https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6716
Bug #: 6716
Summary: SPOOF_COM2OTH and SPOOF_COM2COM misfire on legitimate
bounce
Product: Spamassassin
Version: 3.3.2
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Rules
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
A customer recently reported a mistagged bounce message that misfired on
SPOOF_COM2OTH and SPOOF_COM2COM.
The bounce message was in response to a message sent to [email protected],
and contained:
<[email protected]>: host google.com.s9b2.psmtp.com[74.125.148.14] said: 550
5.1.1 <[email protected]>... User unknown (in reply to RCPT TO command)
Any system relaying to a domain filtered by Postini, and attempting to contact
an address that does not exist, may generate bounce messages with a similar
remote hostname.
Suggested fixes: (Note, the \w+ could be made more specific but I don't have a
handy list of all possible *.psmtp.com cluster names.)
uri SPOOF_COM2OTH
m{^https?://(?:\w+\.)+?com\.(?!(?:[a-z]{2}\.)?(?:s3\.amazonaws|\w+\.psmtp)\.com)(?:\w+\.){2}}i
uri SPOOF_COM2COM
m{^https?://(?:\w+\.)+?com\.(?!(?:[a-z]{2}\.)?(?:s3\.amazonaws|\w+\.psmtp)\.com)(?:\w+\.)+?com\b}i
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
