spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Müller <rmuel...@thinxsolutions.com>
Subject typo in 20_vbounce.cf?
Date Tue, 06 May 2008 22:01:02 GMT
Hi all,
as I'm facing raising amount of bounces on my mailserver in the last 2 
months, I tried to use the vbounce ruleset to identify the ones caused 
by UBE faking the sender address.
This was generally successful, but surprisingly there are a lot of 
UBE-bounces which are not recognized by vbounce.
After digging a little bit into this (I'm not a SA-expert), it showed 
that the body-rule " __HAVE_BOUNCE_RELAYS" is giving a "1", but often no 
header rule "__BOUNCE*" seems to give a hit.
One of the most likely rules to be IMHO true is the 
"__BOUNCE_FROM_DAEMON" one, but this one nearly never gives a hit. 
Looking at the regexp in this line, the "+" after the \S seems not to be 
correct from my point of view, I would suggest a "*" here, as it is in 
"__BOUNCE_RPATH_MD".
So for testing purposes I modified the line
old:
header __BOUNCE_FROM_DAEMON   From =~ 
/(?:(?:daemon|deamon|majordomo|postmaster|virus|scanner|devnull|automated-response|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S+\@|<>)/i

to new:
header __BOUNCE_FROM_DAEMON   From =~ 
/(?:(?:daemon|deamon|majordomo|postmaster|virus|scanner|devnull|automated-response|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S*\@|<>)/i

and now, also the bounces formerly not recognized are correctly identified.
Can someone confirm that this is a "typo"? Or have I misunderstood 
something?

THX,
Robert

Mime
View raw message