> I personally have been putting in private procmail rules to scrape > them off into a virus bounce folder. But there are a lot of different > patterns out there and I am only partially affective.
yes, I did also find an SA rule that will at least make sure the bounce was sent in response to a message originating from your server. the problem here is that if you ever send mail from other places and ever bounce it, this will catch it. body BAD_BOUNCE /The original message was received at (?!.{10,150}\[129\.116\.190\.)/ describe BAD_BOUNCE Message was bounced after being sent with forged from score BAD_BOUNCE 20.0 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bob Proulx Sent: Wednesday, August 20, 2003 6:30 PM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] joe-jobs anyone? Erick Calder wrote: > I'm getting a bunch of mails from MAILER-DAEMONs around the world > complaining mostly that [EMAIL PROTECTED] does not exist. > these are generated by dictionary spammers who are using my e-mail address > for the reply-to header. Are you sure they are spammers? I am getting hammered myself with similar things. But almost all of the mail I am getting are generated by the SOBIG virus. Perhaps what you are seeing is really the fallout of that virus and not truly the work of spammers in this case. Interesting how spammers are siblings to viruses. > the complaints are legit so SA and even the Bayesian filter let them > through... any suggestions out there? what are others doing about this? I personally have been putting in private procmail rules to scrape them off into a virus bounce folder. But there are a lot of different patterns out there and I am only partially affective. The rest I have been manually deleting. Looking forward to this current surge of virus hacks to subside. Bob ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk