bounced message spam - SpamAssassin

This is a discussion on bounced message spam - SpamAssassin ; hi, i'm getting a lot of bounced emails where a spammer is using my email in their return address The original message was received at Thu, 22 May 2008 09:01:04 -0500 from adsl-pool2-248.metrotel.net.co [190.1.176.248] (may be forged) ----- The following ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: bounced message spam

  1. bounced message spam



    hi, i'm getting a lot of bounced emails where a spammer is using my email in
    their return address

    The original message was received at Thu, 22 May 2008 09:01:04 -0500
    from adsl-pool2-248.metrotel.net.co [190.1.176.248] (may be forged)

    ----- The following addresses had permanent fatal errors -----

    (reason: 550 5.7.1 Requested action not taken: message refused)


    etc etc

    how do folks get round this issue? are there any rules around i could try?

    TIA
    --
    View this message in context: http://www.nabble.com/bounced-messag...p17445103.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  2. Re: bounced message spam


    ----- Original Message -----
    From: "smcbutler"
    To:
    Sent: Saturday, May 24, 2008 10:11 AM
    Subject: bounced message spam


    >
    >
    > hi, i'm getting a lot of bounced emails where a spammer is using my email in
    > their return address
    >
    > The original message was received at Thu, 22 May 2008 09:01:04 -0500
    > from adsl-pool2-248.metrotel.net.co [190.1.176.248] (may be forged)
    >
    > ----- The following addresses had permanent fatal errors -----
    >
    > (reason: 550 5.7.1 Requested action not taken: message refused)
    >
    >
    > etc etc
    >
    > how do folks get round this issue? are there any rules around i could try?
    >


    There is VBounce plugin, which can be activated in /etc/spamassassin/v320.pre, by uncommenting

    loadplugin Mail::SpamAssassin::Plugin::VBounce


    In addition to that, you have to declare your smarthost(s) in /etc/spamassassin/local.cf like this:

    whitelist_bounce_relays pena.fred.pp.fi
    whitelist_bounce_relays hurricane.fred.pp.fi
    whitelist_bounce_relays smtp.nblnetworks.fi
    whitelist_bounce_relays smtp-69.nebula.fi

    That should do it, what comes to SpamAssassin. Personally I don't trust it too much, and I have a custom rules for my maildrop to handle backscatter.


  3. Re: bounced message spam

    >>
    >> how do folks get round this issue? are there any rules around i could try?
    >>

    >
    >There is VBounce plugin, which can be activated in /etc/spamassassin/v320.pre, by uncommenting
    >
    > loadplugin Mail::SpamAssassin::Plugin::VBounce
    >


    It is also important to notice, that VBounce does not declare bounces as SPAM! It raises a rule of ANY_BOUNCE_MESSAGE, which can be used to move the messages to a "Bounce" directory or such.

    In my /etc/maildroprc is a record

    # SpamAssassin detected that this is a bounce of some kind.
    if ( /^X-Spam-Status.*ANY_BOUNCE_MESSAGE/ )
    {
    xfilter "reformail -a'X-Bounce: Yes '"
    }

    and later all "X-Bounce: Yes" items are directed to "Joe Job Bounces" folder.

    Maybe complicated out of context that X-Bounce, but the point is that

    Regexp: X-Spam-Status.*ANY_BOUNCE_MESSAGE

    --

    You have to deal that ANY_BOUNCE_MESSAGE, as SpamAssassin does not mark bounces as Spam (gets only 0.1 - 0.3 points) which is the right thing to do in my opinion.


+ Reply to Thread