Are you guys also getting ridiculous amounts of fake bounce spam as of recently ?
You will only be concerned if your are using a catch-all address for your domain.
For me, it started 3 days ago, and has been growing exponentially. Today I already got almost 50 of it. Most of it got caught by my Spamfilter (Spamassassin), but not all. So I had to do something about it.
I wrote this custom Spamassassin rule to take care of it. The idea and basic outline I got from a perl script for procmail, but I wanted a SA solution for it. In case anyone is interested, here it is:
[FONT="Courier New"]header __bounce_01 subject =~ /failure notice/i
header __bounce_02 subject =~ /Warning: could not send/i
header __bounce_03 subject =~ /Returned mail/i
header __bounce_04 subject =~ /Mail delivery failed/i
header __bounce_05 subject =~ /Undelivered Mail Returned to Sender/i
header __bounce_06 subject =~ /Mail System Error/i
header __bounce_07 subject =~ /Undeliverable Mail/i
header __bounce_08 subject =~ /Delivery Status Notification/i
header __bounce_09 subject =~ /Delivery reports about your e?mail/i
header __bounce_10 subject =~ /Delivery failure/i
header __bounce_11 subject =~ /Undeliverable/i
header __bounce_12 subject =~ /Unable to deliver your message/i
header __bounce_13 subject =~ /Devliery Reports/i
header __bounce_14 from =~ /Mail Delivery/i
header __bounce_15 from =~ /Postmaster/i
header __bounce_16 from =~ /The Post Office/i
header __bounce_17 from =~ /mailsweeper/i
header __bounce_18 from =~ /mailer-daemon/i
header __bounce_19 from =~ /mailserver/i
header __bounce_20 from =~ /mailscanner/i
header __bounce_21 from =~ /Mail Administrator/i
header __bounce_22 subject =~ /message undelivered/i
header __bounce_23 subject =~ /undelivered mail/i
header __bounce_24 from =~ /mailer-daemon/i
header __bounce_25 subject =~ /return receipt/i
header __bounce_26 subject =~ /ambiguous address/i
header __bounce_27 subject =~ /Mail delivery problems/i
header __bounce_28 subject =~ /mail delivery status/i
header __bounce_29 subject =~ /unable to process your message/i
header __bounce_30 subject =~ /Delivery Notification/i
header __bounce_31 subject =~ /Your e?mail did not reach the intended/i
header __bounce_32 subject =~ /Your Message Could Not Be Delivered/i
header __bounce_33 subject =~ /Delivery Notification/i
header __bounce_34 subject =~ /Warning:.*?User unknown/i
header __bounce_35 subject =~ /Message status*undeliverable/i
# Insert your real email address here.
# It tests if the bounced mail does NOT contain your real email in the "To:" field.
header __bounce_addr To !~ /yourname\@yourdomain\.com/i
meta __bounce_all (__bounce_01 || __bounce_02 || __bounce_03 || __bounce_04 || __bounce_05 ||
__bounce_06 || __bounce_07 || __bounce_08 || __bounce_09 || __bounce_10 || __bounce_11 ||
__bounce_12 || __bounce_13 || __bounce_14 || __bounce_15 || __bounce_16 || __bounce_17 ||
__bounce_18 || __bounce_19 || __bounce_20 || __bounce_21 || __bounce_22 || __bounce_23 ||
__bounce_24 || __bounce_25 || __bounce_26 || __bounce_27 || __bounce_28 || __bounce_29 ||
__bounce_30 || __bounce_31 || __bounce_32 || __bounce_33 || __bounce_34 || __bounce_35 )
# score if any key words are found and if your real email address doesn't appear.
meta CUST_fake_bounce ((__bounce_all + __bounce_addr) > 1)
score CUST_fake_bounce 7.0[/FONT]
I guess there might be a slicker way, but I'm not a programmer, so that's the best I could do. It works, that's the main thing for me.
-t
Top
