I accidentally hit send...

> On Sun, 2008-04-06 at 23:25 -0400, Jeff Koch wrote:
> > Thanks for the reply. I thought the purpose of adding the
> >
> > 'whitelist_bounce_relays'
> >
> > in was so that SA could assign a higher score to bounces that
> > never originated at your own mailserver. Thereby identifying return address
> > forgery.

On 07.04.08 12:17, Karsten Bräckelmann wrote:
> Actually quite the opposite. Rather than increasing a score, it is
> used to 'rescue' legitimate bounce messages. See the docs [1].

I don't think it's "opposite". I think he said the same as you - the
whitelist_bounce_relays identify bounces originating on own mailserver,
while the others, matching ANY_BOUNCE_MESSAGE indicate forgery.

> Basically, it serves two purposes: (a) Setting this option enables the
> VBounce plugin, and (b) it prevents legit bounces from being marked
> with the ANY_BOUNCE_MESSAGE and friends rules.

does whitelist_bounce_relays really turn on VBounce? Does that mean that
*BOUNCE* won't match when it's not set up?

> Of course, we can't stop you from assigning a custom, absurdly high
> score to ANY_BOUNCE_MESSAGE to abuse the existing score based filtering.

I guess score e.g. 1 is not absurdly high. Especially not when he uses
SPF/DKIM and his users send mail through his servers.

> However, the purpose of this plugin and the low default score is to not
> weigh in into classifying spam, but to provide a nice handler (see my
> previous post) to identify bounces and treat them specially.

However, this plugin can be easily used to detect backscatter and it's
probably what users will use it for.

Matus UHLAR - fantomas, ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.