On Fri, May 18, 2007 at 09:53:21PM +0200, [EMAIL PROTECTED] wrote: > > I did now some more tests and it is not my changes. Without any configuration > I get as well: > rate: -5.5 > > So it must be my configuration. As soon as I activate my configuration then I > get values above 2.0. > > I was suspecting that p0f is the problem but it does not look like p0f is the > one to blame (the lookup is empty since the entry in p0f is now gone): > 21:39:53 info: p0f_lookup: looking up 209.11.164.54 > 21:39:53 info: p0f_lookup: success: 209.11.164.54 => "" > 21:39:53 info: weighted check: IN_DNSWL=-0.5 IN_NERD-US=2.044 > NOT_IN_SPAMCOP=-1.5 NOT_IN_ZEN_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 > CL_IP_EQ_HELO_IP=-2 (check from: .sun. - helo: .mh.sunmicrosystemsinc.m0. - > helo-domain: .m0.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386 > CLIENT_NOT_MX/A_FROM_DOMAIN=3.044 CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044 > <client=209.11.164.54> <helo=mh.sunmicrosystemsinc.m0.net> <[EMAIL > PROTECTED]> <to=> <helo_ips: 209.11.136.89 209.11.136.89 209.11.137.36 > 88.221.33.195 150.143.60.6 150.143.103.14 150.143.103.24 150.143.103.54 > 150.143.103.74 192.12.251.34 192.12.251.54 192.12.251.74 192.12.251.14 > 192.5.209.6 192.18.98.43 192.18.43.24 192.18.98.31 192.18.98.36 192.18.43.25 > 192.18.98.34 72.5.124.61 209.11.164.54>, rate: 2.518 > 21:39:53 info: cache_query: nadd 209.11.164.54 2.518 > 21:39:53 info: cache_query: "nadd209.11.164.54 0" vs "nadd209.11.164.54 " > 21:39:53 info: decided action=550 Mail appeared to be SPAM or forged. Ask > your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get > removed from DNSBLs; please relay via your ISP (mail.communications.sun.com); > delay: 2s > action=550 Mail appeared to be SPAM or forged. Ask your > Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed > from DNSBLs; please relay via your ISP (mail.communications.sun.com) > > Do you know where the 3 variables get filled? > FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386 > CLIENT_NOT_MX/A_FROM_DOMAIN=3.044 > CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044
Yes, but this checks can be triggered through other results. > The only huge change in the config is p0f and the gazillion (I know, I know, > more is not better) of DNSBL / RHBL and $MAXDNSBLHITS=4 and $MAXDNSBLSCORE=8. > > How can it be that I influence with that the above mentioned variables? > > > I now disabled the p0f part from my configuration and was able to use the > exact same config for the original beta-5 and guess what? I get the same > result as with the patched version. So it looks like that something in my > config is influencing the 3 above mentioned variables. Should I post my > config? I do need your version and your config to determine things. Thanks. -- Robert Felber (PGP: 896CF30B) Munich, Germany ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/