Re: various patches against latest devel version
On Mon, Oct 01, 2007 at 11:49:57AM +0100, Riaan Kok wrote: > Robert, > > On 25/09/2007, Robert Felber <[EMAIL PROTECTED]> wrote: > > On Tue, Sep 25, 2007 at 11:47:28AM +0100, Giles Westwood i wrote: > > > > I think it's a bit silly to score countries in the context of what > > > > policyd-weight does. It weights helo/dns/etc with scoring tuned > > > > specifically > > > > for it. If you add something like this to the mix, it gets pretty badly > > > > off-balanced I think? > > > > I think I've already stated that such changes (i.e. scoring by nationality, > > race, sex, age, opinion, religion) will be only available as inofficial > > patch which I do not host or give support for. > > > > I also recalled that I even have troubles with scoring OS/MTAs. > > > > People told me, that it is not up to me what to score but to give the > > possibility to score. Which is partly true. > > > > I think it is ok for people who want to setup a denial rampart stage to > > implement such possibilities themselves. > > > > Policyd-weight however does not want to be zero tolerant and a denial > > rampart. > > > > Policyd-weight does only want to enforce some configuration and > > does get a little help by RBLs (I've already stated, that I would love to > > get rid of RBLs, too). > > > > I admit, that the random sender check breaks this philosophy. The random > > sender check may even cause false positives. However, the random sender > > can be reconfigured - and the defaults score only high if DNSBL listed. > > > > > > The success of viruses and phishing is not only the fault of people who > > click on everything - it is more the fault of administrators who accept > > any faulty configuration (permitted by RFCs). I sometimes have the feeling > > that phishers and viruses point to the RFCs saying "see, look at the RFCs, > > you > > must accept me, Haa Haaa" or "look at all the admins which > > accept such SMTP crap even though the RFCs permit them to reject such stuff, > > He He". > > > > > > > My combination of postgrey and policyd with my corporate related tweaks > > > works great though and we're considering removing dspam as it's hardly > > > needed. > > > > > > I'm afraid that I use policyd unmodified on a different server with lots > > > of unrelated clients but I had to set reject levels very high because > > > genuine mail was rejected. > > > > Policyd-weight is designed to enforce a even more precise MTA configuration > > for dialup users. I.e. people who want to run a MTA on a dialup should > > setup every piece correctly and preferably sign up for a free DynDNS MX > > host. Whereas people from foreign countries do not really have a chance. > > Except sign up for a different country -- which is more of a burden and not > > free. > > > > Note: I mail sometimes from home with a DUL listed dialup through ek-muc and > > the home MTA must pass polw. This does only fail if I get a spamhaus listed > > IP - which is resolved by reconnecting automatically. > > > > > > This all does not mean that the patch is completely rejected, I haven't read > > everything yet. > > > > This is all actually useful to know for us who > - use policyd-weight, > - want to make constructive suggestions, > - and/or want to improve or build on policyd-weight, > but the website doesn't quite make it all clear.. I think it would be > nice, when you've got the time, to add a "Vision" or "For Potential > Developers" section to the website where you explain what > policyd-weight IS and what it IS NOT and what kinds of contributions > would be useful and welcome. I have "- probably external hooks at certain stages" on www.policyd-weight.org/todo.txt Which means, that at such stages people can hook in own rules/scorings/user-sql-lookups and the like. This, and maybe a long with the poissibility to play around with scoring like for instance http://postfwd.jpkessler.de/ I also have troubles with a feature-rich policy server. Feature-rich is Amavis/SpamAssassin. We all know how huge one Amavis Process is. This is the reason, why Amavis/SA should be an after-queue processor with an own queue. With this in mind I'd like to not exceed the 10mb mark - at least not as long as we don't have a full policy/DNS multiplex aware server. > This thread suggests to me that there is a need out there to > modify/customise policyd-weight, and although patches that take the > program to areas where it was not intended to be is not useful for > default inclusion, patches that makes it easier to customise or add > modules to PW would be welcome? Currently I'd more like resource/portability/stability patches. Along with stuff from the todo.txt. > Enabling different kinds of usage, > perhaps even grouping its operation (RBLs, RFC stuff, regional, > anti-spam, experimental, etc.).. Also enabling you to get rid of RBLs > in the situation where you want to do it, but keep other folks happy > that desire RBLs to stay.. > > Anyway, my 2 cents.. > > Riaan > > ___
Re: various patches against latest devel version
> Enabling different kinds of usage, > perhaps even grouping its operation (RBLs, RFC stuff, regional, > anti-spam, experimental, etc.).. I like the naming of this, the config options aren't that obvious which is probably why you didn't see how to customize it. > Also enabling you to get rid of RBLs > in the situation where you want to do it, but keep other folks happy > that desire RBLs to stay.. You can remove any scoring of features you don't want so it is totally customizable. P.S I'm going to grep my logs for the various tweaks I added and post some results to the list. Particularly the geoip missmatching rating. g. Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: various patches against latest devel version
Robert, On 25/09/2007, Robert Felber <[EMAIL PROTECTED]> wrote: > On Tue, Sep 25, 2007 at 11:47:28AM +0100, Giles Westwood i wrote: > > > I think it's a bit silly to score countries in the context of what > > > policyd-weight does. It weights helo/dns/etc with scoring tuned > > > specifically > > > for it. If you add something like this to the mix, it gets pretty badly > > > off-balanced I think? > > I think I've already stated that such changes (i.e. scoring by nationality, > race, sex, age, opinion, religion) will be only available as inofficial > patch which I do not host or give support for. > > I also recalled that I even have troubles with scoring OS/MTAs. > > People told me, that it is not up to me what to score but to give the > possibility to score. Which is partly true. > > I think it is ok for people who want to setup a denial rampart stage to > implement such possibilities themselves. > > Policyd-weight however does not want to be zero tolerant and a denial rampart. > > Policyd-weight does only want to enforce some configuration and > does get a little help by RBLs (I've already stated, that I would love to > get rid of RBLs, too). > > I admit, that the random sender check breaks this philosophy. The random > sender check may even cause false positives. However, the random sender > can be reconfigured - and the defaults score only high if DNSBL listed. > > > The success of viruses and phishing is not only the fault of people who > click on everything - it is more the fault of administrators who accept > any faulty configuration (permitted by RFCs). I sometimes have the feeling > that phishers and viruses point to the RFCs saying "see, look at the RFCs, you > must accept me, Haa Haaa" or "look at all the admins which > accept such SMTP crap even though the RFCs permit them to reject such stuff, > He He". > > > > My combination of postgrey and policyd with my corporate related tweaks > > works great though and we're considering removing dspam as it's hardly > > needed. > > > > I'm afraid that I use policyd unmodified on a different server with lots > > of unrelated clients but I had to set reject levels very high because > > genuine mail was rejected. > > Policyd-weight is designed to enforce a even more precise MTA configuration > for dialup users. I.e. people who want to run a MTA on a dialup should > setup every piece correctly and preferably sign up for a free DynDNS MX > host. Whereas people from foreign countries do not really have a chance. > Except sign up for a different country -- which is more of a burden and not > free. > > Note: I mail sometimes from home with a DUL listed dialup through ek-muc and > the home MTA must pass polw. This does only fail if I get a spamhaus listed > IP - which is resolved by reconnecting automatically. > > > This all does not mean that the patch is completely rejected, I haven't read > everything yet. > This is all actually useful to know for us who - use policyd-weight, - want to make constructive suggestions, - and/or want to improve or build on policyd-weight, but the website doesn't quite make it all clear.. I think it would be nice, when you've got the time, to add a "Vision" or "For Potential Developers" section to the website where you explain what policyd-weight IS and what it IS NOT and what kinds of contributions would be useful and welcome. This thread suggests to me that there is a need out there to modify/customise policyd-weight, and although patches that take the program to areas where it was not intended to be is not useful for default inclusion, patches that makes it easier to customise or add modules to PW would be welcome? Enabling different kinds of usage, perhaps even grouping its operation (RBLs, RFC stuff, regional, anti-spam, experimental, etc.).. Also enabling you to get rid of RBLs in the situation where you want to do it, but keep other folks happy that desire RBLs to stay.. Anyway, my 2 cents.. Riaan Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: various patches against latest devel version
> People told me, that it is not up to me what to score but to give the > possibility to score. Which is partly true. This is my case for it too, it might be as innocent as you only want mail from your home country as you don't deal with international business... May be at least you could consider adding the check for mismatches between TLD's and client origin. > I admit, that the random sender check breaks this philosophy. The random > sender check may even cause false positives. However, the random sender > can be reconfigured - and the defaults score only high if DNSBL listed. I think there's a lot of potential to score based on the from address using weighting that effect each other and dictionary matching. Some of the spam I've seen get through is obvious to the human eye so I'm sure polw can get closer. > Policyd-weight is designed to enforce a even more precise MTA > configuration > for dialup users. I.e. people who want to run a MTA on a dialup should > setup every piece correctly and preferably sign up for a free DynDNS MX > host. I should have thought about this more.. I can just disable the dial-up/adsl weighting for my virtual hosting server then I can reduce the overall reject levels back down again to just use the rfc and rbl checks. This server is also a definite candidate for more intelligent from matching. Punishing address' like [EMAIL PROTECTED] would kill half the traffic heh. cheers for the response, g. Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: various patches against latest devel version
On Tue, Sep 25, 2007 at 11:47:28AM +0100, Giles Westwood i wrote: > > I think it's a bit silly to score countries in the context of what > > policyd-weight does. It weights helo/dns/etc with scoring tuned > > specifically > > for it. If you add something like this to the mix, it gets pretty badly > > off-balanced I think? I think I've already stated that such changes (i.e. scoring by nationality, race, sex, age, opinion, religion) will be only available as inofficial patch which I do not host or give support for. I also recalled that I even have troubles with scoring OS/MTAs. People told me, that it is not up to me what to score but to give the possibility to score. Which is partly true. I think it is ok for people who want to setup a denial rampart stage to implement such possibilities themselves. Policyd-weight however does not want to be zero tolerant and a denial rampart. Policyd-weight does only want to enforce some configuration and does get a little help by RBLs (I've already stated, that I would love to get rid of RBLs, too). I admit, that the random sender check breaks this philosophy. The random sender check may even cause false positives. However, the random sender can be reconfigured - and the defaults score only high if DNSBL listed. The success of viruses and phishing is not only the fault of people who click on everything - it is more the fault of administrators who accept any faulty configuration (permitted by RFCs). I sometimes have the feeling that phishers and viruses point to the RFCs saying "see, look at the RFCs, you must accept me, Haa Haaa" or "look at all the admins which accept such SMTP crap even though the RFCs permit them to reject such stuff, He He". > My combination of postgrey and policyd with my corporate related tweaks > works great though and we're considering removing dspam as it's hardly > needed. > > I'm afraid that I use policyd unmodified on a different server with lots > of unrelated clients but I had to set reject levels very high because > genuine mail was rejected. Policyd-weight is designed to enforce a even more precise MTA configuration for dialup users. I.e. people who want to run a MTA on a dialup should setup every piece correctly and preferably sign up for a free DynDNS MX host. Whereas people from foreign countries do not really have a chance. Except sign up for a different country -- which is more of a burden and not free. Note: I mail sometimes from home with a DUL listed dialup through ek-muc and the home MTA must pass polw. This does only fail if I get a spamhaus listed IP - which is resolved by reconnecting automatically. This all does not mean that the patch is completely rejected, I haven't read everything yet. -- Robert Felber (PGP: 896CF30B) Munich, Germany Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: various patches against latest devel version
> On Tuesday 25 September 2007 12:11, Giles Westwood i wrote: >> Have a look at the .conf file I attached. I score every country >> differently. It's politically incorrect but it works for us. If you were >> in NIGERIA you would be scored +10! > > But this can be done with help of http://countries.nerd.dk/more.html and > @dnsbl_score! There is no additional patch needed for this. I prefer to use the maxmind lookup, it's updated regularly and is their business (they claim 98% accurate.) Also I want to specifically choose the weighting per country. If you ran a isp or worldwide server then you'd use much lower scores for most countries. However, it's the combination of the tweaks I added that I find works effectively for me. > I personly score actual against cn.countries.nerd.dk, since my users > shouldn't > get mail from there 'normaly'. But somebody might come up, that this is > discriminating. > > Anyways ... there wasn't any attachment. It's in the original posting I made, every iso code is listed with my personal scoring. g. Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: various patches against latest devel version
> On Tue, Sep 25, 2007 at 12:01:54PM +0200, Jan Wagner wrote: >> Hi, >> >> On Tuesday 25 September 2007 11:22, Giles Westwood i wrote: >> > you send a mail from [EMAIL PROTECTED] from a german ip >> > >> > I score you for germany +2 >> >> Hmm ... is sending mail from an IP, which is found to be related to a >> county >> in your geoip database, bad? Why do you score 2 points? > > I think it's a bit silly to score countries in the context of what > policyd-weight does. It weights helo/dns/etc with scoring tuned > specifically > for it. If you add something like this to the mix, it gets pretty badly > off-balanced I think? > > I do score countries myself, but I do it in SpamAssassin, since it takes > much more into consideration to prevent false positives. We use a lot of whitelisting so fp's are not such an issue. I would like to tie scoring with other factors as it is a blunt tool but due to the low scoring it hasn't actually caused any problems and I only give high scores to some countries. The *combination* of my tweaks have definitely stopped some of the sneaky spammers getting through, I targeted the changes based on what got through the default policyd. I would be very interested in other peoples millage though. I specifically *don't* want to use SA because I've found it produces fp's and is a resource hog, I use dspam however, but only on final delivery... My combination of postgrey and policyd with my corporate related tweaks works great though and we're considering removing dspam as it's hardly needed. I'm afraid that I use policyd unmodified on a different server with lots of unrelated clients but I had to set reject levels very high because genuine mail was rejected. Someone on a adsl connection was sending out a paid for mailing list for their domain and policyd scored it 8.x... So depending on your client base policyd can be very effective or very problematic. g. Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: various patches against latest devel version
On Tuesday 25 September 2007 12:11, Giles Westwood i wrote: > Have a look at the .conf file I attached. I score every country > differently. It's politically incorrect but it works for us. If you were > in NIGERIA you would be scored +10! But this can be done with help of http://countries.nerd.dk/more.html and @dnsbl_score! There is no additional patch needed for this. I personly score actual against cn.countries.nerd.dk, since my users shouldn't get mail from there 'normaly'. But somebody might come up, that this is discriminating. Anyways ... there wasn't any attachment. With kind regards, Jan. -- Never write mail to <[EMAIL PROTECTED]>, you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- pgpZkyv5XhF8N.pgp Description: PGP signature
Re: various patches against latest devel version
> Hi, > > On Tuesday 25 September 2007 11:22, Giles Westwood i wrote: >> you send a mail from [EMAIL PROTECTED] from a german ip >> >> I score you for germany +2 > Hmm ... is sending mail from an IP, which is found to be related to a > county > in your geoip database, bad? Why do you score 2 points? Hi Jan, Have a look at the .conf file I attached. I score every country differently. It's politically incorrect but it works for us. If you were in NIGERIA you would be scored +10! g. Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: various patches against latest devel version
Hi, On Tuesday 25 September 2007 11:22, Giles Westwood i wrote: > you send a mail from [EMAIL PROTECTED] from a german ip > > I score you for germany +2 Hmm ... is sending mail from an IP, which is found to be related to a county in your geoip database, bad? Why do you score 2 points? With kind regards, Jan. -- Never write mail to <[EMAIL PROTECTED]>, you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- pgpyAP3pNJLD9.pgp Description: PGP signature
Re: various patches against latest devel version
Hi Jan, The country comparison is done between geoip lookup on client ip and TLD of sending email address. If your TLD isn't a 2 letter country domain though the comparison is skipped. As an example of what my patches do.. you send a mail from [EMAIL PROTECTED] from a german ip I score you for germany +2 I score you for 'profit' +7 I score you for mismatch of GB and DE +2 I score you for a number in your email username +3 > P.S.: Robert: You should configure mailman to have the mailing-list > address as reply-to! I use squirrelmail which has a reply to list button. g. Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: various patches against latest devel version
Here in Germany there are many (dial-up) Providers, that use .net Addresses instead of the country domain .de e.g: dslb-XXX-YYY-ZZZ-WWW.pools.arcor-ip.net or pdXXX.dip.t-dialin.net Will that result in negative scores? Jan P.S.: Robert: You should configure mailman to have the mailing-list address as reply-to! > Hi All, > I've been tinkering with polw for a while now, here are my various patches > including the geoip work I got off the main site. > Sender and reverse spam token check (see .conf file) > Score senders on Geoip detected country > Compare TLD (where possible) and Geoip detected country for missmatch > 'onspeed' dialup optimizer in dial up checks > Sender penalize for number in email address (non corporate check) > Modified random email address detection with 12 unbroken characters > This is designed for a corporate heavily whitelisted environment although > I've had no reports of fp yet... > g. -- When i Die , Bury me Face down so the whole World can kiss my Ass Mit freundlichen Grüßen Jan Scholten mailto:[EMAIL PROTECTED] Policyd-weight Mailinglist - http://www.policyd-weight.org/
