From ee1e2d0b7e8a3a8cf374dc074494a567a564581c Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Tue, 10 Feb 2026 00:35:10 +0100
Subject: [PATCH] install_amavis.sh: add spamassassin rule for Null sender (
 (Return-Path: <>).

---
 install_amavis.sh | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/install_amavis.sh b/install_amavis.sh
index 276b2d1..2252922 100755
--- a/install_amavis.sh
+++ b/install_amavis.sh
@@ -2257,6 +2257,45 @@ if ! $installation_failed ; then
    fi
 fi
 
+# Create /etc/spamassassin/99_nullsender.cf
+#
+# Spamassassin Regeln für Nullsender (Return-Path: <>)
+#
+# Problem:
+#     echte DSNs haben ebenfalls Return-Path: <>
+#
+# Aber:
+#     Echte DSNs sind i.d.R. multipart/report (delivery-status)
+#
+echononl "   Create file \"/etc/spamassassin/99_nullsender.cf\".."
+cat <<'EOF' > /etc/spamassassin/99_nullsender.cf 2> $tmp_err_msg
+########################################################################
+# Null-sender (Return-Path: <>) Behandlung
+# Ziel: Fake-Bounces markieren, echte DSNs nicht treffen
+########################################################################
+
+# 1) Null-Envelope-From erkannt
+header  LOCAL_NULL_SENDER      Return-Path =~ /^<>$/i
+describe LOCAL_NULL_SENDER     Null envelope-from (Return-Path <>)
+score   LOCAL_NULL_SENDER      0.1
+
+# 2) Echte DSNs sind i.d.R. multipart/report (delivery-status)
+header  LOCAL_DSN_MULTIPART    Content-Type =~ /^multipart\/report\b/i
+describe LOCAL_DSN_MULTIPART   Looks like a real DSN (multipart/report)
+score   LOCAL_DSN_MULTIPART    -3.0
+
+# 3) Fake-Bounce: Null-sender, aber NICHT multipart/report
+meta    LOCAL_NULL_NOT_DSN     LOCAL_NULL_SENDER && !LOCAL_DSN_MULTIPART
+describe LOCAL_NULL_NOT_DSN    Null-sender but not a DSN (likely fake bounce spam)
+score   LOCAL_NULL_NOT_DSN     6.0
+EOF
+if [[ $? -eq 0 ]] ; then
+   echo_ok
+else
+   echo_failed
+   error "$(cat $tmp_err_msg)"
+fi
+
 
 # - Enable nightly cronjob for spamassassin
 # -