I have one list that has suddenly been receiving an increase in
bounces, and in looking at the bounce emails they appear to be spam
sent directly to the bounce address (ex. list1- bounces@listdomain.org). From what I can see this email (with
attachments, sometimes virus/trojans) then gets sent as a bounce to
the admins. The admin for this list is receiving all of these emails,
with attachments, and is getting concerned about the volume of
infected attachments she's getting.

Is there any way to filter these emails sent to the bounce address so
that if they are spam they just get discarded. I do have filters set
up for emails sent to the list that filter them out, but since these
don't actually go to the list, but to the bounce address, they don't
appear to be run through that filter system.

Any recommendations on what to do about this, short of creating a new
list, would be appreciated.

An example of the header from an email is pasted below:

Received: (qmail 3486 invoked from network); 18 Sep 2008 14:08:58
-0000 Received: from unknown (HELO pre- smtp36-01.prod.mesa1.secureserver.net) ([10.0.19.136]) (envelope-sender mailman-bounces@ascls-lists.org) by smtp30.prod.mesa1.secureserver.net (qmail-1.03) with SMTP for jrc@rodricon.com; 18 Sep 2008 14:08:58 -0000 Received: (qmail 10030 invoked from network); 18 Sep 2008 14:08:58
-0000 Received: from frodo.clshost.com ([72.249.28.134]) (envelope-sender mailman-bounces@ascls-lists.org) by pre-smtp36-01.prod.mesa1.secureserver.net (qmail- ldap-1.03) with SMTP for jrc@rodricon.com; 18 Sep 2008 14:08:58 -0000 Received: from localhost ([127.0.0.1] helo=frodo.clshost.com) by frodo.clshost.com with esmtp (Exim 4.69) (envelope-from mailman-bounces@ascls-lists.org) id 1KgKBj-0004gT-CX for jrc@rodricon.com; Thu, 18 Sep 2008 08:08:56 -0600 Subject: Uncaught bounce notification From: mailman-bounces@ascls-lists.org To: ascls-sd-members-owner@ascls-lists.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1010536534==" Message-ID:

...

Date: Thu, 18 Sep 2008 08:08:47 -0600 Precedence: bulk X-BeenThere: ascls-sd-members@ascls-lists.org X-Mailman-Version: 2.1.9.cp2 List-Id: X-List-Administrivia: yes Sender: mailman-bounces@ascls-lists.org Errors-To: mailman-bounces@ascls-lists.org X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report X-AntiAbuse: Primary Hostname - frodo.clshost.com X-AntiAbuse: Original Domain - rodricon.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ascls-lists.org X-Source: X-Source-Args: X-Source-Dir: X-Nonspam: Whitelist

--===============1010536534== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

The attached message was received as a bounce, but either the bounce format was not recognized, or no member addresses could be extracted from it. This mailing list has been configured to send all unrecognized bounce messages to the list administrator(s).

For more information see: http://ascls-lists.org/mailman/admin/ascls-sd-members_ascls-lists.org/bounce

--===============1010536534== Content-Type: message/rfc822 MIME-Version: 1.0

Received: from [88.241.214.209] (helo=dsl88.241-54993.ttnet.net.tr) by frodo.clshost.com with esmtp (Exim 4.69) (envelope-from auh@eastern-marine.com) id 1KgKBD-0004X8-ET for ascls-sd-members-bounces@ascls-lists.org; Thu, 18 Sep 2008 08:08:39 -0600 Message-ID: 41363.vortigern@chungen Date: Thu, 18 Sep 2008 12:20:44 +0000 From: "christof suvendu" auh@eastern-marine.com User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: ascls-sd-members-bounces@ascls-lists.org Subject: Why is your love life such a disaster? 1 Content-Type: multipart/alternative; boundary="=_lOWyABl8u1FaKt" X-WhitelistedRCPT-nohdrfromcallback: Yes

This is a multi-part message in MIME format.

Thanks,

J.R. Constance