On Fri, May 18, 2007 at 09:53:21PM +0200, [EMAIL PROTECTED] wrote:
>
> I did now some more tests and it is not my changes. Without any configuration
> I get as well:
> rate: -5.5
>
> So it must be my configuration. As soon as I activate my configuration then I
> get values above 2.0.
>
> I was suspecting that p0f is the problem but it does not look like p0f is the
> one to blame (the lookup is empty since the entry in p0f is now gone):
> 21:39:53 info: p0f_lookup: looking up 209.11.164.54
> 21:39:53 info: p0f_lookup: success: 209.11.164.54 => ""
> 21:39:53 info: weighted check: IN_DNSWL=-0.5 IN_NERD-US=2.044
> NOT_IN_SPAMCOP=-1.5 NOT_IN_ZEN_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5
> CL_IP_EQ_HELO_IP=-2 (check from: .sun. - helo: .mh.sunmicrosystemsinc.m0. -
> helo-domain: .m0.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386
> CLIENT_NOT_MX/A_FROM_DOMAIN=3.044 CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044
> <client=209.11.164.54> <helo=mh.sunmicrosystemsinc.m0.net> <[EMAIL
> PROTECTED]> <to=> <helo_ips: 209.11.136.89 209.11.136.89 209.11.137.36
> 88.221.33.195 150.143.60.6 150.143.103.14 150.143.103.24 150.143.103.54
> 150.143.103.74 192.12.251.34 192.12.251.54 192.12.251.74 192.12.251.14
> 192.5.209.6 192.18.98.43 192.18.43.24 192.18.98.31 192.18.98.36 192.18.43.25
> 192.18.98.34 72.5.124.61 209.11.164.54>, rate: 2.518
> 21:39:53 info: cache_query: nadd 209.11.164.54 2.518
> 21:39:53 info: cache_query: "nadd209.11.164.54 0" vs "nadd209.11.164.54 "
> 21:39:53 info: decided action=550 Mail appeared to be SPAM or forged. Ask
> your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get
> removed from DNSBLs; please relay via your ISP (mail.communications.sun.com);
> delay: 2s
> action=550 Mail appeared to be SPAM or forged. Ask your
> Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed
> from DNSBLs; please relay via your ISP (mail.communications.sun.com)
>
> Do you know where the 3 variables get filled?
> FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386
> CLIENT_NOT_MX/A_FROM_DOMAIN=3.044
> CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044
Yes, but this checks can be triggered through other results.
> The only huge change in the config is p0f and the gazillion (I know, I know,
> more is not better) of DNSBL / RHBL and $MAXDNSBLHITS=4 and $MAXDNSBLSCORE=8.
>
> How can it be that I influence with that the above mentioned variables?
>
>
> I now disabled the p0f part from my configuration and was able to use the
> exact same config for the original beta-5 and guess what? I get the same
> result as with the patched version. So it looks like that something in my
> config is influencing the 3 above mentioned variables. Should I post my
> config?
I do need your version and your config to determine things.
Thanks.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
