On Sun, 2008-03-16 at 01:17 -0400, Frédéric Brière wrote: > Could you provide a couple of sample log messages that are meant to be > matched by these rules? I'm trying to make them compatible with the > version in etch, and it's quite easy to get lost in them. Having a > reference would help greatly.
Attached is an example log, it should contain examples for all the modifications i've made. Regards, Sami -- Sami Haahtinen <[EMAIL PROTECTED]>
Mar 16 12:32:25 Carbon postfix/policyd-weight[2046]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: 1605af4a1393436, MTA hostname: unknown[221.239.186.18] (helo/hostname mismatch); delay: 2s Mar 16 12:33:24 Carbon postfix/policyd-weight[2046]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .ailleurs. - helo: .master.debian. - helo-domain: .debian.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1 <client=70.103.162.29> <helo=master.debian.org> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>, rate: -5.5 Mar 16 12:33:24 Carbon postfix/policyd-weight[2046]: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .ailleurs. - helo: .master.debian. - helo-domain: .debian.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1 <client=70.103.162.29> <helo=master.debian.org> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>, rate: -5.5; delay: 1s Mar 16 12:34:02 Carbon postfix/policyd-weight[2046]: decided action=PREPEND X-policyd-weight: using cached result; rate:hard: -2.3; delay: 0s Mar 16 12:39:27 Carbon postfix/policyd-weight[28426]: decided action=PREPEND X-policyd-weight: using cached result; rate:hard: 0.9; delay: 0s Mar 16 12:39:27 Carbon postfix/policyd-weight[8409]: decided action=PREPEND X-policyd-weight: using cached result; rate: -5.5; delay: 0s Mar 16 12:39:49 Carbon postfix/policyd-weight[28426]: decided action=550 Your MTA is listed in too many DNSBLs; check http://rbls.org/?q=85.168.97.66; delay: 0s Mar 16 12:41:14 Carbon postfix/policyd-weight[28426]: weighted check: IN_DYN_PBL_SPAMHAUS=3.25 IN_SBL_XBL_SPAMHAUS=4.35 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=9.1 REV_IP_EQ_HELO=-1.25 (check from: .amimanagement. - helo: .142-31-113-92.pool.ukrtel. - helo-domain: .ukrtel.) FROM/MX_MATCHES_NOT_UNVR_HELO(DOMAIN)=9.2 CLIENT_NOT_MX/A_FROM_DOMAIN=9.1 CLIENT/24_NOT_MX/A_FROM_DOMAIN=9.1 <client=92.113.31.142> <helo=142-31-113-92.pool.ukrtel.net> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>, rate: 39.85 Mar 16 12:41:14 Carbon postfix/policyd-weight[28426]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; please relay via your ISP (amimanagement.com); delay: 4s
signature.asc
Description: This is a digitally signed message part
