On Tue, Feb 20, 2007 at 11:55:02PM -0500, Francisco Reyes wrote:
> Looking at the man page don't see a definition for: FROM/MX_MATCHES_NOT_HELO
>
>
> The header had:
>
> FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1.938 <client=87.118.194.148>
>
> <helo=host-148.universumbit.87.118.194.0.0xffffff00.macomnet.net>
> <[EMAIL PROTECTED]>
>
>
> I see how the from doesn't match the helo domain, but what is the MX part of
> that test?
>
> This is from a spam that got through
>
> Also don't see it in the policyd-weight.conf
> Is this some type of composite score made from other scores?
The score setting for this is $from_match_regex_verified_helo
This can have following log-entries:
FROM/MX_MATCHES_HELO(DOMAIN)
FROM/MX_MATCHES_NOT_HELO(DOMAIN)
FROM/MX_MATCHES_UNVR_HELO(DOMAIN)
FROM/MX_MATCHES_NOT_UNVR_HELO(DOMAIN)
MAIL_SEEMS_FORGED
FROM_NOT_FAILED_HELO(DOMAIN)
It does check:
a) whether the sender (domain) matches stringwise the HELO (domain)
by comparing .example1. vs .example2.
b) whether the MX for the sender domain matches stringwise
the HELO domain
a and b in conjunction with the results of HELO/SENDER vs IP comparisons.
The score is influenced by the scores of RBL results / 4
plus $bogus_mx_penalty * $bogus_mx_penalty
You do not want to tweak with this (unless you want to lower its score).
This is not documented yet as this is for suicide people only and might change
anyway due to the general beta status.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
