-------- Original-Nachricht -------- Datum: Fri, 18 May 2007 22:04:36 +0200 Von: Robert Felber <[EMAIL PROTECTED]> An: policyd-weight-list@ek-muc.de Betreff: Re: Strange scoring with 0.1.14 beta-5
> On Fri, May 18, 2007 at 09:53:21PM +0200, [EMAIL PROTECTED] wrote: > > > > I did now some more tests and it is not my changes. Without any > configuration I get as well: > > rate: -5.5 > > > > So it must be my configuration. As soon as I activate my configuration > then I get values above 2.0. > > > > I was suspecting that p0f is the problem but it does not look like p0f > is the one to blame (the lookup is empty since the entry in p0f is now > gone): > > 21:39:53 info: p0f_lookup: looking up 209.11.164.54 > > 21:39:53 info: p0f_lookup: success: 209.11.164.54 => "" > > 21:39:53 info: weighted check: IN_DNSWL=-0.5 IN_NERD-US=2.044 > NOT_IN_SPAMCOP=-1.5 NOT_IN_ZEN_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 > CL_IP_EQ_HELO_IP=-2 (check from: .sun. - helo: .mh.sunmicrosystemsinc.m0. - > helo-domain: > .m0.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386 > CLIENT_NOT_MX/A_FROM_DOMAIN=3.044 > CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044 <client=209.11.164.54> > <helo=mh.sunmicrosystemsinc.m0.net> <[EMAIL PROTECTED]> <to=> > <helo_ips: 209.11.136.89 209.11.136.89 209.11.137.36 88.221.33.195 > 150.143.60.6 150.143.103.14 150.143.103.24 150.143.103.54 150.143.103.74 > 192.12.251.34 192.12.251.54 192.12.251.74 192.12.251.14 192.5.209.6 > 192.18.98.43 > 192.18.43.24 192.18.98.31 192.18.98.36 192.18.43.25 192.18.98.34 72.5.124.61 > 209.11.164.54>, rate: 2.518 > > 21:39:53 info: cache_query: nadd 209.11.164.54 2.518 > > 21:39:53 info: cache_query: "nadd209.11.164.54 0" vs "nadd209.11.164.54 > " > > 21:39:53 info: decided action=550 Mail appeared to be SPAM or forged. > Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get > removed from DNSBLs; please relay via your ISP > (mail.communications.sun.com); delay: 2s > > action=550 Mail appeared to be SPAM or forged. Ask your > Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed > from DNSBLs; > please relay via your ISP (mail.communications.sun.com) > > > > Do you know where the 3 variables get filled? > > FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.386 > > CLIENT_NOT_MX/A_FROM_DOMAIN=3.044 > > CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.044 > > Yes, but this checks can be triggered through other results. > > > The only huge change in the config is p0f and the gazillion (I know, I > know, more is not better) of DNSBL / RHBL and $MAXDNSBLHITS=4 and > $MAXDNSBLSCORE=8. > > > > How can it be that I influence with that the above mentioned variables? > > > > > > I now disabled the p0f part from my configuration and was able to use > the exact same config for the original beta-5 and guess what? I get the same > result as with the patched version. So it looks like that something in my > config is influencing the 3 above mentioned variables. Should I post my > config? > > I do need your version and your config to determine things. > Thanks. > here you go: $DEBUG = 0; $REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs"; $REJECTLEVEL = 1; $DEFER_STRING = 'IN_SPAMCOP= BOGUS_MX='; $DEFER_ACTION = '450'; $DEFER_LEVEL = 5; $DNSERRMSG = '450 No DNS entries for your MTA, HELO and Domain. Contact YOUR administrator'; $dnsbl_checks_only = 0; $LOG_BAD_RBL_ONLY = 1; @dnsbl_score = ( 'sa-hil.habeas.com', 8.00, 0, 'HIL-HABEAS', 'sa-hul.habeas.com', -1.00, 0, 'HUL-HABEAS', 'sa-trusted.bondedsender.org', -4.25, 0, 'TRUSTED-BONDESENDER', 'sa-other.bondedsender.org', -4.25, 0, 'OTHER-BONDESENDER', 'wl.trusted-forwarder.org', -0.50, 0, 'T-FWL-DNSWL', 'list.dnswl.org', -0.50, 0, 'DNSWL', 'white.dnsbl.securityplanet.nl', -0.70, 0, 'SECURITYPLANETWL', 'exemptions.ahbl.org', -1.00, 0, 'EXEMPTIONS-AHBL', 'ch.countries.nerd.dk', -1.00, 0, 'NERD-CH', 'se.countries.nerd.dk', -1.00, 0, 'NERD-SE', 'us.countries.nerd.dk', 2.044, 0, 'NERD-US', 'cn.countries.nerd.dk', 0.376, 0, 'NERD-CN', 'ru.countries.nerd.dk', 0.256, 0, 'NERD-RU', 'jp.countries.nerd.dk', 0.180, 0, 'NERD-JP', 'uk.countries.nerd.dk', 0.160, 0, 'NERD-UK', 'kr.countries.nerd.dk', 0.160, 0, 'NERD-KR', 'hk.countries.nerd.dk', 0.151, 0, 'NERD-HK', 'ca.countries.nerd.dk', 0.131, 0, 'NERD-CA', 'tw.countries.nerd.dk', 0.129, 0, 'NERD-TW', 'nl.countries.nerd.dk', 0.127, 0, 'NERD-NL', 'dynablock.njabl.org', 3.25, 0, 'DYN_NJABL', 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', 'AS5617.rbl.cluecentral.net', 2.500, 0.00, 'AS5617', 'AS4134.rbl.cluecentral.net', 1.606, 0.00, 'AS4134', 'AS4766.rbl.cluecentral.net', 0.615, 0.00, 'AS4766', 'AS4837.rbl.cluecentral.net', 0.382, 0.00, 'AS4837', 'AS4814.rbl.cluecentral.net', 0.380, 0.00, 'AS4814', 'AS3269.rbl.cluecentral.net', 0.363, 0.00, 'AS3269', 'AS17858.rbl.cluecentral.net', 0.328, 0.00, 'AS17858', 'AS4755.rbl.cluecentral.net', 0.315, 0.00, 'AS4755', 'AS9394.rbl.cluecentral.net', 0.230, 0.00, 'AS9394', 'AS17849.rbl.cluecentral.net', 0.215, 0.00, 'AS17849', 'AS8075.rbl.cluecentral.net', 0.201, 0.00, 'AS8075', 'AS9121.rbl.cluecentral.net', 0.108, 0.00, 'AS9121', 'AS24138.rbl.cluecentral.net', 0.108, 0.00, 'AS24138', 'AS4788.rbl.cluecentral.net', 0.102, 0.00, 'AS4788', 'AS7132.rbl.cluecentral.net', 0.094, 0.00, 'AS7132', 'AS14780.rbl.cluecentral.net', 0.094, 0.00, 'AS14780', 'AS12424.rbl.cluecentral.net', 0.093, 0.00, 'AS12424', 'AS8346.rbl.cluecentral.net', 0.074, 0.00, 'AS8346', 'AS9318.rbl.cluecentral.net', 0.068, 0.00, 'AS9318', 'AS7470.rbl.cluecentral.net', 0.066, 0.00, 'AS7470', 'AS3786.rbl.cluecentral.net', 0.060, 0.00, 'AS3786', 'zen.spamhaus.org', 4.35, -1.50, 'ZEN_SPAMHAUS', 'no-more-funn.moensted.dk', 3.25, 0, 'NO-MORE-FUNN', 'psbl.surriel.com', 2.00, 0, 'PSBL-SURIEL', 'multihop.dsbl.org', 0.50, 0, 'DNSBL_MULTIHOP', 't1.dnsbl.net.au', 3.25, 0, 'AUDNSBL', 'combined.rbl.msrbl.net', 4.25, 0, 'MSRBL', 'zebl.zoneedit.com', 3.25, 0, 'ZEBL', 'dnsrbl.swinog.ch', 4.25, 0, 'SWINOG-DNSRBL', 'wormrbl.imp.ch', 2.25, 0, 'IMP-WORMS', 'spamrbl.imp.ch', 2.25, 0, 'IMP-SPAM', 'rbl.interserver.net', 2.25, 0, 'INTERSERVER', 'dnsbl-1.uceprotect.net', 3.00, 0, 'UCEPROTECT_LEVEL1', 'dnsbl-2.uceprotect.net', 1.50, 0, 'UCEPROTECT_LEVEL2', 'dnsbl-3.uceprotect.net', 0.75, 0, 'UCEPROTECT_LEVEL3', 'fresh.dict.rbl.arix.com', 3.25, 0, 'ARIX-DICT-FRESH', 'stale.dict.rbl.arix.com', 1.25, 0, 'ARIX-DICT-STALE', 'rabl.nuclearelephant.com', 2.00, 0, 'NUCLEARELEPHANT_RABL', 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', 'list.dsbl.org', 4.35, 0, 'DSBL_ORG', 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' ); $MAXDNSBLHITS = 4; $MAXDNSBLSCORE = 8; $MAXDNSBLMSG = '550 Your MTA is listed in too many DNSBLs'; @rhsbl_score = ( 'wl.trusted-forwarder.org', -0.50, 0, 'T-FWL-RHSWL', 'ex.dnsbl.org', 1, 0, 'DNSBL_EX', 'in.dnsbl.org', 1, 0, 'DNSBL_IN', 'jwrh.dnsbl.net.au', 4, 0, 'JWRH', 'bulk.rhs.mailpolice.com', 3, 0, 'MAILPOLICE', 'blackhole.securitysage.com', 3, 0, 'SSAGE', 'rhsbl.sorbs.net', 1, 0, 'SORBS_RHSBL', 'multi.uribl.com', 3, 0, 'URIBL', 'black.dnsbl.securityplanet.nl',0.5, 0, 'SECURITYPLANETBL', 'multi.surbl.org', 4, 0, 'SURBL', 'rhsbl.ahbl.org', 4, 0, 'AHBL', 'dsn.rfc-ignorant.org', 3.5, 0, 'DSN_RFCI', 'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI', 'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI' ); $BL_ERROR_SKIP = 2; $BL_SKIP_RELEASE = 10; $LOCKPATH = '/var/lib/policyd-weight/'; $SPATH = $LOCKPATH.'/polw.sock'; $MAXIDLECACHE = 60; $MAINTENANCE_LEVEL = 5; $CACHESIZE = 2000; $CACHEMAXSIZE = 4000; $CACHEREJECTMSG = '550 temporarily blocked because of previous errors'; $NTTL = 1; $NTIME = 30; $POSCACHESIZE = 1000; $POSCACHEMAXSIZE = 2000; $POSCACHEMSG = 'using cached result'; $PTTL = 60; $PTIME = '3h'; $TEMP_PTIME = '1d'; $DNS_RETRIES = 2; $DNS_RETRY_IVAL = 2; $MAXDNSERR = 3; $MAXDNSERRMSG = 'passed - too many local DNS-errors'; $PUDP = 0; $USE_NET_DNS = 0; $IPC_TIMEOUT = 2; @client_ip_eq_helo_score = (1.5, -1.25 ); @helo_score = (1.5, -2 ); @helo_from_mx_eq_ip_score = (1.5, -3.1 ); @helo_numeric_score = (1.5, 0 ); @from_match_regex_verified_helo = (1, -2 ); @from_match_regex_unverified_helo = (1.6, -1.5 ); @from_match_regex_failed_helo = (2.5, 0 ); @helo_seems_dialup = (1.5, 0 ); @failed_helo_seems_dialup = (2, 0 ); @helo_ip_in_client_subnet = (0, -1.2 ); @helo_ip_in_cl16_subnet = (0, -0.41 ); @client_seems_dialup_score = (3.75, 0 ); @from_multiparted = (1.09, 0 ); @from_anon = (1.17, 0 ); @bogus_mx_score = (2.1, 0 ); @random_sender_score = (0.25, 0 ); @rhsbl_penalty_score = (3.1, 0 ); @enforce_dyndns_score = (3, 0 ); $VERBOSE = 0; $ADD_X_HEADER = 1; $DEFAULT_RESPONSE = 'DUNNO default'; $syslog_socktype = 'unix'; $syslog_facility = "mail"; $syslog_options = "pid"; $syslog_priority = "info"; $syslog_ident = "postfix/policyd-weight"; $USER = "polw"; $GROUP = ""; $MAX_PROC = 50; $MIN_PROC = 3; $TCP_PORT = 12525; $BIND_ADDRESS = '127.0.0.1'; $SOMAXCONN = 1024; $CHILDIDLE = 240; $PIDFILE = "/var/run/policyd-weight.pid"; > > > -- > Robert Felber (PGP: 896CF30B) > Munich, Germany > > ____________________________________________________________ > Policyd-weight Mailinglist - http://www.policyd-weight.org/ -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/