On Fri, May 15, 2009 at 06:59:17PM -0400, Adam Katz wrote: > > score ANY_BOUNCE_MESSAGE 0.1 0.1 0.3 0.3 # def: 0.1 > score BOUNCE_MESSAGE 0.4 0.5 0.9 1.0 # def: 0.1 > score VBOUNCE_MESSAGE 0.4 0.5 0.9 1.0 # def: 0.1 > > header __VACATION Subject =~ > /\b(?:vacatio|away|out.of.offic|auto.?re|confirm)/i > # https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6008 > header __BUGZILLA_DAEMON From =~ /bugzilla/i > meta KHOP_BACKSCATTER !ALL_TRUSTED && !DKIM_VERIFIED && !__VACATION && > !__BUGZILLA_DAEMON && (BOUNCE_MESSAGE||VBOUNCE_MESSAGE) > describe KHOP_BACKSCATTER Misdirected bounce to a forged sender > address > score KHOP_BACKSCATTER 6.9 > > > I reject at 8.0 and mark at 5.0, so this pretty much kills all of my > company's backscatter. Anything that's DKIM_VERIFIED should have > admins responsive to SpamCop's spam reports.
It pretty much kills all legit null senders too (my amavis db is full of examples), which is what BOUNCE_MESSAGE naively assumes to be bounces. Just something to remember.
