On Friday 14 May 2004 14:40, Duncan Hill might have typed: > On Friday 14 May 2004 14:30, Mark London might have typed: > > I found a way for spam to be sent to someone, even if the spam rating is > > high. > > > > If a spammer sends a message with a FROM address that contains a real > > local address, like [EMAIL PROTECTED], and then sends it TO a fake local > > address, like [EMAIL PROTECTED], even though the original message is sent > > through spamassassin, the BOUNCED message is not, since it's delivered > > locally back to [EMAIL PROTECTED] The user gets the bounced message, > > with a warning > > Why are you accepting mail for a non-existent user at your border gateway? > > Spammy connects, says HELO, says MAIL FROM your valid user, RCPT TO your > invalid user. You should tell spammy to go jump off a cliff at this point.
To follow this up, and make sure my brain is actually in gear: The 5xx code is then returned to spammy's mail client. Said clients don't usually try to generate a bounce notification. If they do, they'll come back to your gateway as from <>, to $real_user and should pass through your spam filters.
