Association

Tested: 2+ weeks live, test written and passed

  1. Description
    1. Critics
  2. Configuration
    1. weight_direct_hit
    2. weight_domain_hit
    3. weight_range_hit
    4. weight_no_hit
  3. Example
  4. Performance

Description^

This module tries to figure out associations between the sender IP and the sender domain. Therefore it retrieves the PTR record for the sender IP, compares it to the A, MX and CNAME (resolutes to A) of the sender domain. If any association could be found, the sender might be allowed. This does not imply the mail is not spam. However, if the opposite is the case: no association could be found, it is more likely the mail is spam (eg someone sending from a Chinese IP a googlemail.com mail..).

The module can be fine tuned. There are three association types which could be found:

  1. direct
    The sender domain A-record is the sender ip (common for small mail servers or http servers which are also mail servers)
  2. domain
    The sender domain and the PTR record of the sender IP share the same top level (eg sender domain is googlemail.com and sender IP PTR is mx-22.googlemail.com)
  3. subnet
    The sender IP and the IP of the sender domain are in the same subnet. Per default, only subnets up to /24 will be scored positive. The “closer” (eg /31 subnet is closer then a /26 subnet), the higher the positive rating.

You can consider this effort as a “lightweight SPF without SPF”.

Critics^

This approach might fit for many mail servers which run on the same server as an http server, both serving the same domain (a quite common scenario for small businesses running the own “dedicated root server”), but it might not work with very large scaled shared hosters, which have multiple http servers for their customers and a small amount of mail servers for outgoing mail and another small amount of MXes for receiving which have “nothing to do” with each other.

Configuration^

weight_direct_hit^

Default: 20
Allowed Values: integer score

Score for a direct hit (see above).

weight_domain_hit^

Default: 15
Allowed Values: integer score

Score for a top level hit (see above).

weight_range_hit^

Default: { 31:20, 30:20, 29:15,28:15, 27:15, 26:5, 25:5, 24:5 }
Allowed Values: HashRef of integer

weight_no_hit^

Default: -20
Allowed Values: integer score

If no association could be found, this weight will be applied.

Example^

---

disable: 0

weight_direct_hit: 20
weight_domain_hit: 15
weight_range_hit:
    31: 20
    30: 20
    29: 10
    28: 10
    27: 10
    26: 5
    25: 5
    24: 5
weight_no_hit: -20

Performance^

Runtime: average 2.5 secs

Comment (RSS)  |  Trackback

Leave a Reply

CAPTCHA image