Jeff Koch writes:
> From what I've seen the VBounce ruleset catches ALL backscatter and does
> not distinguish between legitimate bounce-backs and bounce-backs of emails
> with forged return addresses - which basically makes it useless for
> filtering out joe-jobs.
>
> VBounce should be matching the forged name of the orginating mailserver
> against the IP address of the originating mailserver.


If you set whitelist_bounce_relays, that's exactly what it does.


> At 04:59 AM 4/11/2008, Justin Mason wrote:
>
> >Jason Haar writes:
> > > I think we've detoured from the actual problem?
> > >
> > > The fact is that lots of spam is now being sent to other sites,
> > > pretending to be from (collectively) our email addresses, so that we get
> > > the bounces containing the spam. And SA isn't marking these messages as
> > > spam, whereas if it was directly sent the same spam, it would.
> > >
> > > So how do we fix this situation? What about getting SA to "detach" the
> > > associated bounced message as a separate message and score that instead?
> > > I know I can casually just say that - doing is a different matter - but
> > > isn't that really the only answer to this problem?

> >
> >There's no problem. SpamAssassin 3.2.x includes the VBounce ruleset which
> >is expressly designed to catch backscatter -- and does a good job at it.
> >
> >If you have a backscatter problem, you need to start using that ruleset.
> >
> >--j.

>
> Best Regards,
>
> Jeff Koch, Intersessions