Jason Haar wrote:
> So how do we fix this situation?
Peridoically there are a lot of bounces (especially to me and the
another sysadmin), but SA catches almost all of it.
What about getting SA to "detach" the
associated bounced message as a separate message and score that instead?
I do that with MIMEDefang here.
Wehenever a message is flagged with ANY_BOUNCE_MESSAGE by SA
(VBounce), the filter tries to extract the original message and
then run that through SA. The filter then uses the higher of the
two scores when deciding what to do with the message.
During my initial tests this did catch more bounce back spam, but
I haven't any numbers so I don't really know if it still has merit.
Besides this, bayes helps with some of the bounces, and I've just
added a rule that checks for messages that are flagged with
ANY_BOUNCE_MESSAGE *and* sent from a relay listed in
"backscatterer.org". I don't yet know if this rule will turn out
to be a good one or not.
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
