Learning Backscatter
.rp
printer at moveupdate.com
Mon Jan 26 17:51:58 CET 2009
On 10 Jan 2009 at 17:47, RW wrote:
> I was wondering how good Bogofilter is at distinguishing between
> backscatter, and legitimate delivery failure messages.
>
> Specifically, does it look inside the attached original email.
>
>
I know I am repeating myself, but anyway ...
One of the users (actually the boss) had the email address harvested and we got clobbered
by backscatter. Looking at the emails of the various 'unable to deliver' type messages, I saw
what these could be filtered on, but don't know how to write up and implement the rule
outside of procmail. I don't want to use procmail for this since it I think it would be an
expensive routine for procmail to run.
In the body of the 'unable to deliver' message, the original message is quoted. One of the
lines quoted is the Message-ID: header from the original. The format of this line is always
wrong as it does not contain the FQDN that our server appends to the end of the hash
number , following the '@' symbol .
So, need a rule that would parse the "Message-ID:" in the body (or attachment) and not
header, and look for the @FQDN
More information about the Bogofilter
mailing list