Robert wrote:
> On Sat, Aug 26, 2006 at 11:58:22AM -0600, Gary V wrote:
>> Robert wrote:
>>
>> > - (new) inet/daemon mode support added, default port 12525
>>
>> Should this not be limited to 127.0.0.1 (or other configurable) address?
> You're right. I have totally forgotten that option when I tried to restrict
> access to that port. After I realized that I first have to accept() a request
> before I can reject (i.e. parse and close()) it I have dropped that ACL idea,
> and with that any thinking of the option to bind only to a specific address.
> I'm not certain whether it would be worth the trouble to support a set of
> IPs
> to bind to. Suggestions? We would have to create for each IP an own
> listener
> and to select over those and to maintain those.
Thanks for getting that done so quickly. Personally I'm happy as far as only
having one (or all) listening address(s) goes.
After I installed 0.1.13 beta over the top of 0.1.13 beta 1, I got:
Aug 26 14:25:29 sfa postfix/policydweight[6299]: warning: cache: syntax
error in file /etc/policyd-weight.conf: Global symbol "$BIND_ADDRESS"
requires explicit package name at (eval 15) line 15.
This is after I stopped policyd-weight and the cache. Looks like I
should have also deleted the cache file after doing so. A reboot must
have done it for me. I assume /tmp/policyd-weight is the cache file I
should have deleted (after stopping the processes).
########################################
I am confused about something. You say:
$DEFER_ACTION = "450"; # possible values: DEFER_IF_PERMIT,
# DEFER_IFREJECT,
# 4xx response codes. See also access(5)
$DEFER_LEVEL = 5; # DEFER mail only up to this level
# scores greater than DEFER_LEVEL will be
# rejected
So I would think at a score of 1.5, policyd-weight would send a 450
code, but I see a 550 code:
Aug 26 14:31:54 sfa postfix/policydweight[2543]: weighted check:
NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 NOT_IN_SPAMCOP=-1.5
CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from:
.example. - helo: .gary.) FROM_NOT_FAILED_HELO=3
<client=192.168.1.41> <helo=gary> <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>, rate: 1.5
Aug 26 14:31:54 sfa postfix/policydweight[2543]: decided action=550
Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator
to correct HELO and DNS MX settings or to get removed from DNSBLs;
MTA helo: gary, MTA hostname: unknown[192.168.1.41] (helo/hostname mismatch)
Aug 26 14:31:54 sfa postfix/smtpd[2539]: NOQUEUE: reject:
RCPT from unknown[192.168.1.41]: 550 <[EMAIL PROTECTED]>: Recipient
address rejected: Mail appeared to be SPAM or forged. Ask your
Mail/DNS-Administrator to correct HELO and DNS MX settings or to
get removed from DNSBLs; MTA helo: gary, MTA hostname:
unknown[192.168.1.41] (helo/hostname mismatch); from=<[EMAIL PROTECTED]>
to=<[EMAIL PROTECTED]> proto=ESMTP helo=<gary>
Maybe I don't understand. Personally, I would rather see the 5xx code
as happened here. If mail is going to get rejected in the end, the
sooner the better. Otherwise it may take days for the sender of
legitimate mail to be notified their message was not delivered. Unless
you want to constantly monitor when policyd-weight sends 450 codes,
and then manually whitelist chosen clients, I don't see why a
mechanism like policyd-weight would ever want to say there has been a
temporary failure.
Gary V
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
