On Fri, May 18, 2007 at 08:31:11PM +0200, [EMAIL PROTECTED] wrote: > Hello list > > I have installed 0.1.14 beta-5 on my server and have now different scoring > then with beta-3. > > beta-5: > May 18 18:49:19 mail postfix/policyd-weight[19862]: weighted check: > IN_DNSWL=-0.5 IN_NERD-US=2.044 NOT_IN_SPAMCOP=-1.5 NOT_IN_ZEN_SPAMHAUS=-1.5 > NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .sun. - helo: > .mh.sunmicrosystemsinc.m0. - helo-domain: .m0.) > FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386 CLIENT_NOT_MX/A_FROM_DOMAIN=3.044 > CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044 P0F_UNIX=-1.5 <client=209.11.164.54> > <helo=mh.sunmicrosystemsinc.m0.net> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>, > rate: 1.018 > May 18 18:49:19 mail postfix/policyd-weight[19862]: decided action=550 Mail > appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct > HELO and DNS MX settings or to get removed from DNSBLs; please relay via your > ISP (mail.communications.sun.com); delay: 5s
Can your reproduce this, eg: echo "helo_name=mh.sunmicrosystemsinc.m0.net [EMAIL PROTECTED] client_address=209.11.164.54 request=smtpd_access_policy " | 0.1.14.5/policyd-weight -d gives here: 21:04:07 info: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .sun. - helo: .mh.sunmicrosystemsinc.m0. - helo-domain: .m0.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1 <client=209.11.164.54> <helo=mh.sunmicrosystemsinc.m0.net> <[EMAIL PROTECTED]> <to=> <helo_ips: 209.11.136.89 209.11.136.89 209.11.137.36 88.221.1.195 192.12.251.54 192.12.251.74 192.12.251.14 192.12.251.34 192.5.209.6 192.18.98.34 192.18.43.25 192.18.98.36 192.18.98.43 192.18.43.24 192.18.98.31 150.143.103.24 150.143.103.54 150.143.103.74 150.143.60.6 150.143.103.14 72.5.124.61 209.11.164.54>, rate: -5.5; delay: 1s > I know, I know... It is not the same sub-domain. But the host is the same. > Why is now the mail rejected? What is wrong? > > It is very hard to understand policyd-weight rejecting mechanism. The only > obvious values are: > - $DEFER_LEVEL > - $MAXDNSBLHITS > - $MAXDNSBLSCORE > > My values are: > $DEFER_LEVEL = 5; DEFER_LEVEL is for 4xx responses, i.e. if the DEFER_STRING contains a word which is listed in the log message then the action is altered to DEFER_ACTION but ONLY if the score is higher than REJECT_LEVEL and lower/eqal DEVER_LEVEL. This is a safety mechanism for questionable checks. > $MAXDNSBLHITS = 4; > $MAXDNSBLSCORE = 8; > > > The score in the example (with beta-5) is 1.018 and the mail still gets > rejected. This is like black magic to me. > > I think the reason for the reject are: > FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386 ... > CLIENT_NOT_MX/A_FROM_DOMAIN=3.044 > CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044 Those indeed are suspicious. If you can reproduce it, please send me your version (as you run an own patched version). -- Robert Felber (PGP: 896CF30B) Munich, Germany ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/