All types of rules can occur multiple times with different settings. The order of the rules is not relevant.

Setting the apply to all rules

  • name: Name of the rule. Will be written to the result header. Must be unique.
  • hitScore: Score, which is added to the overall score, if the rule match. Is not applied on SpfCheck, ValidHeloCheck and DistanceToMxCheck
  • missScore: Score, which is added to the overall score, if the rule not match. Is not applied on SpfCheck, ValidHeloCheck and DistanceToMxCheck

DnsblCheck

Checks a dnsbl. The check will treated as hit, if a valid A response will be returned
  • listAddress: Defines the base address of the dnsbl
  • field: Define which field should be used for the query. In the majority of cases SenderHostAddressReversed should be used. Possible values:
    • SenderHeloName: The HELO which was supplied
    • SenderHostAddress: The ip address of the sending server
    • SenderHostAddressReversed: The ip address of the sending server in reversed order
    • SenderHostReverseName: The name of the server based on a ptr lookup on the ip address
    • OriginatorMailDomain: The domain part of the originator mail address

FileListCheck

Mainly the same as the DnsblCheck, but a local file will be used instead of dns.
Lines starting with semicolon will be ignored.
  • fileName: The filename which should be used
  • field: See DnsblCheck

SpfCheck

Perfoms a normal SPF check.
  • passScore: Score, which is added to the overall score, in case of spf result pass
  • neutralScore: Score, which is added to the overall score, in case of spf result neutral
  • softFailScore: Score, which is added to the overall score, in case of spf result softfail
  • failScore: Score, which is added to the overall score, in case of spf result fail

HeloMatchPtrCheck

Checks if the HELO and the reverse lookup of the sender ip address will match.

HeloMatchAddressCheck

Checks if a lookup of the HELO will result in the sender ip address.

DynamicHostCheck

Checks if the reverse lookup of the sender ip address indicates that it is a dialup account, e.g. if it start with "dialup" or "ppp".

PtrContainsIpCheck

Checks if the reverse lookup of the sender ip address contains the ip address by itself.

HeloContainsIpCheck

Checks if the HELO contains the sender ip address.

RandomSenderCheck

Checks if the local part of the originator address seems to be a random string.

SenderDomainExistenceCheck

Checks if the domain of the originator address exists.

ValidHeloCheck

Checks if the HELO is valid to rfc
  • numericScore: Score which is added to the overall score, if the helo has only digits or dots in it. E.g. only a number or a ip address is used.
  • nonFqdnScore: Score which is added to the overall score, if the helo is not fully qualified.

DistanceToMxCheck

Checks the distance of the sender ip address to the mx server of the originating domain.
  • senderIsMxScore: Score which is added to the overall score, if they are identical.
  • senderIsNearMxScore: Score which is added to the overall score, if they are in the same /24 subnet (or /48 subnet on ipv6).
  • senderNotNearMxScore: Score which is added to the overall score, if the two conditions above will not match.

Last edited Oct 4, 2010 at 6:48 PM by AlexReinert, version 1

Comments

No comments yet.