Re: Ways to block bouncebacks?

Sun, 05 Apr 2009 06:12:32 -0700

Hmm, not sure why my Spamassassin isn't detecting it as spam then. How do I set Spamassassin to give me a full spam analysis header even when the message isn't detected as spam? As you can see it just gives me a 'X-Spam-Status: No, score=1.7'. 

Best regards,
Jeremy Morton (Jez)

mouss wrote:

Jeremy Morton a écrit :

[snip]
Examples of a couple of the type of bouncebacks I get:
http://www.game-point.net/misc/bb1.txt


This one is not a "conformant" bounce. but this doesn't matter. it is
detected as spam by SA:

Content analysis details:   (10.5 points, 5.0 required)

  pts rule name              description
---- ----------------------
--------------------------------------------------
  2.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                             [URIs: fm.interia.pl]
  0.0 MISSING_MID            Missing Message-Id: header
  1.0 COUNTRY_CN             Relayed via China
  3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers
  1.8 MIME_QP_LONG_LINE      RAW: Quoted-printable line longer than 76 chars
  2.5 MIME_CHARSET_FARAWAY   MIME character set indicates foreign language
  0.1 RDNS_NONE              Delivered to trusted network by a host with
no rDNS

if you get your lang settings ok, then the CHARSET rules above would
give 5.7 points, which is enough.


http://www.game-point.net/misc/bb2.txt


This one is a "conformant" bounce. the envelope sender is "null":
Return-path:<>

if you use BATV, then you could reject such mail since the envelope
recipient:

Envelope-to: ro...@game-point.net

is not tagged.

the message is detected as spam here:

Content analysis details:   (5.3 points, 5.0 required)

  pts rule name              description
---- ----------------------
--------------------------------------------------
  2.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                             [URIs: fm.interia.pl]
  0.0 MIME_BOUND_MANY_HEX    Spam tool pattern in MIME boundary
  0.5 COUNTRY_BR             Relayed via Brazil
  0.0 HTML_MESSAGE           BODY: HTML included in message
  2.6 INVALID_MSGID          Message-Id is not valid, according to RFC 2822
  0.1 BOUNCE_MESSAGE         MTA bounce message
  0.1 ANY_BOUNCE_MESSAGE     Message is some kind of bounce message

although it's less "obvious" than the other message.

note that here, the vbounce rules are triggered.


maybe I should add

meta BOUNCE_URI_BLACK   (URIBL_BLACK&&  ANY_BOUNCE_MESSAGE)

and score it a little high?

Reply via email to