> I personally have been putting in private procmail rules to scrape
> them off into a virus bounce folder.  But there are a lot of different
> patterns out there and I am only partially affective.

yes, I did also find an SA rule that will at least make sure the bounce was
sent in response to a message originating from your server.  the problem
here is that if you ever send mail from other places and ever bounce it,
this will catch it.

body BAD_BOUNCE /The original message was received at
(?!.{10,150}\[129\.116\.190\.)/
describe BAD_BOUNCE Message was bounced after being sent with forged from
score BAD_BOUNCE 20.0

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bob
Proulx
Sent: Wednesday, August 20, 2003 6:30 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] joe-jobs anyone?


Erick Calder wrote:
> I'm getting a bunch of mails from MAILER-DAEMONs around the world
> complaining mostly that [EMAIL PROTECTED] does not exist.
> these are generated by dictionary spammers who are using my e-mail address
> for the reply-to header.

Are you sure they are spammers?  I am getting hammered myself with
similar things.  But almost all of the mail I am getting are generated
by the SOBIG virus.  Perhaps what you are seeing is really the fallout
of that virus and not truly the work of spammers in this case.

Interesting how spammers are siblings to viruses.

> the complaints are legit so SA and even the Bayesian filter let them
> through... any suggestions out there? what are others doing about this?

I personally have been putting in private procmail rules to scrape
them off into a virus bounce folder.  But there are a lot of different
patterns out there and I am only partially affective.  The rest I have
been manually deleting.  Looking forward to this current surge of
virus hacks to subside.

Bob



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to