Hello,
this is a 'scoring fix' with explicit ALPHA status.
Fix/Changes:
Policyd-weight didn't check whether the (verified) client
hostname matches the sender domain.
CL_HOSTNAME_MATCHES_FROM(DOMAIN) uses the score of
@helo_ip_in_client_subnet as the context is similiar.
Logging (client=<>) changed to also tell the client name provided by
postfix.
This affects users which try to communicate with microsoft. I myself
stumpled about this today (registering with eopen).
Log-Example before Fix:
12:01:14 info: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5
NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41
RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .microsoft. - helo:
.internal.smtp.mscom.phx. - helo-domain: .phx.)
FROM/MX_MATCHES_NOT_UNVR_HELO(DOMAIN)=1.6 RANDOM_SENDER=0.25 IN_PM_RFCI=3.975
IN_ABUSE_RFCI=3.975; <client=207.46.22.101> <helo=internal.smtp.mscom.phx.gbl>
<from=cnfrm...@microsoft.com> <to=i...@kuttendreier.de>; rate: 6.39
Log-Example after Fix:
14:47:56 info: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5
NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41 (check
from: .microsoft. - helo: .internal.smtp.mscom.phx. - helo-domain: .phx.)
CL_HOSTNAME_MATCHES_FROM(DOMAIN)=-1.2 RANDOM_SENDER=0.25 IN_PM_RFCI=0.875
IN_ABUSE_RFCI=0.875 <helo_ips: internal.smtp.mscom.phx.gbl 216.32.180.22
207.46.232.182 207.46.197.32>; <instance=207.46.22.101cnfrm...@microsoft.com>
<client=delivery.smtp.microsoft.com[207.46.22.101]>
<helo=internal.smtp.mscom.phx.gbl> <from=cnfrm...@microsoft.com> <to=>; rate:
-4.11
(FYI: HELO_IP_IN_CL16_SUBNET might irritate. This means that the client
IP might also be in in the subnet of the _FROM_ addresses. (which is the
case here))
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
