-------- Original-Nachricht --------
Datum: Fri, 18 May 2007 22:04:36 +0200
Von: Robert Felber <[EMAIL PROTECTED]>
An: policyd-weight-list@ek-muc.de
Betreff: Re: Strange scoring with 0.1.14 beta-5
> On Fri, May 18, 2007 at 09:53:21PM +0200, [EMAIL PROTECTED] wrote:
> >
> > I did now some more tests and it is not my changes. Without any
> configuration I get as well:
> > rate: -5.5
> >
> > So it must be my configuration. As soon as I activate my configuration
> then I get values above 2.0.
> >
> > I was suspecting that p0f is the problem but it does not look like p0f
> is the one to blame (the lookup is empty since the entry in p0f is now
> gone):
> > 21:39:53 info: p0f_lookup: looking up 209.11.164.54
> > 21:39:53 info: p0f_lookup: success: 209.11.164.54 => ""
> > 21:39:53 info: weighted check: IN_DNSWL=-0.5 IN_NERD-US=2.044
> NOT_IN_SPAMCOP=-1.5 NOT_IN_ZEN_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5
> CL_IP_EQ_HELO_IP=-2 (check from: .sun. - helo: .mh.sunmicrosystemsinc.m0. -
> helo-domain:
> .m0.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386
> CLIENT_NOT_MX/A_FROM_DOMAIN=3.044
> CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044 <client=209.11.164.54>
> <helo=mh.sunmicrosystemsinc.m0.net> <[EMAIL PROTECTED]> <to=>
> <helo_ips: 209.11.136.89 209.11.136.89 209.11.137.36 88.221.33.195
> 150.143.60.6 150.143.103.14 150.143.103.24 150.143.103.54 150.143.103.74
> 192.12.251.34 192.12.251.54 192.12.251.74 192.12.251.14 192.5.209.6
> 192.18.98.43
> 192.18.43.24 192.18.98.31 192.18.98.36 192.18.43.25 192.18.98.34 72.5.124.61
> 209.11.164.54>, rate: 2.518
> > 21:39:53 info: cache_query: nadd 209.11.164.54 2.518
> > 21:39:53 info: cache_query: "nadd209.11.164.54 0" vs "nadd209.11.164.54
> "
> > 21:39:53 info: decided action=550 Mail appeared to be SPAM or forged.
> Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get
> removed from DNSBLs; please relay via your ISP
> (mail.communications.sun.com); delay: 2s
> > action=550 Mail appeared to be SPAM or forged. Ask your
> Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed
> from DNSBLs;
> please relay via your ISP (mail.communications.sun.com)
> >
> > Do you know where the 3 variables get filled?
> > FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386
> > CLIENT_NOT_MX/A_FROM_DOMAIN=3.044
> > CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044
>
> Yes, but this checks can be triggered through other results.
>
> > The only huge change in the config is p0f and the gazillion (I know, I
> know, more is not better) of DNSBL / RHBL and $MAXDNSBLHITS=4 and
> $MAXDNSBLSCORE=8.
> >
> > How can it be that I influence with that the above mentioned variables?
> >
> >
> > I now disabled the p0f part from my configuration and was able to use
> the exact same config for the original beta-5 and guess what? I get the same
> result as with the patched version. So it looks like that something in my
> config is influencing the 3 above mentioned variables. Should I post my
> config?
>
> I do need your version and your config to determine things.
> Thanks.
>
here you go:
$DEBUG = 0;
$REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your
Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed
from DNSBLs";
$REJECTLEVEL = 1;
$DEFER_STRING = 'IN_SPAMCOP= BOGUS_MX=';
$DEFER_ACTION = '450';
$DEFER_LEVEL = 5;
$DNSERRMSG = '450 No DNS entries for your MTA, HELO and Domain.
Contact YOUR administrator';
$dnsbl_checks_only = 0;
$LOG_BAD_RBL_ONLY = 1;
@dnsbl_score = (
'sa-hil.habeas.com', 8.00, 0, 'HIL-HABEAS',
'sa-hul.habeas.com', -1.00, 0, 'HUL-HABEAS',
'sa-trusted.bondedsender.org', -4.25, 0,
'TRUSTED-BONDESENDER',
'sa-other.bondedsender.org', -4.25, 0, 'OTHER-BONDESENDER',
'wl.trusted-forwarder.org', -0.50, 0, 'T-FWL-DNSWL',
'list.dnswl.org', -0.50, 0, 'DNSWL',
'white.dnsbl.securityplanet.nl', -0.70, 0, 'SECURITYPLANETWL',
'exemptions.ahbl.org', -1.00, 0, 'EXEMPTIONS-AHBL',
'ch.countries.nerd.dk', -1.00, 0, 'NERD-CH',
'se.countries.nerd.dk', -1.00, 0, 'NERD-SE',
'us.countries.nerd.dk', 2.044, 0, 'NERD-US',
'cn.countries.nerd.dk', 0.376, 0, 'NERD-CN',
'ru.countries.nerd.dk', 0.256, 0, 'NERD-RU',
'jp.countries.nerd.dk', 0.180, 0, 'NERD-JP',
'uk.countries.nerd.dk', 0.160, 0, 'NERD-UK',
'kr.countries.nerd.dk', 0.160, 0, 'NERD-KR',
'hk.countries.nerd.dk', 0.151, 0, 'NERD-HK',
'ca.countries.nerd.dk', 0.131, 0, 'NERD-CA',
'tw.countries.nerd.dk', 0.129, 0, 'NERD-TW',
'nl.countries.nerd.dk', 0.127, 0, 'NERD-NL',
'dynablock.njabl.org', 3.25, 0, 'DYN_NJABL',
'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP',
'AS5617.rbl.cluecentral.net', 2.500, 0.00, 'AS5617',
'AS4134.rbl.cluecentral.net', 1.606, 0.00, 'AS4134',
'AS4766.rbl.cluecentral.net', 0.615, 0.00, 'AS4766',
'AS4837.rbl.cluecentral.net', 0.382, 0.00, 'AS4837',
'AS4814.rbl.cluecentral.net', 0.380, 0.00, 'AS4814',
'AS3269.rbl.cluecentral.net', 0.363, 0.00, 'AS3269',
'AS17858.rbl.cluecentral.net', 0.328, 0.00, 'AS17858',
'AS4755.rbl.cluecentral.net', 0.315, 0.00, 'AS4755',
'AS9394.rbl.cluecentral.net', 0.230, 0.00, 'AS9394',
'AS17849.rbl.cluecentral.net', 0.215, 0.00, 'AS17849',
'AS8075.rbl.cluecentral.net', 0.201, 0.00, 'AS8075',
'AS9121.rbl.cluecentral.net', 0.108, 0.00, 'AS9121',
'AS24138.rbl.cluecentral.net', 0.108, 0.00, 'AS24138',
'AS4788.rbl.cluecentral.net', 0.102, 0.00, 'AS4788',
'AS7132.rbl.cluecentral.net', 0.094, 0.00, 'AS7132',
'AS14780.rbl.cluecentral.net', 0.094, 0.00, 'AS14780',
'AS12424.rbl.cluecentral.net', 0.093, 0.00, 'AS12424',
'AS8346.rbl.cluecentral.net', 0.074, 0.00, 'AS8346',
'AS9318.rbl.cluecentral.net', 0.068, 0.00, 'AS9318',
'AS7470.rbl.cluecentral.net', 0.066, 0.00, 'AS7470',
'AS3786.rbl.cluecentral.net', 0.060, 0.00, 'AS3786',
'zen.spamhaus.org', 4.35, -1.50, 'ZEN_SPAMHAUS',
'no-more-funn.moensted.dk', 3.25, 0, 'NO-MORE-FUNN',
'psbl.surriel.com', 2.00, 0, 'PSBL-SURIEL',
'multihop.dsbl.org', 0.50, 0, 'DNSBL_MULTIHOP',
't1.dnsbl.net.au', 3.25, 0, 'AUDNSBL',
'combined.rbl.msrbl.net', 4.25, 0, 'MSRBL',
'zebl.zoneedit.com', 3.25, 0, 'ZEBL',
'dnsrbl.swinog.ch', 4.25, 0, 'SWINOG-DNSRBL',
'wormrbl.imp.ch', 2.25, 0, 'IMP-WORMS',
'spamrbl.imp.ch', 2.25, 0, 'IMP-SPAM',
'rbl.interserver.net', 2.25, 0, 'INTERSERVER',
'dnsbl-1.uceprotect.net', 3.00, 0, 'UCEPROTECT_LEVEL1',
'dnsbl-2.uceprotect.net', 1.50, 0, 'UCEPROTECT_LEVEL2',
'dnsbl-3.uceprotect.net', 0.75, 0, 'UCEPROTECT_LEVEL3',
'fresh.dict.rbl.arix.com', 3.25, 0, 'ARIX-DICT-FRESH',
'stale.dict.rbl.arix.com', 1.25, 0, 'ARIX-DICT-STALE',
'rabl.nuclearelephant.com', 2.00, 0,
'NUCLEARELEPHANT_RABL',
'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL',
'list.dsbl.org', 4.35, 0, 'DSBL_ORG',
'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU'
);
$MAXDNSBLHITS = 4;
$MAXDNSBLSCORE = 8;
$MAXDNSBLMSG = '550 Your MTA is listed in too many DNSBLs';
@rhsbl_score = (
'wl.trusted-forwarder.org', -0.50, 0, 'T-FWL-RHSWL',
'ex.dnsbl.org', 1, 0, 'DNSBL_EX',
'in.dnsbl.org', 1, 0, 'DNSBL_IN',
'jwrh.dnsbl.net.au', 4, 0, 'JWRH',
'bulk.rhs.mailpolice.com', 3, 0, 'MAILPOLICE',
'blackhole.securitysage.com', 3, 0, 'SSAGE',
'rhsbl.sorbs.net', 1, 0, 'SORBS_RHSBL',
'multi.uribl.com', 3, 0, 'URIBL',
'black.dnsbl.securityplanet.nl',0.5, 0, 'SECURITYPLANETBL',
'multi.surbl.org', 4, 0, 'SURBL',
'rhsbl.ahbl.org', 4, 0, 'AHBL',
'dsn.rfc-ignorant.org', 3.5, 0, 'DSN_RFCI',
'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI',
'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI'
);
$BL_ERROR_SKIP = 2;
$BL_SKIP_RELEASE = 10;
$LOCKPATH = '/var/lib/policyd-weight/';
$SPATH = $LOCKPATH.'/polw.sock';
$MAXIDLECACHE = 60;
$MAINTENANCE_LEVEL = 5;
$CACHESIZE = 2000;
$CACHEMAXSIZE = 4000;
$CACHEREJECTMSG = '550 temporarily blocked because of previous errors';
$NTTL = 1;
$NTIME = 30;
$POSCACHESIZE = 1000;
$POSCACHEMAXSIZE = 2000;
$POSCACHEMSG = 'using cached result';
$PTTL = 60;
$PTIME = '3h';
$TEMP_PTIME = '1d';
$DNS_RETRIES = 2;
$DNS_RETRY_IVAL = 2;
$MAXDNSERR = 3;
$MAXDNSERRMSG = 'passed - too many local DNS-errors';
$PUDP = 0;
$USE_NET_DNS = 0;
$IPC_TIMEOUT = 2;
@client_ip_eq_helo_score = (1.5, -1.25 );
@helo_score = (1.5, -2 );
@helo_from_mx_eq_ip_score = (1.5, -3.1 );
@helo_numeric_score = (1.5, 0 );
@from_match_regex_verified_helo = (1, -2 );
@from_match_regex_unverified_helo = (1.6, -1.5 );
@from_match_regex_failed_helo = (2.5, 0 );
@helo_seems_dialup = (1.5, 0 );
@failed_helo_seems_dialup = (2, 0 );
@helo_ip_in_client_subnet = (0, -1.2 );
@helo_ip_in_cl16_subnet = (0, -0.41 );
@client_seems_dialup_score = (3.75, 0 );
@from_multiparted = (1.09, 0 );
@from_anon = (1.17, 0 );
@bogus_mx_score = (2.1, 0 );
@random_sender_score = (0.25, 0 );
@rhsbl_penalty_score = (3.1, 0 );
@enforce_dyndns_score = (3, 0 );
$VERBOSE = 0;
$ADD_X_HEADER = 1;
$DEFAULT_RESPONSE = 'DUNNO default';
$syslog_socktype = 'unix';
$syslog_facility = "mail";
$syslog_options = "pid";
$syslog_priority = "info";
$syslog_ident = "postfix/policyd-weight";
$USER = "polw";
$GROUP = "";
$MAX_PROC = 50;
$MIN_PROC = 3;
$TCP_PORT = 12525;
$BIND_ADDRESS = '127.0.0.1';
$SOMAXCONN = 1024;
$CHILDIDLE = 240;
$PIDFILE = "/var/run/policyd-weight.pid";
>
>
> --
> Robert Felber (PGP: 896CF30B)
> Munich, Germany
>
> ____________________________________________________________
> Policyd-weight Mailinglist - http://www.policyd-weight.org/
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
