Re: OT - has my email domain been hijacked?

• Previous message: Randall J. Berry: "Re: Mail Services"
• In reply to: kevin.kempter_at_dataintellect.com: "Re: OT - has my email domain been hijacked?"
• Next in thread: Paul Howarth: "Re: OT - has my email domain been hijacked?"
• Reply: Paul Howarth: "Re: OT - has my email domain been hijacked?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 14 Sep 2005 23:55:05 -0700
To: For users of Fedora Core releases <fedora-list@redhat.com>

On 9/14/05, kevin.kempter@dataintellect.com
<kevin.kempter@dataintellect.com> wrote:
> Thanks for the info.
>
> Can you send me info on what a spam assasin filter to catch these will need to
> look like?

Here are some rules I added to my user_prefs file after setting
"allow_user_rules 1" in local.cf.

My goal was to insure the joe-job bounces were deleted, not remove
spam, which I receive little of. I turned off Bayes and neutered
auto_whitelist. I would have completely turned off auto_whitelist if I
could have figured out how. The rules still need to have their score
adjusted, as most of the matches are guaranteed bounces.

I based the rules on my large collection of bounce messages and
http://permalink.gmane.org/gmane.discuss/5381

# From bounce matches

header BOUNCE_FROM_MAILER_DAEMON From =~ /mailer-daemon/i
describe BOUNCE_FROM_MAILER_DAEMON From: mailer-daemon, probably an
automated message
score BOUNCE_FROM_MAILER_DAEMON 5

header BOUNCE_FROM_BLACKHOLE From =~ /blackhole/i
describe BOUNCE_FROM_BLACKHOLE From: blackhole, probably an automated message
score BOUNCE_FROM_BLACKHOLE 5

header BOUNCE_FROM_POSTMASTER From =~ /postmaster/i
describe BOUNCE_FROM_POSTMASTER From: postmaster, probably an
automated message
score BOUNCE_FROM_POSTMASTER 5

header BOUNCE_FROM_POST_OFFICE From =~ /Post Office/i
describe BOUNCE_FROM_POST_OFFICE From: Post Office, probably an
automated message
score BOUNCE_FROM_POST_OFFICE 5

header BOUNCE_FROM_MAIL_DELIVERY_SYSTEM From =~ /Mail Delivery System/i
describe BOUNCE_FROM_MAIL_DELIVERY_SYSTEM From: Mail Delivery
System, probably an automated message
score BOUNCE_FROM_MAIL_DELIVERY_SYSTEM 5

header BOUNCE_FROM_MAIL_DELIVERY_SUBSYSTEM From =~ /Mail Delivery
Subsystem/i
describe BOUNCE_FROM_MAIL_DELIVERY_SUBSYSTEM From: Mail Delivery
Subsystem, probably an automated message
score BOUNCE_FROM_MAIL_DELIVERY_SUBSYSTEM 5

header BOUNCE_FROM_MAIL_ADMINISTRATOR From =~ /Mail Administrator/i
describe BOUNCE_FROM_MAIL_ADMINISTRATOR From: Mail Administrator,
probably an automated message
score BOUNCE_FROM_MAIL_ADMINISTRATOR 5

header BOUNCE_FROM_SYSTEM_ADMINISTRATOR From =~ /System Administrator/i
describe BOUNCE_FROM_SYSTEM_ADMINISTRATOR From: System
Administrator, probably an automated message
score BOUNCE_FROM_SYSTEM_ADMINISTRATOR 5

header BOUNCE_FROM_INTERNET_MAIL_DELIVERY From =~ /Internet Mail Delivery/i
describe BOUNCE_FROM_INTERNET_MAIL_DELIVERY From: Internet Mail
Delivery, probably an automated message
score BOUNCE_FROM_INTERNET_MAIL_DELIVERY 5

header BOUNCE_FROM_MAIL From =~ /mail/i
describe BOUNCE_FROM_MAIL From: mail, possibly an automated message
score BOUNCE_FROM_MAIL 1

# Subject bounce matches

header BOUNCE_FAILURE_NOTICE Subject =~ /failure notice/i
describe BOUNCE_FAILURE_NOTICE Subject: 'failure notice', bounce message
score BOUNCE_FAILURE_NOTICE 5

header BOUNCE_DELIVERY_STATUS_NOTIFICATION Subject =~ /delivery
status notification/i
describe BOUNCE_DELIVERY_STATUS_NOTIFICATION Subject: 'Delivery status
notification', probably bounce
score BOUNCE_DELIVERY_STATUS_NOTIFICATION 1

header BOUNCE_DELIVERY_FAILED Subject =~ /delivery failed/i
describe BOUNCE_DELIVERY_FAILED Subject: 'delivery failed', bounce message
score BOUNCE_DELIVERY_FAILED 1

header BOUNCE_MAIL_DELIVERY_FAILED Subject =~ /Mail delivery failed/i
describe BOUNCE_MAIL_DELIVERY_FAILED Subject: 'Mail delivery failed',
bounce message
score BOUNCE_MAIL_DELIVERY_FAILED 5

header BOUNCE_UNDELIVERABLE Subject =~ /Undeliverable:/i
describe BOUNCE_UNDELIVERABLE Subject: Undeliverable
score BOUNCE_UNDELIVERABLE 1

header BOUNCE_RETURNED_MAIL Subject =~ /Returned mail/i
describe BOUNCE_RETURNED_MAIL Subject: 'Returned mail', bounce message
score BOUNCE_RETURNED_MAIL 5

header BOUNCE_MAIL_COULD_NOT_BE_DELIVERED Subject =~ /Mail could
not be delivered/i
describe BOUNCE_MAIL_COULD_NOT_BE_DELIVERED Subject: 'Mail could
not be delivered', bounce message
score BOUNCE_MAIL_COULD_NOT_BE_DELIVERED 5

header BOUNCE_UNDELIVERED_MAIL Subject =~ /Undelivered Mail/i
describe BOUNCE_UNDELIVERED_MAIL Subject: 'Undelivered Mail', bounce message
score BOUNCE_UNDELIVERED_MAIL 5

header BOUNCE_RETURNED_TO_SENDER Subject =~ /Returned to Sender/i
describe BOUNCE_RETURNED_TO_SENDER Subject: 'Returned to Sender',
bounce message
score BOUNCE_RETURNED_TO_SENDER 5

use_bayes 0
fold_headers 0
auto_whitelist_factor 0

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: Randall J. Berry: "Re: Mail Services"
• In reply to: kevin.kempter_at_dataintellect.com: "Re: OT - has my email domain been hijacked?"
• Next in thread: Paul Howarth: "Re: OT - has my email domain been hijacked?"
• Reply: Paul Howarth: "Re: OT - has my email domain been hijacked?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]