Hello,

this is a 'scoring fix' with explicit ALPHA status.

Fix/Changes:

    Policyd-weight didn't check whether the (verified) client
    hostname matches the sender domain.

    CL_HOSTNAME_MATCHES_FROM(DOMAIN) uses the score of
    @helo_ip_in_client_subnet as the context is similiar.

    Logging (client=<>) changed to also tell the client name provided by
    postfix.



This affects users which try to communicate with microsoft. I myself
stumpled about this today (registering with eopen).



Log-Example before Fix:

12:01:14 info: weighted check:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5 
NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41 
RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .microsoft. - helo: 
.internal.smtp.mscom.phx. - helo-domain: .phx.)  
FROM/MX_MATCHES_NOT_UNVR_HELO(DOMAIN)=1.6 RANDOM_SENDER=0.25 IN_PM_RFCI=3.975 
IN_ABUSE_RFCI=3.975; <client=207.46.22.101> <helo=internal.smtp.mscom.phx.gbl> 
<from=cnfrm...@microsoft.com> <to=i...@kuttendreier.de>; rate: 6.39


Log-Example after Fix:

14:47:56 info: weighted check:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5 
NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41 (check 
from: .microsoft. - helo: .internal.smtp.mscom.phx. - helo-domain: .phx.)  
CL_HOSTNAME_MATCHES_FROM(DOMAIN)=-1.2 RANDOM_SENDER=0.25 IN_PM_RFCI=0.875 
IN_ABUSE_RFCI=0.875 <helo_ips:  internal.smtp.mscom.phx.gbl 216.32.180.22 
207.46.232.182 207.46.197.32>; <instance=207.46.22.101cnfrm...@microsoft.com> 
<client=delivery.smtp.microsoft.com[207.46.22.101]> 
<helo=internal.smtp.mscom.phx.gbl> <from=cnfrm...@microsoft.com> <to=>; rate: 
-4.11



(FYI: HELO_IP_IN_CL16_SUBNET might irritate. This means that the client
IP might also be in in the subnet of the _FROM_ addresses. (which is the
case here))



-- 
    Robert Felber (PGP: 896CF30B)
    Munich, Germany

____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/

Reply via email to