Having a catch-all email address can be a mixed blessing, especially if the someone uses spoofed “sent from” email addresses. Invalid recipients will result in bounced back emails your catch-all.

I created the following SpamAssassin rule to filter out those “fake bounce” emails.

The idea is the following:

Filter ALL emails that
a) have certain key words in the subject or from line
b) NOT directly addressed to my primary email address(es)

So here is the code, I saved it in ~/etc/mail/spamassassin/

# subsets META BOUNCE 1

header __bounce_01 subject =~ /failure notice/i
header __bounce_02 subject =~ /Warning: could not send/i
header __bounce_03 subject =~ /Returned mail/i
header __bounce_04 subject =~ /Mail delivery failed/i
header __bounce_05 subject =~ /Undelivered Mail Returned to Sender/i
header __bounce_06 subject =~ /Mail System Error/i
header __bounce_07 subject =~ /Undeliverable Mail/i
header __bounce_08 subject =~ /Delivery Status Notification/i
header __bounce_09 subject =~ /Delivery reports about your e?mail/i
header __bounce_10 subject =~ /Delivery failure/i
header __bounce_11 subject =~ /Undeliverable/i
header __bounce_12 subject =~ /Unable to deliver your message/i
header __bounce_13 subject =~ /Delivery Reports/i
header __bounce_14 from =~ /Mail Delivery/i
header __bounce_15 from =~ /Postmaster/i
header __bounce_16 from =~ /The Post Office/i
header __bounce_17 from =~ /mailsweeper/i
header __bounce_18 from =~ /mailer-daemon/i
header __bounce_19 from =~ /mailserver/i
header __bounce_20 from =~ /mailscanner/i
header __bounce_21 from =~ /Mail Administrator/i
header __bounce_22 subject =~ /message undelivered/i
header __bounce_23 subject =~ /undelivered mail/i
header __bounce_24 from =~ /mailer-daemon/i
header __bounce_25 subject =~ /return receipt/i
header __bounce_26 subject =~ /ambiguous address/i
header __bounce_27 subject =~ /Mail delivery problems/i
header __bounce_28 subject =~ /mail delivery status/i
header __bounce_29 subject =~ /unable to process your message/i
header __bounce_30 subject =~ /Delivery Notification/i
header __bounce_31 subject =~ /Your e?mail did not reach the intended/i
header __bounce_32 subject =~ /Your Message Could Not Be Delivered/i
header __bounce_33 subject =~ /Delivery Notification/i
header __bounce_34 subject =~ /Warning:.*?User unknown/i
header __bounce_35 subject =~ /Message status*undeliverable/i
header __bounce_36 subject =~ /Automated Response/i

header __bounce_addr1 To !~ /firstname\@yourdomain\.net/i
# score __bounce_addr1 1.0

header __bounce_addr2 To !~ /firstname\@yourdomain\.com/i
# score __bounce_addr2 1.0

#
# meta rules
# __bounce1 has to be in ONE line, w/o line breaks !!!

meta __bounce1 (__bounce_01 || __bounce_02 || __bounce_03 || __bounce_04 || __bounce_05 || __bounce_06 || __bounce_07 || __bounce_08 || __bounce_09 || __bounce_10 || __bounce_11 || __bounce_12 || __bounce_13 || __bounce_14 || __bounce_15 || __bounce_16 || __bounce_17 || __bounce_18 || __bounce_19 || __bounce_20 || __bounce_21 || __bounce_22 || __bounce_23 || __bounce_24 || __bounce_25 || __bounce_26 || __bounce_27 || __bounce_28 || __bounce_29 || __bounce_30 || __bounce_31 || __bounce_32 || __bounce_33 || __bounce_34 || __bounce_35 || __bounce_36 || __bounce_36)
# score __bounce1 1.0

meta __bounce_addr (__bounce_addr1 && __bounce_addr2)
# score __bounce_addr 1.0

meta My_fake_bounce ((__bounce_all + __bounce_addr) > 1)
score My_fake_bounce 10.0