On Mon, 1 Sep 2003, Dave Cross wrote:
> The biggest problem I'm currently having is bounces from spam
> that has fake addresses in my domains as the 'From:' header,
> so that's the problem I'm addressing first. I have a finite number
> of email addresses that I want to read email for and any email
> addressed to a different address will be filtered off to a different
> folder for later investigation.
I take a slightly different approach, which works and has as yet given 0
false positives. I use spamassassin.
1. Give mailer daemon bounces positive scores +0.5
2. Give a positive score to anything not to your primary address +0.5
3. Identify the headers that remote MTAs add to incoming spam that got
bounced. Score this relatively high. 1.50
4. Add a few rules to user_prefs for the really persistent people.
5. Make the body_8bit stuff score REALLY high 4.00 (most mailer daemon
bonuce spam is Russian)
If you want this SA config, just ask.
Now, we use procmail.
# Filter through sa.
:0fw
|/usr/local/perl580/bin/spamassassin
# For all spam
:0
* ^X-Spam-Status: Yes
{
# Filter out all the delivery failures from spoofed spam.
:0
* ^Subject:.*Returned
/dev/null
:0
* ^Subject:.*deliver
/dev/null
:0
* ^Subject:.*failure
/dev/null
# By now we've trapped 98% of the spam bounces, and we're left
# with a few.
:0:
spam
}
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/
