My problem is that despite the fact that VBounce is enabled very few
of the backscatter gets trapped (5% ?).
Even messages that include the headers of the original message such as
the following don't get trapped (I thought VBounce was able to analyze
included headers to look for the SMTP white listing. So VBounce cannot
do anything if the headers from the joe-jobbing message are not
included. What of the message that I just included, while it doesn't
contain the body of the message, it includes headers from the original
message that should tell VBounce it wasn't sent from one of my SMTP
servers, right ? :
Final-Recipient: rfc822; [EMAIL PROTECTED]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=02133-01-112
Last-Attempt-Date: Tue, 13 May 2008 09:56:07 -0400 (EDT)
Received: from 79.131.82.115 (localhost [127.0.0.1])
by relay.u-s-c-co.com (Spam Firewall) with ESMTP id 83CEB15F4FE
for <[EMAIL PROTECTED]>; Tue, 13 May 2008 09:56:05 -0400 (EDT)
Received: from 79.131.82.115 ([79.131.82.115]) by relay.u-s-c-co.com
with ESMTP id K81IVHFwdqDLBFGh for <[EMAIL PROTECTED]>; Tue, 13 May
2008 09:56:05 -0400 (EDT)
Message-ID: <[EMAIL PROTECTED]>
From: "hussein anil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: million selections
Date: Tue, 13 May 2008 12:09:15 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C8B501.0491D065"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
On May 13, 2008, at 10:26 AM, Karsten Bräckelmann wrote:
Yup. Did you whitelist your servers? If you don't do it, SA doesn't
know how to tell a legit bounce from UBE-generated bounces.
You should have something like
whitelist_bounce_relays my.server.name other.server.name
in your local.cf.
True, and the OP did. He included another header snipped, showing
ANY_BOUNCE_MESSAGE hitting.
Then you'll start to notice how bounce notifications start to get
tagged as spam.
This is not true, however. VBounce will add a mere 0.1 or 0.2 to the
score, which hardly can be seen as "tagging as spam". The purpose of
VBounce is to *identify* backscatter. Not to treat it as spam. Please,
let me re-iterate what I have posted in here a bunch of times
already... :)
$ grep -A 2 procmail /usr/share/spamassassin/20_vbounce.cf
# If you use this, set up procmail or your mail app to spot the
# "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move
# messages that match that to a 'vbounce' folder.
guenther
--
char *t="[EMAIL PROTECTED]
\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i
%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h])
{ putchar(t[s]);h=m;s=0; }}}
