On 9/14/05, kevin.kempter@xxxxxxxxxxxxxxxxx <kevin.kempter@xxxxxxxxxxxxxxxxx> wrote: > Thanks for the info. > > Can you send me info on what a spam assasin filter to catch these will need to > look like? Here are some rules I added to my user_prefs file after setting "allow_user_rules 1" in local.cf. My goal was to insure the joe-job bounces were deleted, not remove spam, which I receive little of. I turned off Bayes and neutered auto_whitelist. I would have completely turned off auto_whitelist if I could have figured out how. The rules still need to have their score adjusted, as most of the matches are guaranteed bounces. I based the rules on my large collection of bounce messages and http://permalink.gmane.org/gmane.discuss/5381 # From bounce matches header BOUNCE_FROM_MAILER_DAEMON From =~ /mailer-daemon/i describe BOUNCE_FROM_MAILER_DAEMON From: mailer-daemon, probably an automated message score BOUNCE_FROM_MAILER_DAEMON 5 header BOUNCE_FROM_BLACKHOLE From =~ /blackhole/i describe BOUNCE_FROM_BLACKHOLE From: blackhole, probably an automated message score BOUNCE_FROM_BLACKHOLE 5 header BOUNCE_FROM_POSTMASTER From =~ /postmaster/i describe BOUNCE_FROM_POSTMASTER From: postmaster, probably an automated message score BOUNCE_FROM_POSTMASTER 5 header BOUNCE_FROM_POST_OFFICE From =~ /Post Office/i describe BOUNCE_FROM_POST_OFFICE From: Post Office, probably an automated message score BOUNCE_FROM_POST_OFFICE 5 header BOUNCE_FROM_MAIL_DELIVERY_SYSTEM From =~ /Mail Delivery System/i describe BOUNCE_FROM_MAIL_DELIVERY_SYSTEM From: Mail Delivery System, probably an automated message score BOUNCE_FROM_MAIL_DELIVERY_SYSTEM 5 header BOUNCE_FROM_MAIL_DELIVERY_SUBSYSTEM From =~ /Mail Delivery Subsystem/i describe BOUNCE_FROM_MAIL_DELIVERY_SUBSYSTEM From: Mail Delivery Subsystem, probably an automated message score BOUNCE_FROM_MAIL_DELIVERY_SUBSYSTEM 5 header BOUNCE_FROM_MAIL_ADMINISTRATOR From =~ /Mail Administrator/i describe BOUNCE_FROM_MAIL_ADMINISTRATOR From: Mail Administrator, probably an automated message score BOUNCE_FROM_MAIL_ADMINISTRATOR 5 header BOUNCE_FROM_SYSTEM_ADMINISTRATOR From =~ /System Administrator/i describe BOUNCE_FROM_SYSTEM_ADMINISTRATOR From: System Administrator, probably an automated message score BOUNCE_FROM_SYSTEM_ADMINISTRATOR 5 header BOUNCE_FROM_INTERNET_MAIL_DELIVERY From =~ /Internet Mail Delivery/i describe BOUNCE_FROM_INTERNET_MAIL_DELIVERY From: Internet Mail Delivery, probably an automated message score BOUNCE_FROM_INTERNET_MAIL_DELIVERY 5 header BOUNCE_FROM_MAIL From =~ /mail/i describe BOUNCE_FROM_MAIL From: mail, possibly an automated message score BOUNCE_FROM_MAIL 1 # Subject bounce matches header BOUNCE_FAILURE_NOTICE Subject =~ /failure notice/i describe BOUNCE_FAILURE_NOTICE Subject: 'failure notice', bounce message score BOUNCE_FAILURE_NOTICE 5 header BOUNCE_DELIVERY_STATUS_NOTIFICATION Subject =~ /delivery status notification/i describe BOUNCE_DELIVERY_STATUS_NOTIFICATION Subject: 'Delivery status notification', probably bounce score BOUNCE_DELIVERY_STATUS_NOTIFICATION 1 header BOUNCE_DELIVERY_FAILED Subject =~ /delivery failed/i describe BOUNCE_DELIVERY_FAILED Subject: 'delivery failed', bounce message score BOUNCE_DELIVERY_FAILED 1 header BOUNCE_MAIL_DELIVERY_FAILED Subject =~ /Mail delivery failed/i describe BOUNCE_MAIL_DELIVERY_FAILED Subject: 'Mail delivery failed', bounce message score BOUNCE_MAIL_DELIVERY_FAILED 5 header BOUNCE_UNDELIVERABLE Subject =~ /Undeliverable:/i describe BOUNCE_UNDELIVERABLE Subject: Undeliverable score BOUNCE_UNDELIVERABLE 1 header BOUNCE_RETURNED_MAIL Subject =~ /Returned mail/i describe BOUNCE_RETURNED_MAIL Subject: 'Returned mail', bounce message score BOUNCE_RETURNED_MAIL 5 header BOUNCE_MAIL_COULD_NOT_BE_DELIVERED Subject =~ /Mail could not be delivered/i describe BOUNCE_MAIL_COULD_NOT_BE_DELIVERED Subject: 'Mail could not be delivered', bounce message score BOUNCE_MAIL_COULD_NOT_BE_DELIVERED 5 header BOUNCE_UNDELIVERED_MAIL Subject =~ /Undelivered Mail/i describe BOUNCE_UNDELIVERED_MAIL Subject: 'Undelivered Mail', bounce message score BOUNCE_UNDELIVERED_MAIL 5 header BOUNCE_RETURNED_TO_SENDER Subject =~ /Returned to Sender/i describe BOUNCE_RETURNED_TO_SENDER Subject: 'Returned to Sender', bounce message score BOUNCE_RETURNED_TO_SENDER 5 use_bayes 0 fold_headers 0 auto_whitelist_factor 0
