On Fri, 2009-05-15 at 16:40 -0400, Bowie Bailey wrote:
> Karsten Bräckelmann wrote:
> > The VBounce plugin does *not* check the messages headers. Instead, it
> > has a look at the plain text body and any message/* MIME attachments.
> >
> > If it finds your own, whitelisted SMTP relay in there, it is not a
> > backscatter bounce. The original message passed through your servers.
> > If, however, your relays are not in there, the original, bounced message
> > is a forgery, not sent via your relays.
> >
> >
> > Looking at the received messages actual headers will always show your
> > SMTP servers -- your MX, the inbound one. Which often is the same as the
> > outbound one, unless you got a dedicated server.
>
> Ok. There may be bit of confusion regarding what VBounce is looking
> for, but the problem remains. *All* bounces, regardless of the source
> receive a hit from BOUNCE_MESSAGE.
>
> This is from the *body* of one of the bounce emails:
What about a real sample? Would be best, if you also can provide a list
of all rules and double-underscore sub-rules hit.
> Received: from bucmail.buc.com ([172.16.17.38])
> by bnofimage1.buc.com (SAVSMTP 3.1.0.29) with SMTP id M2009051412220217145
> for <testb...@kljsdafjlks.com>; Thu, 14 May 2009 12:22:02 -0400
> Received: from [172.16.3.237] ([::ffff:172.16.3.237])
> by bucmail.buc.com with esmtp; Thu, 14 May 2009 12:22:01 -0400
> id 000F008D.4A0C4529.000071B4
>
> bucmail.buc.com and bnofimage1.buc.com are *both* whitelisted relays,
> but it was still tagged.
>
> Can someone explain exactly where vbounce expects to find the
> whitelisted relays?
Didn't I just do that? :) See the first paragraph in this post.
If you want more details, check the eval rule __MY_SERVERS_FOUND, and in
particular the comments in that function in VBounce.pm. This is what's
being used to exempt a message with your own relays from triggering any
of the ANY_BOUNCE_MESSAGE sub-rules.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
