FROM/MX_MATCHES_NOT_HELO(DOMAIN)=21.39
Christopher Hunt
dharmachris at gmail.com
Fri Jul 1 00:29:21 CEST 2011
Gurus,
I'm having a lot of trouble resolving an issue with the
FROM/MX_MATCHES_NOT_HELO(DOMAIN) score. It is legitimate, desired
email sent from a vendor through a hosting farm. Here are the headers
from this message which is getting rejected:
NOT_IN_SBL_XBL_SPAMHAUS=-1.5
IN_SORBS_NET=2.35
BOGUS_MX=4.45
CL_IP_EQ_HELO_IP=-2 (check from: .example. - helo: .example2.inetu. -
helo-domain: .inetu.)
FROM/MX_MATCHES_NOT_HELO(DOMAIN)=21.39
CLIENT_NOT_MX/A_FROM_DOMAIN=3.85
CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.85;
<client=x.x.x.58>
<helo=example2.inetu.net>
<from=katherine at example.com> <to=ron at mycompany.example>;
rate: 32.39
The ONLY fishy thing I can see is that one of the A records for
example.com (the sender's domain) resolves to an RFC1918 Private IP
address. Could that really be causing this very high score? My
$REJECTLEVEL = 11.5;
I'm using the defaults here:
[root at mail01-01 ~]# grep from_match_regex_verified_helo
/etc/policyd-weight.conf
[root at mail01-01 ~]# /usr/sbin/policyd-weight defaults | grep
from_match_regex_verified_helo
@from_match_regex_verified_helo = (1, -2 );
#from man policyd-wieght.conf
@bogus_mx_score (2.1, 0)
If the sender domain has neither MX nor A records or these
records resolve to a bogus IP-Address (for instance private
networks) then this check asigns the full score of
bogus_mx_score. If there is no MX but an A record of the sender
domain then it receives a penalty only if DNSBL-listed.
Log Entries:
BOGUS_MX
The sender A and MX records are bogus or empty.
BAD_MX
The sender domain has an empty or bogus MX record and the
client is DNSBL listed.
Related RFCs:
[1918] Address Allocation for Private Internets
[2821] Simple Mail Transfer Protocol (Sect 3.6 and Sect 5)
[root at mail01-04 ~]# dig example.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18021
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 1 IN A 192.168.29.2
example.com. 1 IN A x.x.x.97
;; Query time: 65 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 22 15:33:54 2011
;; MSG SIZE rcvd: 64
[root at mail01-04 ~]# dig mx example.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> mx example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23820
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 11
;; QUESTION SECTION:
;example.com. IN MX
;; ANSWER SECTION:
example.com. 1 IN MX 25
example.com.inbound25.mxlogicmx.net.
example.com. 1 IN MX 35
example.com.inbound35.mxlogicmx.net.
example.com. 1 IN MX 15
example.com.inbound15.mxlogicmx.net.
example.com. 1 IN MX 15
example.com.inbound15.mxlogic.net.
example.com. 1 IN MX 25
example.com.inbound25.mxlogic.net.
example.com. 1 IN MX 35
example.com.inbound35.mxlogic.net.
;; ADDITIONAL SECTION:
example.com.inbound35.mxlogicmx.net. 14197 IN A 208.65.145.11
example.com.inbound15.mxlogic.net. 14197 IN A 208.65.144.13
example.com.inbound15.mxlogic.net. 14197 IN A 208.65.145.12
example.com.inbound15.mxlogic.net. 14197 IN A 208.65.145.13
example.com.inbound15.mxlogicmx.net. 14197 IN A 208.65.144.12
example.com.inbound15.mxlogic.net. 14197 IN A 208.65.144.12
example.com.inbound15.mxlogicmx.net. 14197 IN A 208.65.144.13
example.com.inbound25.mxlogic.net. 14197 IN A 208.65.145.11
example.com.inbound25.mxlogicmx.net. 14197 IN A 208.65.145.11
example.com.inbound15.mxlogicmx.net. 14197 IN A 208.65.145.12
example.com.inbound35.mxlogic.net. 14197 IN A 208.65.145.11
Thanks,
-Chris
More information about the Policyd-weight-users
mailing list