On Fri, May 18, 2007 at 08:31:11PM +0200, [EMAIL PROTECTED] wrote:
> Hello list
>
> I have installed 0.1.14 beta-5 on my server and have now different scoring
> then with beta-3.
>
> beta-5:
> May 18 18:49:19 mail postfix/policyd-weight[19862]: weighted check:
> IN_DNSWL=-0.5 IN_NERD-US=2.044 NOT_IN_SPAMCOP=-1.5 NOT_IN_ZEN_SPAMHAUS=-1.5
> NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .sun. - helo:
> .mh.sunmicrosystemsinc.m0. - helo-domain: .m0.)
> FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386 CLIENT_NOT_MX/A_FROM_DOMAIN=3.044
> CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044 P0F_UNIX=-1.5 <client=209.11.164.54>
> <helo=mh.sunmicrosystemsinc.m0.net> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>,
> rate: 1.018
> May 18 18:49:19 mail postfix/policyd-weight[19862]: decided action=550 Mail
> appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct
> HELO and DNS MX settings or to get removed from DNSBLs; please relay via your
> ISP (mail.communications.sun.com); delay: 5s
Can your reproduce this, eg:
echo "helo_name=mh.sunmicrosystemsinc.m0.net
[EMAIL PROTECTED]
client_address=209.11.164.54
request=smtpd_access_policy
" | 0.1.14.5/policyd-weight -d
gives here:
21:04:07 info: decided action=PREPEND X-policyd-weight:
NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5
CL_IP_EQ_HELO_IP=-2 (check from: .sun. - helo: .mh.sunmicrosystemsinc.m0. -
helo-domain: .m0.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1 <client=209.11.164.54>
<helo=mh.sunmicrosystemsinc.m0.net> <[EMAIL PROTECTED]> <to=> <helo_ips:
209.11.136.89 209.11.136.89 209.11.137.36 88.221.1.195 192.12.251.54
192.12.251.74 192.12.251.14 192.12.251.34 192.5.209.6 192.18.98.34 192.18.43.25
192.18.98.36 192.18.98.43 192.18.43.24 192.18.98.31 150.143.103.24
150.143.103.54 150.143.103.74 150.143.60.6 150.143.103.14 72.5.124.61
209.11.164.54>, rate: -5.5; delay: 1s
> I know, I know... It is not the same sub-domain. But the host is the same.
> Why is now the mail rejected? What is wrong?
>
> It is very hard to understand policyd-weight rejecting mechanism. The only
> obvious values are:
> - $DEFER_LEVEL
> - $MAXDNSBLHITS
> - $MAXDNSBLSCORE
>
> My values are:
> $DEFER_LEVEL = 5;
DEFER_LEVEL is for 4xx responses, i.e. if the DEFER_STRING contains
a word which is listed in the log message then the action is altered
to DEFER_ACTION but ONLY if the score is higher than REJECT_LEVEL and
lower/eqal DEVER_LEVEL. This is a safety mechanism for questionable checks.
> $MAXDNSBLHITS = 4;
> $MAXDNSBLSCORE = 8;
>
>
> The score in the example (with beta-5) is 1.018 and the mail still gets
> rejected. This is like black magic to me.
>
> I think the reason for the reject are:
> FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386
...
> CLIENT_NOT_MX/A_FROM_DOMAIN=3.044
> CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044
Those indeed are suspicious. If you can reproduce it, please send me your
version (as you run an own patched version).
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
