New Mailinglist Home

Hello people,

I have to move the ML to a new host because the old
one will soon no longer be available.

For everyone who wants to keep track of
changes or possibly new development the
new location is at

https://listen.jpberlin.de/mailman/listinfo/policyd-weight-users

--

-- 
    Robert Felber (PGP: 896CF30B)
    Munich, Germany

____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/

policyd-weight as a tarpit

Hi!

I´m using policyd-weight and think it does a great job in rejecting
spam. I would like to do a little more and eat up the spammers
resources by tarpitting them. My system doesn´t have too much traffic
so i simply added "sleep(5);" in policyd-weight´s section "parse and
store results, do some cleanup, return results", right before the two
lines "return($EREJECTMSG.$RHSBLMSG.$RELAYMSG.$DYN_DNS_MSG);". This
should eat 5 secs of the spammers time, right? In /var/log/mail.log i
see "delay 5s" after the reject message (used to be 0-1s before).

Of course that could be improved, by calculating the sleep-time
depending on score, running processes compared to $MAX_PROC, a
config-file configurable $MAX_TARPIT_TIME etc.

Regards
Gregor

--

-- 
Partykeller
www.meineparty.at

____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/

policyd-weight: blocked because of previous errors

Hello list,

I have a problem with rejects due to cache entries.
We use policyd-weight-0.1.14-beta-17.

This is the message found in the logfile:

Dec 21 16:09:28 smtp2 postfix/smtpd[16364]: connect from 
mail-telecontrol.customer.solnet.ch[82.220.17.226]
Dec 21 16:09:29 smtp2 postfix/policyd-weight[30193]: decided action=550 
temporarily blocked because of previous errors - retrying too fast. 
penalty: 30 seconds x 0 retries.; <client=82.220.17.226> 
<helo=smtp.telecontrol.ch> <from=$SENDER@...> 
<to=$RECIPIENT@...>; delay: 0s
Dec 21 16:09:29 smtp2 postfix/smtpd[16364]: NOQUEUE: reject: RCPT from 
mail-telecontrol.customer.solnet.ch[82.220.17.226]: 550 5.7.1 
<$RECIPIENT@...>: Recipient address rejected: temporarily 
blocked 
because of previous errors - retrying too fast. penalty: 30 seconds x 0 
retries.; from=<$SENDER@...>
to=<$RECIPIENT@...> 
proto=ESMTP helo=<smtp.telecontrol.ch>

There are no other log entries for 82.220.17.226 during the last 8 days.
The cache entry is:
policyd-weight -s|grep 82.220.17.226
blocked: 82.220.17.226 1 0 1261408171
1261408171 (UNIX) is the date of the first (and only) reject + 2 seconds :
1261408171 = Mon, 21 Dec 2009 15:09:31 GMT

update submission process

Hi,

  I wasn't sure what the process was to submit updates to polw, if you
could please let me know.

thanks

____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/

noreply@...>]

>From owner-policyd-weight-list@...  Fri Jan 30 16:59:57 2009
Return-Path: <owner-policyd-weight-list@...>
Delivered-To: policyd-weight-list@...
Received: from localhost (localhost [127.0.0.1])
	by robtone.ek-muc.de (Postfix) with ESMTP id 3D51DC42EC
	for <policyd-weight-list@...>; Fri, 30 Jan 2009 16:59:57
+0100 (CET)
X-Spam-Flag: NO
Received: from ch3.sourceforge.net (ch3.sourceforge.net [216.34.181.60])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by robtone.ek-muc.de (Postfix) with ESMTPS id 5A78FC3B39
	for <policyd-weight-list@...>; Fri, 30 Jan 2009 16:59:48
+0100 (CET)
Received: from www by cdv4jf1.ch3.sourceforge.com with local (Exim 4.69)
	(envelope-from <noreply@...>)
	id 1LSvmN-0002ol-9l; Fri, 30 Jan 2009 15:59:39 +0000
To: noreply@...
From: "SourceForge.net" <noreply@...>
Subject: [ policyd-weight-Bugs-2549476 ] Dynablock.njabl.org should be removed
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-SourceForge-Tracker-unixname: policyd-weight
X-SourceForge-Tracker-trackerid: 771692
X-SourceForge-Tracker-itemid: 2549476
X-SourceForge-Tracker-itemstatus: Open
X-SourceForge-Tracker-itemassignee: nobody
X-SourceForge-Tracker-itemupdate-reason: Tracker Item Submitted
X-SourceForge-Tracker-itemupdate-username: Item Submitter
Message-Id: <E1LSvmN-0002ol-9l@...>

version update: version 0.1.15 devel-3

Hello,

this is a 'scoring fix' with explicit ALPHA status.

Fix/Changes:

    Policyd-weight didn't check whether the (verified) client
    hostname matches the sender domain.

    CL_HOSTNAME_MATCHES_FROM(DOMAIN) uses the score of
    @helo_ip_in_client_subnet as the context is similiar.

    Logging (client=<>) changed to also tell the client name provided by
    postfix.

This affects users which try to communicate with microsoft. I myself
stumpled about this today (registering with eopen).

Log-Example before Fix:

12:01:14 info: weighted check:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41 RESOLVED_IP_IS_NOT_HELO=1.5 (check from:
.microsoft. - helo: .internal.smtp.mscom.phx. - helo-domain: .phx.) 
FROM/MX_MATCHES_NOT_UNVR_HELO(DOMAIN)=1.6 RANDOM_SENDER=0.25 IN_PM_RFCI=3.975
IN_ABUSE_RFCI=3.975; <client=207.46.22.101> <helo=internal.smtp.mscom.phx.gbl>
<from=cnfrmpro@...>
<to=info@...>; rate: 6.39

Log-Example after Fix:

Re: still problems with: while reading input attribute name

Hallo,

> provide some debug-logs, eg:
>
> egrep -i '(warn|err|fatal|panic):' /some/log/file
here an example from one affected machine, but seems to be the same on other 
servers.

Oct 21 10:57:00 servername postfix/policyd-weight[30304]: warning: child: 
err: Died at /usr/lib/postfix/policyd-weight line 1322.
Oct 21 10:57:00 servername postfix/policyd-weight[7581]: warning: child: 
err: Died at /usr/lib/postfix/policyd-weight line 1322.
Oct 21 10:57:00 servername postfix/policyd-weight[7015]: warning: child: 
err: Died at /usr/lib/postfix/policyd-weight line 1322.
Oct 21 11:55:53 servername postfix/policyd-weight[29656]: warning: child: 
err: Died at /usr/lib/postfix/policyd-weight line 1322.
Oct 21 11:55:53 servername postfix/policyd-weight[29309]: warning: child: 
err: Died at /usr/lib/postfix/policyd-weight line 1322.
Oct 21 12:00:57 servername postfix/policyd-weight[9438]: warning: child: 
err: Died at /usr/lib/postfix/policyd-weight line 1322.
Oct 21 12:56:54 servername postfix/policyd-weight[587]: warning: child: err: 
Died at /usr/lib/postfix/policyd-weight line 1322.
Oct 21 12:56:54 servername postfix/policyd-weight[20380]: warning: child: 
err: Died at /usr/lib/postfix/policyd-weight line 1322.

sequenz ist this:

$SIG{'PIPE'} = sub {
                    mylog(warning=>"Got SIG <at> _. Child $$ terminated.");
                    die;

version update: version 0.1.15 devel-1

Hello,

even though I officially don't maintain polw, I want to
thank Jonas Genannt for his work to start on IPv6 support.

0.1.15 devel-x should be dedicated to stabilize/test IPv6.

############################

Other priorities would be:

- evaluating of RBL A records, 127.0.0.1, 127.0.0.2, and so on
  The result of _one_ RBl with many records should be
  not much higher than the record with the highest value.
  Simple addition/multiplying/averaging leads to false
  results.

  Eg: 127.1 = 3.4
      127.2 = 1.5
      127.3 = 1.5
      127.4 = 2.3
      ~~~~~~~~~~~
             ~4.2

      127.1 = 3.4
      127.2 = 2.3
      -----------
             ~4.1

- configurable dynamic/static-host heuristic via regexp-array

IPv6 patch against policyd-weight

Hi All,

I have created an patch against the current policyd-weight
version(0.1.14 beta-17). This patch adds support for IPv6 Helo and RBL
checks. This code is not very nice, but it seems to work :)

I have modified the default configuration to query the IPv6 Beta RBL at
http://ipv6rbl.ipv6-world.net/.

Greets,
	Jonas

--- policyd-weight.orig	2008-09-22 20:33:22.000000000 +0200
+++ policyd-weight	2008-09-22 20:33:21.000000000 +0200
@@ -68,6 +68,7 @@ use Fcntl;
 use File::Spec;
 use Sys::Syslog qw(:DEFAULT setlogsock);
 use Net::DNS;
+use Net::IP;
 use Net::DNS::Packet qw(dn_expand);
 use IO::Socket::INET;
 use IO::Socket::UNIX;
@@ -375,7 +376,8 @@ my @dnsbl_score = (
     'bl.spamcop.net',         3.75,       -1.5,        'SPAMCOP',
     'dnsbl.njabl.org',        4.25,       -1.5,        'BL_NJABL',
     'list.dsbl.org',          4.35,          0,        'DSBL_ORG',
-    'ix.dnsbl.manitu.net',    4.35,          0,        'IX_MANITU'
+    'ix.dnsbl.manitu.net',    4.35,          0,        'IX_MANITU',
+    'rbl.ipv6-world.net',    10.05,          0,        'IPv6_RBL'

Updated RPM - SUSE and Redhat

Hi all,

	I've updated the rpm on SourceForge, the init script now works on SuSE
and Redhat so the release id has changed. Tested on openSUSE 10.3 and
RHEL4, pls let me know if you find any issues,

thnx 

____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/

Re: missing subfolders in /tmp/.policyd-weight

oh, alles klar. Ich dachte nur weil der autor auf der homepage schreibt das 
hier nicht viel los wäre.

ok, ich ändere nun mein setup ein bisschen ab, ist wohl das beste. ich 
entferne den kram aus der master
und starte den policyd-weight als separaten daemon. in der main.cf notiere 
ich dann
check_policy_service inet:127.0.0.1:12525

so wie vorgesehen. nur beim stop -> start hab ich die erfahrung gemacht das 
er da ab und zu hängt. dies kann ich aber umgehen wenn ich 
/tmp/.policyd-weight entferne nach dem stop.
ich baus mal so in das postfix startscript ein, wird das beste sein. mal 
sehen

vielen dank

andre

----- Original Message ----- 
From: "Daniel Hackenberg" <dh@...>
To: "Andre Hübner" <andre.huebner@...>
Sent: Tuesday, April 01, 2008 2:02 PM
Subject: Re: missing subfolders in /tmp/.policyd-weight

So inaktiv ist die Liste gar nicht. Das siehst du, wenn du mal in das
Listen-Archiv unter
http://news.gmane.org/gmane.mail.postfix.policyd%2dweight schaust. Und
da gibt es dann Einträge wie diesen hier
http://article.gmane.org/gmane.mail.postfix.policyd-weight/817