Sending bounce/notification messages for spam going to a specific address

Andy Moran andy at WILDBRAIN.COM
Fri Dec 3 18:14:21 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi James,

Thanks for the well-written response!

However, I think you misunderstood what we want.  We DO (and only) want
autoreplies (i.e. notifications / bounces) for *only* messages going to
our helpdesk system.   We want spam messages delivered either way.

We want spam messages to be delivered for all mail and special
notifications sent back for those going to our helpdesk system.  I'm not
sure what rules file to put this in and which report file to edit to
compose this special response.


--Andy




James Gray wrote:
> On Fri, 3 Dec 2004 11:54 am, Andy Moran wrote:
>
>>Hello!
>>
>>We currently have a system where mailscanner tags and delivers spam,
>>including spam going to our helpdesk system.  Our helpdesk system
>>generates tickets and sends back ticket numbers to spammers.    We want
>>to stop these tickets from being generated.
>>
>>The proposed solution is to setup a procmail rule that delivers these
>>messages to a logfile that gets rotated every week.  However, because
>>nobody has time to manage and look through this log file,  we want a
>>message or bounce to be sent back to the sender of these spam-tagged
>>messages in case it is a fale negative telling them to call our phone
>>number and ask for help.
>>
>>I thought this might be easy to do with MailScanner's bounce_rules but
>>I'm not sure how to say that only mail *to* our helpdesk system gets a
>>specific message back to the sender (i.e.  "Your message to helpdesk did
>>not generate a ticket because it was marked as Spam.  If this is a real
>>issue, please call xxxxxxx" etc).
>>
>>Is there a way to specify in the ruleset which bounce to send back?  And
>>if not, do I just edit one of the report files?   I see there are two
>>files "reports/en/sender.spam.sa.report.txt" and
>>"reports/en/sender.spam.report.txt".   Not sure which one needs to be
>>edited or if I can edit my own and specify it somewhere (ideal).  Also,
>>I'm not sure if the bounce ruleset is the bet place (will it allow me to
>>still deliver it a mbox file later?) or if I use some other mechanism.
>>
>>hope that wasn't too confusing.  Any help is appreciated!
>>
>>--Andy
>>
>>
>>P.S.  I fully expect to get flamed for saying we want to send messages
>>back for spam, but having valid helpdesk messages disappear without
>>anyone (including the sender) know about it isn't acceptable and we
>>don't have the man power to wade through spam messages either, so this
>>is the best solution we could think of.  :/
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>
>
> Greetings,
>
> We had the same problem - we also got sick of closing cases that were opened
> from virus alerts and bad-attachment notices.  Below are the config changes
> and sample rule files to make sure the automatic stuff doesn't get sent out
> for messages addressed to our ticketing system:
>
> MailScanner.conf:
> Deliver Disinfected Files = %rules-dir%/disinfected.rules
> Still Deliver Silent Viruses = %rules-dir%/deliver.silent.rules
> Deliver Cleaned Messages = %rules-dir%/disinfected.rules
> Notify Senders = %rules-dir%/notify.senders.rules
> Spam Actions = %rules-dir%/spam.actions.rules
> High Scoring Spam Actions = %rules-dir%/spam.high.actions.rules
> Enable Spam Bounce = %rules-dir%/bounce.rules
>
> disinfected.rules:
> To:             ticket-system at foo.bar           no
> To:             Other-ticket-aliases*@foo.bar   no
> ToOrFrom:       default                         yes
>
> deliver.silent.rules:
> << SAME AS "disinfected.rules" >>
>
> notify.senders.rules:
> << SAME AS "disinfected.rules" >>
>
> spam.actions.rules:
> To:             ticket-system at foo.bar           delete
> To:             Other-ticket-aliases*@foo.bar   delete
> ToOrFrom:       default                         attachment deliver
>
> spam.high.actions.rules:
> << SAME AS "spam.actions.rules" >>
>
> bounce.rules:
> FromOrTo:       default                         no
> (ie, no special handling, but we have it as a rule for some of our customers
> which I didn't include above. You may not use this feature in which case,
> just put "Enable Spam Bounce = no" in MailScanner.conf)
>
> After all that, restart mailscanner and spammers wont get auto-replies and
> your ticket system wont fill up with bogus automatically generated cases :)
>
> Cheers,
>
> James
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list