spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Müller <rmuel...@thinxsolutions.com>
Subject Re: Trouble with VBounce
Date Thu, 15 May 2008 14:31:02 GMT
Hi,

just check Bug 5901, I had the same problems with googlemail bounces, 
there is no header rule within 20_vbounce.cf matching on them. I found 
the following, what I posted several days before:

+++++++++++++
After digging a little bit into this (I'm not a SA-expert), it showed 
that the body-rule " __HAVE_BOUNCE_RELAYS" is giving a "1", but often no 
header rule "__BOUNCE*" seems to give a hit.
One of the most likely rules to be IMHO true is the 
"__BOUNCE_FROM_DAEMON" one, but this one nearly never gives a hit. 
Looking at the regexp in this line, the "+" after the \S seems not to be 
correct from my point of view, I would suggest a "*" here, as it is in 
"__BOUNCE_RPATH_MD".
So for testing purposes I modified the line
old:
header __BOUNCE_FROM_DAEMON   From =~ 
/(?:(?:daemon|deamon|majordomo|postmaster|virus|scanner|devnull|automated-response|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S+\@|<>)/i


to new:
header __BOUNCE_FROM_DAEMON   From =~ 
/(?:(?:daemon|deamon|majordomo|postmaster|virus|scanner|devnull|automated-response|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S*\@|<>)/i

++++++++++++++

After that, those bounces were recognized, but also several FPs occured. 
In the meantime, I have modified the line this way:

header __BOUNCE_FROM_DAEMON   From =~ 
/(?:(?:mailer-(?:daemon|deamon)|majordomo|postmaster|virus|scanner|devnull|automated-response|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S*\@|<>)/i

Regards,
Robert


Erik Dasque schrieb:
> Ok, I think something is still wrong with my VBounce setup as a great 
> % of backscatter doesn't get tagged with "ANY_BOUNCE_MESSAGE".
>
> Could I request from a few people on the list to send me a sample 
> message attached as text which I can use "spamassassin -Lt < 
> sample-vbounce.txt" on to see if I get the right content analysis 
> (please send your content analysis of it).
>
> As a sample, I'll attach another message to this one which gave me the 
> following (but not ANY_BOUNCE_MESSAGE):
>
> *X-Spam-Report: * *  0.4 URI_HEX URI: URI hostname has long 
> hexadecimal sequence *  0.0 NUMERIC_HTTP_ADDR URI: Uses a numeric IP 
> address in URL * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 
> 1% *      [score: 0.0000] *  1.5 URIBL_SBL Contains an URL listed in 
> the SBL blocklist *      [URIs: veloxzone.com.br] *  1.0 AWL AWL: 
> From: address is in the auto white-list
>
>
>
> As you can see from the attachment this email contains the original 
> headers (but not the body) of the bouncing message. The Received: 
> fields of these headers contain none of my whitelisted servers. As a 
> result, I would expect VBounce to tag it with "ANY_BOUNCE_MESSAGE".
>
> My local.cf file, found in ~/.spamassassin contains the following 
> (should anything be in my user_prefs ?) :
>
> whitelist_bounce_relays smtp.onething.net
> whitelist_bounce_relays mail.anotherthing.com 
> whitelist_bounce_relays owa.otherserver.com
> whitelist_bounce_relays mail.otherserver.com
>
> Again, my spamassassin 2>&1 -D --lint | grep ounce gives me the following:
>
> [13492] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC
> [13492] dbg: config: fixed relative path: 
> /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf
> [13492] dbg: config: using 
> "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf" 
> for included file
> [13492] dbg: config: read file 
> /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf
>
> Thanks in advance,
>
> Erik 
>
>
> ------------------------------------------------------------------------
>
> Betreff:
> Delivery Status Notification (Delay)
> Von:
> Mail Delivery Subsystem <mailer-daemon@googlemail.com>
> Datum:
> Wed, 14 May 2008 09:51:40 -0700 (PDT)
> An:
> edasque@frenchguys.com
>
> An:
> edasque@frenchguys.com
>
>
> This is an automatically generated Delivery Status Notification
>
> THIS IS A WARNING MESSAGE ONLY.
>
> YOU DO NOT NEED TO RESEND YOUR MESSAGE.
>
> Delivery to the following recipient has been delayed:
>
>      ahalka@worldmag.com
>
> Message will be retried for 1 more day(s)
>
>    ----- Message header follows -----
>
> Received: by 10.141.88.3 with SMTP id q3mr3743149rvl.46.1210605546345;
>         Mon, 12 May 2008 08:19:06 -0700 (PDT)
> Return-Path: <edasque@frenchguys.com>
> Received: from 20178235020.user.veloxzone.com.br ([201.78.235.20])
>         by mx.google.com with ESMTP id f21si10936600rvb.0.2008.05.12.08.19.00;
>         Mon, 12 May 2008 08:19:06 -0700 (PDT)
> Received-SPF: neutral (google.com: 201.78.235.20 is neither permitted nor denied by best
guess record for domain of edasque@frenchguys.com) client-ip=201.78.235.20;
> Authentication-Results: mx.google.com; spf=neutral (google.com: 201.78.235.20 is neither
permitted nor denied by best guess record for domain of edasque@frenchguys.com) smtp.mail=edasque@frenchguys.com
> Message-ID: <000501c8b443$0565cfa7$382cf694@cdgxl>
> From: "dukey babak" <edasque@frenchguys.com>
> To: <ahalka@worldmag.com>
> Subject: Mother's day special discount prices 
> Date: Mon, 12 May 2008 13:31:29 +0000
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> 	boundary="----=_NextPart_000_0002_01C8B443.0563A481"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
>
>    ----- Message body suppressed -----
>
>   
>
> ------------------------------------------------------------------------
>


Mime
View raw message