Sending bounce/notification messages for spam going to a specific address

James Gray james_gray at ocs.com
Fri Dec 3 02:54:03 GMT 2004 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Fri, 3 Dec 2004 11:54 am, Andy Moran wrote:
> Hello!
>
> We currently have a system where mailscanner tags and delivers spam,
> including spam going to our helpdesk system.  Our helpdesk system
> generates tickets and sends back ticket numbers to spammers.    We want
> to stop these tickets from being generated.
>
> The proposed solution is to setup a procmail rule that delivers these
> messages to a logfile that gets rotated every week.  However, because
> nobody has time to manage and look through this log file,  we want a
> message or bounce to be sent back to the sender of these spam-tagged
> messages in case it is a fale negative telling them to call our phone
> number and ask for help.
>
> I thought this might be easy to do with MailScanner's bounce_rules but
> I'm not sure how to say that only mail *to* our helpdesk system gets a
> specific message back to the sender (i.e.  "Your message to helpdesk did
> not generate a ticket because it was marked as Spam.  If this is a real
> issue, please call xxxxxxx" etc).
>
> Is there a way to specify in the ruleset which bounce to send back?  And
> if not, do I just edit one of the report files?   I see there are two
> files "reports/en/sender.spam.sa.report.txt" and
> "reports/en/sender.spam.report.txt".   Not sure which one needs to be
> edited or if I can edit my own and specify it somewhere (ideal).  Also,
> I'm not sure if the bounce ruleset is the bet place (will it allow me to
> still deliver it a mbox file later?) or if I use some other mechanism.
>
> hope that wasn't too confusing.  Any help is appreciated!
>
> --Andy
>
>
> P.S.  I fully expect to get flamed for saying we want to send messages
> back for spam, but having valid helpdesk messages disappear without
> anyone (including the sender) know about it isn't acceptable and we
> don't have the man power to wade through spam messages either, so this
> is the best solution we could think of.  :/
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

Greetings,

We had the same problem - we also got sick of closing cases that were opened
from virus alerts and bad-attachment notices.  Below are the config changes
and sample rule files to make sure the automatic stuff doesn't get sent out
for messages addressed to our ticketing system:

MailScanner.conf:
Deliver Disinfected Files = %rules-dir%/disinfected.rules
Still Deliver Silent Viruses = %rules-dir%/deliver.silent.rules
Deliver Cleaned Messages = %rules-dir%/disinfected.rules
Notify Senders = %rules-dir%/notify.senders.rules
Spam Actions = %rules-dir%/spam.actions.rules
High Scoring Spam Actions = %rules-dir%/spam.high.actions.rules
Enable Spam Bounce = %rules-dir%/bounce.rules

disinfected.rules:
To:             ticket-system at foo.bar           no
To:             Other-ticket-aliases*@foo.bar   no
ToOrFrom:       default                         yes

deliver.silent.rules:
<< SAME AS "disinfected.rules" >>

notify.senders.rules:
<< SAME AS "disinfected.rules" >>

spam.actions.rules:
To:             ticket-system at foo.bar           delete
To:             Other-ticket-aliases*@foo.bar   delete
ToOrFrom:       default                         attachment deliver

spam.high.actions.rules:
<< SAME AS "spam.actions.rules" >>

bounce.rules:
FromOrTo:       default                         no
(ie, no special handling, but we have it as a rule for some of our customers
which I didn't include above. You may not use this feature in which case,
just put "Enable Spam Bounce = no" in MailScanner.conf)

After all that, restart mailscanner and spammers wont get auto-replies and
your ticket system wont fill up with bogus automatically generated cases :)

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list