Hi, On Sun, Apr 30, 2017 at 7:17 AM, Martin Gregorie <mar...@gregorie.org> wrote: > On Sat, 2017-04-29 at 20:57 -0400, Alex wrote: >> Hi, >> >> I'm having a problem with bounce messages being tagged as spam. What >> is the proper way to handle legitimate bounce messages these days? Is >> it safe to bypass scanning DSN bounce messages and route them >> directly >> with postfix? >> >> I've created some rules over the years which attempt to identify >> spoofed bounce messages (mailer-daemon@...), but the rule hit this >> message when it shouldn't have. >> >> We have a mail system that allows user forwarding. The user with an >> account on our system sent a message from their gmail address >> (bfg38...@gmail.com) with the envelope-from being the account on our >> system (38...@example.com). The DSN was sent back to the 38137 user, >> where spamassassin tagged it as spam incorrectly. >> >> https://pastebin.com/HBTx7Cqw >> >> I realize this is convoluted, and forwarding is problematic for many >> reasons. That's a separate issue. I'm trying to figure out how I can >> better configure bounce message management on my system in general, >> particularly as it relates to preventing legitimate messages from >> being marked as spam. >> >> Is the solution here to use the whitelist_bounce_relays? Or does it >> not apply here since the mail originated at gmail? >> > I use a homegrown meta rule that seems fairly reliable. > It triggers if: > > - the recipient isn't one of my published domains OR > the Message_ID doesn't include one of my domains OR > the message includes "Please enable images" > > AND > > - the message includes any one from a list of subjects saying the > message wasn't deliverable
It sounds like you're saying you're adding points to bounce emails that don't originate from email sent by your system? The 20_vbounce file already has a ton of rules relating to subjects saying the message wasn't deliverable. This is for bounce management for emails from foreign systems. I don't think that is what's happening here. Unless I'm misunderstanding your comment... I'm seeing far too many legitimate bounces being tagged as spam because they are hitting stock SA rules, including bayes50 and URI_PHISH, which is a really involved rule, and almost assuredly is a FP here.
