Jeff Koch writes: > From what I've seen the VBounce ruleset catches ALL backscatter and does > not distinguish between legitimate bounce-backs and bounce-backs of emails > with forged return addresses - which basically makes it useless for > filtering out joe-jobs. > > VBounce should be matching the forged name of the orginating mailserver > against the IP address of the originating mailserver.
If you set whitelist_bounce_relays, that's exactly what it does. > At 04:59 AM 4/11/2008, Justin Mason wrote: > > >Jason Haar writes: > > > I think we've detoured from the actual problem? > > > > > > The fact is that lots of spam is now being sent to other sites, > > > pretending to be from (collectively) our email addresses, so that we get > > > the bounces containing the spam. And SA isn't marking these messages as > > > spam, whereas if it was directly sent the same spam, it would. > > > > > > So how do we fix this situation? What about getting SA to "detach" the > > > associated bounced message as a separate message and score that instead? > > > I know I can casually just say that - doing is a different matter - but > > > isn't that really the only answer to this problem? > > > >There's no problem. SpamAssassin 3.2.x includes the VBounce ruleset which > >is expressly designed to catch backscatter -- and does a good job at it. > > > >If you have a backscatter problem, you need to start using that ruleset. > > > >--j. > > Best Regards, > > Jeff Koch, Intersessions
