THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
There's a ruleset to block joe-job, virus-blowback, and spam-blowback bounce messages (a.k.a. "backscatter"), which is included in SpamAssassin 3.2.0. In the meantime, if It provides the following rules:
MY_SERVERS_FOUND: a whitelisted relay a la "whitelist_bounce_relays" was found
BOUNCE_MESSAGE: an MTA-generated bounce from a non-whitelisted relay, "message was undeliverable" etc.
CRBOUNCE_MESSAGE: Challenge-response bounce message from a non-whitelisted relay, eg. "please confirm your message was not spam"
VBOUNCE_MESSAGE: a virus-scanner-generated bounce from a non-whitelisted relay, e.g. "You sent a virus"
ANY_BOUNCE_MESSAGE: any of the *BOUNCE_MESSAGE types above
If you are using SA 3.1.x, you can install it the ruleset as follows:
Wiki Markup Download \[http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf?revision=482200&pathrev=482207 20_vbounce.cf\] and \[http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/VBounce.pm?revision=467392&pathrev=482207 VBounce.pm\] from jm's rules sandbox. \\
...
This is used to 'rescue' legitimate bounce messages that were generated in response to mail you really *did* send. If a bounce message is found, and it contains one of these hostnames in a 'Received' header in the bounced message, it will not be marked as a blowback virus-bounce.
...