We've been getting massive amounts of backscatter spam, large amounts of
which is making it past SA. Most of it isn't making any real effort to
disguise the fact that it didn't originate from our outbound systems,
and I've been looking at the VBounce plugin to help stop it.
The plugin recommends that you don't score the various _BOUNCE rules
high, rather use part of your mail system to filter these messages and
quarantine them somewhere, undelivered. This seems rather dangerous to
me, and of dubious benefit compared to just giving these rules a
score... am I missing something?
Also - I seem to be seeing false positives in the logs (though I'm not
seeing the messages themselves) - email that seems to be from one legit
external address to a legit internal address.
Finally, I'm experiencing this bug:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5331, which causes
some legit bounces to be flagged.
Is anyone using VBounce in a large environment? How are you configuring
it to avoid flagging legit mail?
jonathan.
