Virus Bounce Ruleset

There's a ruleset to block joe-job, virus-blowback, and spam-blowback bounce messages, which (hopefully) will be included in SpamAssassin 3.2.0. In the meantime, if you are using SA 3.1.x, you can install it as follows:

1. Download [http://svn.apache.org/repos/asf/spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf 20_vbounce.cf] and [http://svn.apache.org/repos/asf/spamassassin/rules/trunk/sandbox/jm/VBounce.pm VBounce.pm] from jm's rules sandbox.
   

2. Save both files to your /etc/mail/spamassassin directory.

3. Edit your local.cf and add a line like the following:

  whitelist_bounce_relays myrelay.mydomain.net

Replace myrelay.mydomain.net with the hostname of the relay (or relays) that you send your outbound mail through.

This is used to 'rescue' legitimate bounce messages that were generated in response to mail you really *did* send. If a bounce message is found, and it contains one of these hostnames in a 'Received' header, it will not be marked as a blowback virus-bounce.

4. Run spamassassin --lint and ensure it works.

5. Restart spamd, as usual, so that the ruleset is loaded.

Don't forget – once SpamAssassin 3.2.0 is released, you may need to delete VBounce.pm and 20_vbounce.cf from /etc/mail/spamassassin, so that it doesn't clash with the released version.