On 2013-08-13 14:25, David F. Skoll wrote:
I'm seeing a fair bit of spam from the null return path. That is,
MAIL From:<> (or in the headers, Return-Path: <>). A lot of this
spam lacks any MIME headers (MIME-Version:, Content-Type:)
I've experimented with a rule that adds points in this situation; most
legitimate DSNs have a MIME-Version: header.
So would anyone care to test this:
meta DSN_NO_MIMEVERSION (__BOUNCE_RPATH_NULL && !__MIME_VERSION)
describe DSN_NO_MIMEVERSION Return-Path <> and no MIME-Version: header
score DSN_NO_MIMEVERSION 2
The rules __BOUNCE_RPATH_NULL and __MIME_VERSION come from
20_vbounce.cf and 20_head_tests.cf respectively and look like this:
header __BOUNCE_RPATH_NULL Return-Path =~ /<>/
header __MIME_VERSION exists:MIME-Version
I'm unable to test the exact rule as BATV has resolved my backscatter
problem completely. However, prior to implementing BATV, I experimented
with similar techniques with very high success rates.
I started off accepting BATV-failing messages and quarantining them, but
nobody ever missed them, so I started rejecting them, probably 3-4 years
ago.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
