Matt Kettler writes: > Justin Mason wrote: > > Matt Kettler writes: > > > >> .rp wrote: > >> > >>> One of the users (actually the boss) had the email address harvested and > >>> we got clobbered > >>> by backscatter. Looking at the emails of the various 'unable to deliver' > >>> type messages, I saw > >>> what these could be filtered on, but don't know how to write up and > >>> implement the rule > >>> outside of procmail. I don't want to use procmail for this since it I > >>> think it would be an > >>> expensive routine for procmail to run. > >>> > >>> In the body of the 'unable to deliver' message, the original message is > >>> quoted. One of the > >>> lines quoted is the Message-ID: header from the original. The format of > >>> this line is always > >>> wrong as it does not contain the FQDN that our server appends to the end > >>> of the hash > >>> number , following the '@' symbol . > >>> > >>> So, need a rule that would parse the "Message-ID:" in the body (or > >>> attachment) and not > >>> header, and look for the @FQDN > >>> Is this rule already out in the wild? > >>> > >>> > >> (note: your To: was the bogofilter list, but this appeared on > >> spamassassin-users as well.. It looks like you bcc'ed the SA list. > >> Anyway, I'm answering on the SA list because that's where I picked up > >> the message from) > >> > >> Not that I know of, but it would be fairly quick as a spamassassin rule. > >> > >> You'd likely need a meta of some sort. > >> > >> Theoretically, something like this should work. I'm leveraging some of > >> the stock ruleset here, by reusing BOUNCE_MESSAGE to detect if the > >> message really is a bounce, make sure it is in your ruleset. > >> > > > > Actually, that's overkill -- BOUNCE_MESSAGE _already_ does this. > > > > Whoops.. good point. I didn't read the code, I just saw the name and > assumed it did just what it says, and nothing more. > > So, really all .rp needs to do is enable the vbounce plugin (which is > loaded by default )
Yep. to enable it, just set "whitelist_bounce_relays" in the configuration or user prefs. --j.
