> > ... from d57-77-98.home.cgocable.net (24.57.77.98) which is most
probably
> > an exploited Wintel box on an unfirewalled cable modem.
>
> Ahh, I begin to understand why my spamassassin config can't sort this out
> the way I have it set up.
>
> Under spamassassin 2.63 is ther a way to catch these? A pointer at what
part
> of the docs to read would be very helpful.
The problem is, that is in a sense a legit mail that you received. It just
happens to be the result of some other hunk of spam that wasn't even sent to
you.
The only header checks you could do would be to catch messages from
'postmaster', but this is glong to catch a lot more legit mail than spam.
So that isn't a good choice.
All the rest of this is in the body of the message. So some sort of body
rule woudl have to be written to catch the specific characteristics of a
bounced third party spam, as opposed to a message about a bounce of a
message that you really sent. I imagine it can be done, but it will be a
touchy set of rules, and it would have to be tailored specifically to your
case, it couldn't be a general rule I don't think.
Loren
