On Mon, 1 Sep 2003, Dave Cross wrote: > The biggest problem I'm currently having is bounces from spam > that has fake addresses in my domains as the 'From:' header, > so that's the problem I'm addressing first. I have a finite number > of email addresses that I want to read email for and any email > addressed to a different address will be filtered off to a different > folder for later investigation.
I take a slightly different approach, which works and has as yet given 0 false positives. I use spamassassin. 1. Give mailer daemon bounces positive scores +0.5 2. Give a positive score to anything not to your primary address +0.5 3. Identify the headers that remote MTAs add to incoming spam that got bounced. Score this relatively high. 1.50 4. Add a few rules to user_prefs for the really persistent people. 5. Make the body_8bit stuff score REALLY high 4.00 (most mailer daemon bonuce spam is Russian) If you want this SA config, just ask. Now, we use procmail. # Filter through sa. :0fw |/usr/local/perl580/bin/spamassassin # For all spam :0 * ^X-Spam-Status: Yes { # Filter out all the delivery failures from spoofed spam. :0 * ^Subject:.*Returned /dev/null :0 * ^Subject:.*deliver /dev/null :0 * ^Subject:.*failure /dev/null # By now we've trapped 98% of the spam bounces, and we're left # with a few. :0: spam } -- Shevek http://www.anarres.org/ I am the Borg. http://www.gothnicity.org/