Re: Strange scoring with 0.1.14 beta-5

Fri, 18 May 2007 14:50:55 -0700 

On Fri, May 18, 2007 at 11:19:45PM +0200, [EMAIL PROTECTED] wrote:
> 
> -------- Original-Nachricht --------
> Datum: Fri, 18 May 2007 22:47:56 +0200
> Von: Robert Felber <[EMAIL PROTECTED]>
> An: policyd-weight-list@ek-muc.de
> Betreff: Re: Strange scoring with 0.1.14 beta-5
> 
> > On Fri, May 18, 2007 at 10:18:41PM +0200, [EMAIL PROTECTED] wrote:
> > >    @dnsbl_score = (
> > >     'sa-hil.habeas.com',              8.00,       0,       
> > 'HIL-HABEAS',
> > >     'sa-hul.habeas.com',             -1.00,       0,       
> > 'HUL-HABEAS',
> > >     'sa-trusted.bondedsender.org',   -4.25,       0,       
> > 'TRUSTED-BONDESENDER',
> > >     'sa-other.bondedsender.org',     -4.25,       0,       
> > 'OTHER-BONDESENDER',
> > >     'wl.trusted-forwarder.org',      -0.50,       0,       
> > 'T-FWL-DNSWL',
> > >     'list.dnswl.org',                -0.50,       0,        'DNSWL',
> > >     'white.dnsbl.securityplanet.nl', -0.70,       0,       
> > 'SECURITYPLANETWL',
> > >     'exemptions.ahbl.org',           -1.00,       0,       
> > 'EXEMPTIONS-AHBL',
> > >     'ch.countries.nerd.dk',          -1.00,       0,        'NERD-CH',
> > >     'se.countries.nerd.dk',          -1.00,       0,        'NERD-SE',
> > >     'us.countries.nerd.dk',          2.044,       0,        'NERD-US',
> > 
> > 
> > This has a hit.
> > And - the client meets ~ 4 conditions for
> > 
> > CLIENT_NOT_MX/A_FROM_DOMAIN
> > CLIENT/24_NOT_MX/A_FROM_DOMAIN
> > 
> > >>From the code:
> > 
> > ## client == MX/A FROM domain
> > #################################################
> > 
> >     if( 
> >         ($mx_ok != 1)               &&
> >         (   
> >             ($do_client_from_check) &&
> >             ($dnsbl_hits > 0)
> >         )
> >       )
> > 
> > $mx_ok wasn't 1
> > do_client from check was 1 because helo (domains) didn't appear
> > to be responsible for sender domain (Arguments and sender MX results)
> > $dnsbl_hits was greater 0
> > Subnets of the client didn't match sender A/MX subnets
> > 
> > 
> > Solution, lower the score for us.countries.nerd.dk
> > 
> > With 1.044 the client passes here with -0.732
> > 
> Okay. Thanks for explaining.
> 
> It is strange that the SUN news letter does not pass but the HP alert passes:

Ok, another piece:

senderA = your .hp. com
heloA   = mh   .hp. m0.net

The sender, resp. MX match with 'hp' against the helo


senderB = mail.communications.sun.com
heloB   = mh.sunmicrosystemsinc.m0.net

the sender, resp. MXes of sun.com do not match stringwise with 
'sunmicrosystemsinc'

Usually this has not much effect - unless the client is also
RBL listed. Which is the case. Thus, decrease the according RBL
score, as suggested in the previous mail.

(Sidenote: this check was introduced because it was the only
way to reject sober/sobig without breaking forwarding per se).





-- 
    Robert Felber (PGP: 896CF30B)
    Munich, Germany

____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/

Reply via email to