> Hello list I have installed 0.1.14 beta-5 on my server and have now
> different scoring then with beta-3. beta-5: May 18 18:49:19 mail
> postfix/policyd-weight[19862]: weighted check: IN_DNSWL=-0.5
> IN_NERD-US=2.044 NOT_IN_SPAMCOP=-1.5 NOT_IN_ZEN_SPAMHAUS=-1.5
> NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .sun. - helo:
> .mh.sunmicrosystemsinc.m0. - helo-domain: .m0.) FROM/MX_MATCHES_NOT_HELO
> (DOMAIN)=1.386 CLIENT_NOT_MX/A_FROM_DOMAIN=3.044 CLIENT/24_NOT_MX/A_FROM_DOMA
> IN=3.044 P0F_UNIX=-1.5 <client=209.11.164.54> <helo=mh.sunmicrosystemsinc.m0.
> net> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]
> main.tld>, rate: 1.018 May 18 18:49:19 mail postfix/policyd-weight[19862]:
> decided action=550 Mail appeared to be SPAM or forged. Ask your
> Mail/DNS-Administrator to correct HELO and DNS MX settings or to get
> removed from DNSBLs; please relay via your ISP (mail.communications.sun.com);
> delay: 5s
>
>
> beta-3: May 6 08:52:36 mail postfix/policyd-weight[32552]: weighted
> check: IN_DNSWL=-0.5 IN_NERD-US=2.044 NOT_IN_SPAMCOP=-1.5 NOT_IN_ZEN_SPAMHAU
> S=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .hp. -
> helo: .mh.hp.m0. - helo-domain: .m0.) FROM/MX_MATCHES_HELO(DOMAIN)=-2
> P0F_UNIX=-1.5 <client=209.11.164.98> <helo=mh.hp.m0.net> <[EMAIL PROTECTED]
> .com> <[EMAIL PROTECTED]>, rate: -8.456 May 6 08:52:36
> mail postfix/policyd-weight[32552]: decided action=PREPEND X-policyd-weight:
> IN_DNSWL=-0.5 IN_NERD-US=2.044 NOT_IN_SPAMCOP=-1.5 NOT_IN_ZEN_SPAMHAUS=-1.5
> NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .hp. - helo:
> .mh.hp.m0. -helo-domain: .m0.) FROM/MX_MATCHES_HELO(DOMAIN)=-2
> P0F_UNIX=-1.5 <client=209.11.164.98> <helo=mh.hp.m0.net> <[EMAIL PROTECTED]
> .com> <[EMAIL PROTECTED]>, rate: -8.456; delay: 7s
>
>
>
> I know, I know... It is not the same sub-domain. But the host is the
> same. Why is now the mail rejected? What is wrong?
>
> It is very hard to understand policyd-weight rejecting mechanism. The
> only obvious values are:
> - $DEFER_LEVEL
> - $MAXDNSBLHITS
> - $MAXDNSBLSCORE
>
> My values are:
> $DEFER_LEVEL = 5;
> $MAXDNSBLHITS = 4;
> $MAXDNSBLSCORE = 8;
>
>
> The score in the example (with beta-5) is 1.018 and the mail still
> gets rejected. This is like black magic to me.
>
> I think the reason for the reject are:
> FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386
> CLIENT_NOT_MX/A_FROM_DOMAIN=3.044
> CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044
>
Also you scored against the message because it came from the US:
> IN_NERD-US=2.044
>
> Can any one explain the logic behind this scoring? How can this scoring be
> influenced?
>
first, the examples you show have nothing in common, different hosts,
different domains, different helos, etc. so there is no reason to expect
the same score.
As for the reject level, near the top of the config:
$REJECTLEVEL = 1.0; # Mails with scores which exceed this
# REJECTLEVEL will be rejected
I don't think the defer level is used, unless it is lower than the
reject level?
--
Kenny Dail <[EMAIL PROTECTED]>
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
