On Mon, 2008-11-03 at 15:57 +0100, Andy Spiegl wrote:
> Shouldn't the vbounce ruleset help here?

Yes, it does.

> I'm asking because me and my users have the same problem and I am
> currently considering giving the ANY_BOUNCE_MESSAGE a higher score
> but I am not sure yet whether it's a good idea or not.

It isn't. The question of "raising that score, treating bounces as spam,
and whether it works for others" has been answered a few times before.

General consensus is that backscatter is NOT spam. Everyone answering to
this question did not raise the score, but filters backscatter into a
dedicated mail folder. Treating them as spam is likely to poison your
Bayes DB. Moreover, as you seem to have noticed already, VBounce
identifies backscatter that does not contain the original spam.

VBounce is not intended to flag bounces as spam. It's purpose is to
identify and catch bounces. Hence the low score -- the only reason it
got a non-zero score is, because that would disable the rule. Please
check the archives for threads about the VBounce plugin or backscatter.

Now, here goes one of my favorite quotes, *yet* again:

$ grep -A 2 procmail /usr/share/spamassassin/20_vbounce.cf

# If you use this, set up procmail or your mail app to spot the
# "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move
# messages that match that to a 'vbounce' folder.

> How is your experience with vbounce? Is it safe enough?
> (the ML archives don't show too many complaints...)

It is reasonably safe and quite efficient. Catches a hell of a lot of
backscatter for me. However, please do note that I have seen it hitting
on legitimate mail, though very rare. Also, some out-of-office auto
responses [1] are just impossible to catch.

> Anyone out there who raised the score of ANY_BOUNCE_MESSAGE
> and did not drown in user complaints? :-)

According to my memory and the archives: No.


[1] And other auto responses. "This email address has been shut down due
to spam. Please use my new address..." Don't you love those?

char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}