On Thu, 8 May 2008, Justin Mason wrote:
Matt Kettler writes:
.rp wrote:
So, need a rule that would parse the "Message-ID:" in the body (or attachment)
and not
header, and look for the @FQDN
Is this rule already out in the wild?
You'd likely need a meta of some sort.
Theoretically, something like this should work. I'm leveraging some of
the stock ruleset here, by reusing BOUNCE_MESSAGE to detect if the
message really is a bounce, make sure it is in your ruleset.
Actually, that's overkill -- BOUNCE_MESSAGE _already_ does this.
the VBounce plugin is intended to catch backscatter -- bounces in response
to mail you didn't send -- so it'll ignore bounces in response to mail you
_did_ send, by parsing the bounced message's Received: headers and looking
for the mailserver's name in there.
Pardon my ignorance if I'm just not understanding this right, but my
impression is that there's a possibility that messages marked the
BOUNCE_MESSAGE could be legitimate bounces (just not bounces generated
by a whitelisted server). Certainly I've read plenty of people on
this list advise against raising the vbounce rule scores as a way to
combat this new wave of seemingly intentional bounce spam, but rather
to filter all the bounces off to a separate folder.
But, doesn't the existence of a Message ID in the text of the bounce
that has a bogus or malformed email address provide a stronger
indication that this is not a valid bounce? In which case, such email
could be scored higher, rather than just sent to a bounce folder,
which is really what many of us would rather be doing with these
messages?
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines | [EMAIL PROTECTED]
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
