Justin Mason wrote:
> Jeff Koch writes:
>
>> From what I've seen the VBounce ruleset catches ALL backscatter and does
>> not distinguish between legitimate bounce-backs and bounce-backs of emails
>> with forged return addresses - which basically makes it useless for
>> filtering out joe-jobs.
>>
>> VBounce should be matching the forged name of the orginating mailserver
>> against the IP address of the originating mailserver.
>>

>
> If you set whitelist_bounce_relays, that's exactly what it does.
>
>

....then I'm not getting it. I just forged an email from myself from an
Internet host separate from our work one, to a bogus recipient on a
Qmail server I own (where I turned off recipient checking). The server
accepting my forged email and generated a bounce. It went back into our
work network (where I have Vbounce enabled and whitelist_bounce_relays
set), and none of the BOUNCE vars triggered.

Running it through "spamassassin -D" shows vbounce loading and
__HAVE_BOUNCE_RELAYS triggered - but neither MY_SERVERS_FOUND,
VBOUNCE_MESSAGE nor ANY_BOUNCE_MESSAGE triggered.

Unless there's a bug (this is SA 3.2.4), I can't see how this will work
to detect forged mail causing bounces???

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1