postscreen scoring questions (was: questions about multiple matches)

Thu, 11 Aug 2022 13:42:04 -0700 

After some delay, I have verified that postscreen_dnsbl_sites works
as promised: it adds up the scores from all matching patterns.

This verification required some infrastructure to test postscreen's
scoring code outside of postscreen. I have written a half-dozen
tests to ensure that future changes in hat code will not introduce
changes (i.e. mistakes).

Peter:
> First off my goal is that I want all zen.spamhaus.org entries to have a 
> score of 3 except for CSS entries which should have a score of 2.  zen 
> returns 127.0.0.n for all entries and CSS specifically returns 127.0.0.3.
> 
> What I think I can do is this:
> 
> postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[1..255]*3
>    zen.spamhaus.org=127.0.0.3*-1
> 
> So presumably if 127.0.0.3 is returned it will initially get a score of 
> 3 but then decrement it by 1 so it ends up with a score of 2, so first 
> question: Will this work the way I want it to?

postscreen takes the weight from each matching pattern, and adds
up those weights.

 3 from zen.spamhaus.org=127.0.0.[1..255]*3 (because this pattern matches)
-1 from zen.spamhaus.org=127.0.0.3*-1 (because this pattern matches)
==+
 2

It does not matter whether the patterns specify the same provider
domain or different domains. It only matters that a pattern matches.

> Next question: What happens if zen returns multiple responses:
> 127.0.0.10
> 127.0.0.3
> 
> Will it score 2, 3, 5 or something else?

The same result as in the previous example.

 3 from zen.spamhaus.org=127.0.0.[1..255]*3 (because this pattern matches)
-1 from zen.spamhaus.org=127.0.0.3*-1 (because this pattern matches)
==+
 2

> What if I did this instead:
> 
> postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[1..2]*3
>    zen.spamhaus.org=127.0.0.3*2
>    zen.spamhaus.org=127.0.0.[4..255]*3
> 
> How would that affect the answer to the above two questions?

0 from zen.spamhaus.org=127.0.0.[1..2]*3 (this pattern does not match)
2 from zen.spamhaus.org=127.0.0.3*2 (because this pattern matches)
3 from zen.spamhaus.org=127.0.0.[4..255]*3 (because this pattern matches)
=+
5

Again, the sum of the weigths of the matched patterns.

It means that 

    zen.spamhaus.org zen.spamhaus.org

is equivalent to zen.spamhaus.org*2

Another consequence is that the order of postscreen_dnsbl_sites
does not matter. It adds up all scores, and does not stop early.

        Wietse

Reply via email to