PS. Will setting up SPF on my domain name have any effect for things
like this? Will it discourage spammers from using my domain or reduce
the number of bounce messages I/we get?
Nick...
Nick Gilbert wrote:
Justin Mason wrote:
existing set: http://wiki.apache.org/spamassassin/VBounceRuleset
;)
Thanks!
One thing I'm not sure about - that module produces two rules. How
should I score the rules so that real bounces aren't rejected but the
fake ones are?
I presume I do it this way round:
score BOUNCE_MESSAGE 10
score ANY_BOUNCE_MESSAGE 0.1
I presume BOUNGE_MESSAGE is only true if the bounce is for a mail not
sent by me? If so, I'm surprised the rule name isn't
SPOOF_BOUNCE_MESSAGE or similar.
My mail server rejects messages with spam scores of 10 or above.
Nick...
Nick Gilbert writes:
Hi,
I've been trying to write some SA rules to reject bounce messages
which I did not send.
I've made a good start, but some bounce messages still get through
but I don't understand why.
The theory is that viruses and spammers don't seem to use my full
e-mail address [EMAIL PROTECTED] but change the username part of it
and send from an address [EMAIL PROTECTED] I would like to reject
all bounce messages which have arisen from mail sent from
[EMAIL PROTECTED] but NOT [EMAIL PROTECTED]
This works for about 50% of mail, but I think one serious problem is
that the line:
header __NICK_BOUNCE_REAL To =~ /[EMAIL PROTECTED]/i
...matches on the header:
X-MDaemon-Deliver-To: [EMAIL PROTECTED]
Which I'm pretty sure it shouldn't! Why does it think that header is
the same as a normal To header? Surely it's not scanning for headers
simply ending in "To"?
My rules are below for comment/improvement but please let me know if
there's a better way to do this or an existing set of working rules
somewhere.
Nick...
# ---------- BOUNCE DETECTION (stolen from
# bogus_virus_warnings.cf)---------
# General rule to indicate bounce or otherwise - used for some other
# rules
header __BOUNCE_HEADER X-Is-A-Bounce =~ /.+/
# This won't match for scanning done at SMTP time, at least with Exim
header __BOUNCE_RP1 Return-Path =~ /^<>$/
# NL says this is added by amavisd-new before passing to SA
header __BOUNCE_RP2 X-Return-Path =~ /^<>$/
# Mark Martinec says the above is incorrect, and it's X-Envelope-From
header __BOUNCE_RP3 X-Envelope-From =~ /^<>$/
meta __NULL_SENDER __BOUNCE_HEADER || __BOUNCE_RP1 ||
__BOUNCE_RP2 || __BOUNCE_RP3
# Thanks to AF
header __CT_DEL_STATUS Content-Type =~
/report-type=delivery-status/
meta __NICK_IS_A_BOUNCE __NULL_SENDER || __CT_DEL_STATUS
header __NICK_BOUNCE_REAL To =~ /[EMAIL PROTECTED]/i
header __NICK_TO_NOT_ME To =~ /[EMAIL PROTECTED]/i
meta NICK_SPOOF_BOUNCE (( __NICK_IS_A_BOUNCE && __NICK_TO_NOT_ME) &&
(!__NICK_BOUNCE_REAL))
score NICK_SPOOF_BOUNCE 10
describe NICK_SPOOF_BOUNCE "Attached bounce contains my address but
I never sent this!"
--
________________________________
Nick Gilbert, Software Developer
X-RM Limited, Winchester, UK
W: http://www.x-rm.com/
E: [EMAIL PROTECTED]
T: 01962 877237
F: 01962 842346
________________________________
