On Tue, 2008-04-08 at 12:33 +0200, Matus UHLAR - fantomas wrote:
> Sorry for previous mail, I accidentally hit send...
>
> > On Sun, 2008-04-06 at 23:25 -0400, Jeff Koch wrote:
> > > Thanks for the reply. I thought the purpose of adding the
> > >
> > > 'whitelist_bounce_relays mailserver_name.com'
> > >
> > > in local.cf was so that SA could assign a higher score to bounces that
> > > never originated at your own mailserver. Thereby identifying return address
> > > forgery.

>
> On 07.04.08 12:17, Karsten Br├Ąckelmann wrote:
> > Actually quite the opposite. Rather than increasing a score, it is
> > used to 'rescue' legitimate bounce messages. See the docs [1].

>
> I don't think it's "opposite". I think he said the same as you - the
> whitelist_bounce_relays identify bounces originating on own mailserver,
> while the others, matching ANY_BOUNCE_MESSAGE indicate forgery.


Well, I stand to what I said. *shrug*

> > Basically, it serves two purposes: (a) Setting this option enables the
> > VBounce plugin, and (b) it prevents legit bounces from being marked
> > with the ANY_BOUNCE_MESSAGE and friends rules.

>
> does whitelist_bounce_relays really turn on VBounce? Does that mean that
> *BOUNCE* won't match when it's not set up?


Yes -- IIRC, no time to dig through the code again, today.

> > Of course, we can't stop you from assigning a custom, absurdly high
> > score to ANY_BOUNCE_MESSAGE to abuse the existing score based filtering.

>
> I guess score e.g. 1 is not absurdly high. Especially not when he uses
> SPF/DKIM and his users send mail through his servers.


Please read the context again. Neither me nor the OP mentioned setting a
score like 1. Actually, this thread started, because the assigned 0.2
"doesn't help much" in crossing the spam threshold. Neither does a score
of 1.

VBounce detects backscatter. And it does so, even without the original
spam attached. It does detect backscatter with a score of 0 or less,
too. (Coincidentally, the backscatter I get just raised dramatically a
few days ago.)

VBounce is not intended to raise the score anyway. It's the sole
triggering of these rules and thus flagging. NOT marking as spam, as I
explained earlier. A score of -1 would do just the same. The only reason
to set a score at all is, so SA does not skip these tests, as it would
do with a neutral score of 0.


> > However, the purpose of this plugin and the low default score is to not
> > weigh in into classifying spam, but to provide a nice handler (see my
> > previous post) to identify bounces and treat them specially.

>
> However, this plugin can be easily used to detect backscatter and it's
> probably what users will use it for.

^^^^^^
Exactly. *Detect* backscatter, not mark it as spam.

Moreover, it is an understatement to claim VBounce "can be easily used
to detect backscatter". That's its purpose. That is all it does.


Please see the most important part of the docs again, how VBounce is
intended and document to be used:

$ grep -A 2 procmail /usr/share/spamassassin/20_vbounce.cf

guenther


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}