<p>Mr. Felber,<br>
Thank you for you quick reply. I will work with the sender on those issues. I will be whitelisting the send or recipient according to <a href="http://www.policyd-weight.org/faq.html#whitelisting">http://www.policyd-weight.org/faq.html#whitelisting</a>. <br>
</p><p>I have an additional question though, somewhat related: Do you generally recommend that policyd-weight appear last in smtp_recipient_restrictions? <br></p><p>Here's what I have now:</p><p>smtpd_recipient_restrictions = permit_mynetworks,<br>
permit_sasl_authenticated,<br> check_policy_service inet:<a href="http://127.0.0.1:12525">127.0.0.1:12525</a>,<br> reject_unknown_reverse_client_hostname,<br>
reject_invalid_hostname,<br> reject_non_fqdn_hostname<br> reject_rbl_client zen.spamhaus,<br> reject_unknown_sender_domain,<br>
reject_non_fqdn_sender,<br> reject_non_fqdn_recipient,<br> reject_unauth_destination,<br> reject_unlisted_recipient<br>
</p><p><br></p><p>I wonder if I couldn't take some load off of policyd-weight by moving it to the end of the list..<br></p>
<p>-Chris</p>
<p>P.S. the IRC server's .com web site mentioned on the website seems to down, but the .net is up<br></p>
<div class="gmail_quote">On Jul 1, 2011 3:36 AM, "Robert Felber" <<a href="mailto:robtone@ek-muc.de" target="_blank">robtone@ek-muc.de</a>> wrote:<br type="attribution">> On Thu, Jun 30, 2011 at 03:29:21PM -0700, Christopher Hunt wrote:<br>
>> Gurus,<br>>> I'm having a lot of trouble resolving an issue with the<br>>> FROM/MX_MATCHES_NOT_HELO(DOMAIN) score. It is legitimate, desired<br>>> email sent from a vendor through a hosting farm. Here are the headers<br>
>> from this message which is getting rejected:<br>>> <br>>> NOT_IN_SBL_XBL_SPAMHAUS=-1.5<br>>> IN_SORBS_NET=2.35<br>> <br>> It's also on a BL. The private adress in the A records and the BL<br>
> listing trigger more caution.<br>> <br>> The <a href="http://example.inetu.net" target="_blank">example.inetu.net</a> server doesn't appear to be responsible for the sender<br>> domain, which is a normal thing - but in consideration of the BL and the fishy<br>
> sing of private records in public names it could also be a owned SMTP.<br>> <br>> <br>>> BOGUS_MX=4.45<br>>> CL_IP_EQ_HELO_IP=-2 (check from: .example. - helo: .example2.inetu. -<br>>> helo-domain: .inetu.)<br>
>> FROM/MX_MATCHES_NOT_HELO(DOMAIN)=21.39<br>>> CLIENT_NOT_MX/A_FROM_DOMAIN=3.85<br>>> CLIENT/24_NOT_MX/A_FROM_DOMAIN=3.85;<br>>> <client=x.x.x.58><br>>> <helo=<a href="http://example2.inetu.net" target="_blank">example2.inetu.net</a>><br>
>> <from=<a href="mailto:katherine@example.com" target="_blank">katherine@example.com</a>> <to=ron@mycompany.example>;<br>>> rate: 32.39<br>>> <br>>> The ONLY fishy thing I can see is that one of the A records for<br>
>> <a href="http://example.com" target="_blank">example.com</a> (the sender's domain) resolves to an RFC1918 Private IP<br>>> address. Could that really be causing this very high score? My<br>>> $REJECTLEVEL = 11.5;<br>
>> <br>>> I'm using the defaults here:<br>>> [root@mail01-01 ~]# grep from_match_regex_verified_helo<br>>> /etc/policyd-weight.conf<br>>> [root@mail01-01 ~]# /usr/sbin/policyd-weight defaults | grep<br>
>> from_match_regex_verified_helo<br>>> @from_match_regex_verified_helo = (1, -2 );<br>>> <br>>> #from man policyd-wieght.conf<br>>> @bogus_mx_score (2.1, 0)<br>>> If the sender domain has neither MX nor A records or these<br>
>> records resolve to a bogus IP-Address (for instance private<br>>> networks) then this check asigns the full score of<br>>> bogus_mx_score. If there is no MX but an A record of the sender<br>>> domain then it receives a penalty only if DNSBL-listed.<br>
>> Log Entries:<br>>> BOGUS_MX<br>>> The sender A and MX records are bogus or empty.<br>>> BAD_MX<br>>> The sender domain has an empty or bogus MX record and the<br>>> client is DNSBL listed.<br>
>> Related RFCs:<br>>> [1918] Address Allocation for Private Internets<br>>> [2821] Simple Mail Transfer Protocol (Sect 3.6 and Sect 5)<br>>> <br>>> <br>>> [root@mail01-04 ~]# dig <a href="http://example.com" target="_blank">example.com</a><br>
>> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> <a href="http://example.com" target="_blank">example.com</a><br>>> ;; global options: printcmd<br>>> ;; Got answer:<br>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18021<br>
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0<br>>> ;; QUESTION SECTION:<br>>> ;<a href="http://example.com" target="_blank">example.com</a>. IN A<br>
>> ;; ANSWER SECTION:<br>
>> <a href="http://example.com" target="_blank">example.com</a>. 1 IN A 192.168.29.2<br>>> <a href="http://example.com" target="_blank">example.com</a>. 1 IN A x.x.x.97<br>
>> ;; Query time: 65 msec<br>
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)<br>>> ;; WHEN: Wed Jun 22 15:33:54 2011<br>>> ;; MSG SIZE rcvd: 64<br>>> <br>>> [root@mail01-04 ~]# dig mx <a href="http://example.com" target="_blank">example.com</a><br>
>> <br>>> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> mx <a href="http://example.com" target="_blank">example.com</a><br>>> ;; global options: printcmd<br>>> ;; Got answer:<br>
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23820<br>
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 11<br>>> <br>>> ;; QUESTION SECTION:<br>>> ;<a href="http://example.com" target="_blank">example.com</a>. IN MX<br>
>> <br>>> ;; ANSWER SECTION:<br>>> <a href="http://example.com" target="_blank">example.com</a>. 1 IN MX 25<br>>> <a href="http://example.com.inbound25.mxlogicmx.net" target="_blank">example.com.inbound25.mxlogicmx.net</a>.<br>
>> <a href="http://example.com" target="_blank">example.com</a>. 1 IN MX 35<br>>> <a href="http://example.com.inbound35.mxlogicmx.net" target="_blank">example.com.inbound35.mxlogicmx.net</a>.<br>
>> <a href="http://example.com" target="_blank">example.com</a>. 1 IN MX 15<br>
>> <a href="http://example.com.inbound15.mxlogicmx.net" target="_blank">example.com.inbound15.mxlogicmx.net</a>.<br>>> <a href="http://example.com" target="_blank">example.com</a>. 1 IN MX 15<br>
>> <a href="http://example.com.inbound15.mxlogic.net" target="_blank">example.com.inbound15.mxlogic.net</a>.<br>
>> <a href="http://example.com" target="_blank">example.com</a>. 1 IN MX 25<br>>> <a href="http://example.com.inbound25.mxlogic.net" target="_blank">example.com.inbound25.mxlogic.net</a>.<br>
>> <a href="http://example.com" target="_blank">example.com</a>. 1 IN MX 35<br>
>> <a href="http://example.com.inbound35.mxlogic.net" target="_blank">example.com.inbound35.mxlogic.net</a>.<br>>> <br>>> ;; ADDITIONAL SECTION:<br>>> <a href="http://example.com.inbound35.mxlogicmx.net" target="_blank">example.com.inbound35.mxlogicmx.net</a>. 14197 IN A <a href="tel:208.65.145.11" value="+12086514511" target="_blank">208.65.145.11</a><br>
>> <a href="http://example.com.inbound15.mxlogic.net" target="_blank">example.com.inbound15.mxlogic.net</a>. 14197 IN A <a href="tel:208.65.144.13" value="+12086514413" target="_blank">208.65.144.13</a><br>>> <a href="http://example.com.inbound15.mxlogic.net" target="_blank">example.com.inbound15.mxlogic.net</a>. 14197 IN A <a href="tel:208.65.145.12" value="+12086514512" target="_blank">208.65.145.12</a><br>
>> <a href="http://example.com.inbound15.mxlogic.net" target="_blank">example.com.inbound15.mxlogic.net</a>. 14197 IN A <a href="tel:208.65.145.13" value="+12086514513" target="_blank">208.65.145.13</a><br>>> <a href="http://example.com.inbound15.mxlogicmx.net" target="_blank">example.com.inbound15.mxlogicmx.net</a>. 14197 IN A <a href="tel:208.65.144.12" value="+12086514412" target="_blank">208.65.144.12</a><br>
>> <a href="http://example.com.inbound15.mxlogic.net" target="_blank">example.com.inbound15.mxlogic.net</a>. 14197 IN A <a href="tel:208.65.144.12" value="+12086514412" target="_blank">208.65.144.12</a><br>>> <a href="http://example.com.inbound15.mxlogicmx.net" target="_blank">example.com.inbound15.mxlogicmx.net</a>. 14197 IN A <a href="tel:208.65.144.13" value="+12086514413" target="_blank">208.65.144.13</a><br>
>> <a href="http://example.com.inbound25.mxlogic.net" target="_blank">example.com.inbound25.mxlogic.net</a>. 14197 IN A <a href="tel:208.65.145.11" value="+12086514511" target="_blank">208.65.145.11</a><br>>> <a href="http://example.com.inbound25.mxlogicmx.net" target="_blank">example.com.inbound25.mxlogicmx.net</a>. 14197 IN A <a href="tel:208.65.145.11" value="+12086514511" target="_blank">208.65.145.11</a><br>
>> <a href="http://example.com.inbound15.mxlogicmx.net" target="_blank">example.com.inbound15.mxlogicmx.net</a>. 14197 IN A <a href="tel:208.65.145.12" value="+12086514512" target="_blank">208.65.145.12</a><br>>> <a href="http://example.com.inbound35.mxlogic.net" target="_blank">example.com.inbound35.mxlogic.net</a>. 14197 IN A <a href="tel:208.65.145.11" value="+12086514511" target="_blank">208.65.145.11</a><br>
>> <br>>> Thanks,<br>>> -Chris<br>>> _______________________________________________<br>>> Policyd-weight-users Mailingliste<br>>> JPBerlin - Politischer Provider<br>>> <a href="mailto:Policyd-weight-users@listen.jpberlin.de" target="_blank">Policyd-weight-users@listen.jpberlin.de</a><br>
>> <a href="https://listen.jpberlin.de/mailman/listinfo/policyd-weight-users" target="_blank">https://listen.jpberlin.de/mailman/listinfo/policyd-weight-users</a><br>> <br>> -- <br>> Robert Felber, PGP: D1B2F2E5 <a href="http://www.selling-it.de" target="_blank">http://www.selling-it.de</a><br>
> <br>> _______________________________________________<br>> Policyd-weight-users Mailingliste<br>> JPBerlin - Politischer Provider<br>> <a href="mailto:Policyd-weight-users@listen.jpberlin.de" target="_blank">Policyd-weight-users@listen.jpberlin.de</a><br>
> <a href="https://listen.jpberlin.de/mailman/listinfo/policyd-weight-users" target="_blank">https://listen.jpberlin.de/mailman/listinfo/policyd-weight-users</a><br></div>