On Fri, May 18, 2007 at 11:19:45PM +0200, [EMAIL PROTECTED] wrote: > > -------- Original-Nachricht -------- > Datum: Fri, 18 May 2007 22:47:56 +0200 > Von: Robert Felber <[EMAIL PROTECTED]> > An: policyd-weight-list@ek-muc.de > Betreff: Re: Strange scoring with 0.1.14 beta-5 > > > On Fri, May 18, 2007 at 10:18:41PM +0200, [EMAIL PROTECTED] wrote: > > > @dnsbl_score = ( > > > 'sa-hil.habeas.com', 8.00, 0, > > 'HIL-HABEAS', > > > 'sa-hul.habeas.com', -1.00, 0, > > 'HUL-HABEAS', > > > 'sa-trusted.bondedsender.org', -4.25, 0, > > 'TRUSTED-BONDESENDER', > > > 'sa-other.bondedsender.org', -4.25, 0, > > 'OTHER-BONDESENDER', > > > 'wl.trusted-forwarder.org', -0.50, 0, > > 'T-FWL-DNSWL', > > > 'list.dnswl.org', -0.50, 0, 'DNSWL', > > > 'white.dnsbl.securityplanet.nl', -0.70, 0, > > 'SECURITYPLANETWL', > > > 'exemptions.ahbl.org', -1.00, 0, > > 'EXEMPTIONS-AHBL', > > > 'ch.countries.nerd.dk', -1.00, 0, 'NERD-CH', > > > 'se.countries.nerd.dk', -1.00, 0, 'NERD-SE', > > > 'us.countries.nerd.dk', 2.044, 0, 'NERD-US', > > > > > > This has a hit. > > And - the client meets ~ 4 conditions for > > > > CLIENT_NOT_MX/A_FROM_DOMAIN > > CLIENT/24_NOT_MX/A_FROM_DOMAIN > > > > >>From the code: > > > > ## client == MX/A FROM domain > > ################################################# > > > > if( > > ($mx_ok != 1) && > > ( > > ($do_client_from_check) && > > ($dnsbl_hits > 0) > > ) > > ) > > > > $mx_ok wasn't 1 > > do_client from check was 1 because helo (domains) didn't appear > > to be responsible for sender domain (Arguments and sender MX results) > > $dnsbl_hits was greater 0 > > Subnets of the client didn't match sender A/MX subnets > > > > > > Solution, lower the score for us.countries.nerd.dk > > > > With 1.044 the client passes here with -0.732 > > > Okay. Thanks for explaining. > > It is strange that the SUN news letter does not pass but the HP alert passes:
Ok, another piece: senderA = your .hp. com heloA = mh .hp. m0.net The sender, resp. MX match with 'hp' against the helo senderB = mail.communications.sun.com heloB = mh.sunmicrosystemsinc.m0.net the sender, resp. MXes of sun.com do not match stringwise with 'sunmicrosystemsinc' Usually this has not much effect - unless the client is also RBL listed. Which is the case. Thus, decrease the according RBL score, as suggested in the previous mail. (Sidenote: this check was introduced because it was the only way to reject sober/sobig without breaking forwarding per se). -- Robert Felber (PGP: 896CF30B) Munich, Germany ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/