 |
| Prev-20 | Home | Next-20 |
| Trouble with VBounce | |
| \ Erik Dasque (12 May 2008) | |
| . \ Erik Dasque (13 May 2008) | |
| . . \ Erik Dasque (13 May 2008) | |
| . . . \ Luis Hernán Otegui (13 May 2008) | |
| . . . . \ Karsten Bräckelmann (13 May 2008) | |
| . . . . . \ Erik Dasque (13 May 2008) | |
| . . . . . . \ Erik Dasque (15 May 2008) | |
| . . . . . . . \ Robert Müller (15 May 2008) | |
| . . . . . \ Luis Hernán Otegui (13 May 2008) | |
| . . \ (Justin Mason) (13 May 2008) | |
| Prev-20 | Home | Next-20 |
| Prev- | Prev- | Spamassassin- | May- | Next- | Next- |
| Subject: | Re: Trouble with VBounce |
| Group: | Spamassassin-users |
| From: | Robert Müller |
| Date: | 15 May 2008 |
just check Bug 5901, I had the same problems with googlemail bounces,
there is no header rule within 20_vbounce.cf matching on them. I found
the following, what I posted several days before:
+++++++++++++
After digging a little bit into this (I'm not a SA-expert), it showed
that the body-rule " __HAVE_BOUNCE_RELAYS" is giving a "1", but often no
header rule "__BOUNCE*" seems to give a hit.
One of the most likely rules to be IMHO true is the
"__BOUNCE_FROM_DAEMON" one, but this one nearly never gives a hit.
Looking at the regexp in this line, the "+" after the \S seems not to be
correct from my point of view, I would suggest a "*" here, as it is in
"__BOUNCE_RPATH_MD".
So for testing purposes I modified the line
old:
header __BOUNCE_FROM_DAEMON From =~
/(?:(?:daemon|deamon|majordomo|postmaster|virus|scanner|devnull|automated-respon se|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S+\@|<>) /i
to new:
header __BOUNCE_FROM_DAEMON From =~
/(?:(?:daemon|deamon|majordomo|postmaster|virus|scanner|devnull|automated-respon se|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S*\@|<>) /i
++++++++++++++
After that, those bounces were recognized, but also several FPs occured.
In the meantime, I have modified the line this way:
header __BOUNCE_FROM_DAEMON From =~
/(?:(?:mailer-(?:daemon|deamon)|majordomo|postmaster|virus|scanner|devnull|autom ated-response|SMTP.gateway|mailadmin|mailmaster|surfcontrol|You_Got_Spammed)\S*\ @|<>)/i
Regards,
Robert
Erik Dasque schrieb:
> Ok, I think something is still wrong with my VBounce setup as a great
> % of backscatter doesn't get tagged with "ANY_BOUNCE_MESSAGE".
>
> Could I request from a few people on the list to send me a sample
> message attached as text which I can use "spamassassin -Lt <
> sample-vbounce.txt" on to see if I get the right content analysis
> (please send your content analysis of it).
>
> As a sample, I'll attach another message to this one which gave me the
> following (but not ANY_BOUNCE_MESSAGE):
>
> *X-Spam-Report: * * 0.4 URI_HEX URI: URI hostname has long
> hexadecimal sequence * 0.0 NUMERIC_HTTP_ADDR URI: Uses a numeric IP
> address in URL * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to
> 1% * [score: 0.0000] * 1.5 URIBL_SBL Contains an URL listed in
> the SBL blocklist * [URIs: veloxzone.com.br] * 1.0 AWL AWL:
> From: address is in the auto white-list
>
>
>
> As you can see from the attachment this email contains the original
> headers (but not the body) of the bouncing message. The Received:
> fields of these headers contain none of my whitelisted servers. As a
> result, I would expect VBounce to tag it with "ANY_BOUNCE_MESSAGE".
>
> My local.cf file, found in ~/.spamassassin contains the following
> (should anything be in my user_prefs ?) :
>
> whitelist_bounce_relays smtp.onething.net
> whitelist_bounce_relays mail.anotherthing.com
> whitelist_bounce_relays owa.otherserver.com
> whitelist_bounce_relays mail.otherserver.com
>
> Again, my spamassassin 2>&1 -D --lint | grep ounce gives me the following:
>
> [13492] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC
> [13492] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf
> [13492] dbg: config: using
> "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf"
> for included file
> [13492] dbg: config: read file
> /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf
>
> Thanks in advance,
>
> Erik
>
>
> ------------------------------------------------------------------------
>
> Betreff:
> Delivery Status Notification (Delay)
> Von:
> Mail Delivery Subsystem <mailer-daemon>
> Datum:
> Wed, 14 May 2008 09:51:40 -0700 (PDT)
> An:
> edasque
>
> An:
> edasque
>
>
> This is an automatically generated Delivery Status Notification
>
> THIS IS A WARNING MESSAGE ONLY.
>
> YOU DO NOT NEED TO RESEND YOUR MESSAGE.
>
> Delivery to the following recipient has been delayed:
>
> ahalka
>
> Message will be retried for 1 more day(s)
>
> ----- Message header follows -----
>
> Received: by 10.141.88.3 with SMTP id q3mr3743149rvl.46.1210605546345;
> Mon, 12 May 2008 08:19:06 -0700 (PDT)
> Return-Path: <edasque>
> Received: from 20178235020.user.veloxzone.com.br ([201.78.235.20])
> by mx.google.com with ESMTP id f21si10936600rvb.0.2008.05.12.08.19.00;
> Mon, 12 May 2008 08:19:06 -0700 (PDT)
> Received-SPF: neutral (google.com: 201.78.235.20 is neither permitted nor denied by best guess record for domain of edasque) client-ip=201.78.235.20;
> Authentication-Results: mx.google.com; spf=neutral (google.com: 201.78.235.20 is neither permitted nor denied by best guess record for domain of edasque) smtp.mail=edasque
> Message-ID: <000501c8b443$0565cfa7$382cf694@cdgxl>
> From: "dukey babak" <edasque>
> To: <ahalka>
> Subject: Mother's day special discount prices
> Date: Mon, 12 May 2008 13:31:29 +0000
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0002_01C8B443.0563A481"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
>
> ----- Message body suppressed -----
>
>
>
> ------------------------------------------------------------------------
>
| Prev- | Prev- | Spamassassin- | May- | Next- | Next- |