Understanding cutoff-dsn
Mark Martinec
Mark.Martinec+amavis at ijs.si
Fri Aug 26 18:53:49 CEST 2011
Lars,
> I have this in amavisd.conf:
>
> $sa_dsn_cutoff_level = 6.3;
> $sa_crediblefrom_dsn_cutoff_level = 18;
>
> I understand the first one, but what does the second one do? About half
> my daily ndrs have scores higher than 6.3, and I suspect that is because
> of the "crediblefrom".
amavisd-new-2.6.0 release notes:
- usually a sending address in spam messages is faked and it is desirable
to suppress most if not all bounces by keeping $sa_dsn_cutoff_level low,
but sometimes it may be possible to be more certain of the validity of
a sending address, and when such mail is considered spam, it may still be
desirable to send a non-delivery notification, knowing that a notification
will most likely be addressed to a genuine sender.
Two new settings are provided for this purpose:
@spam_crediblefrom_dsn_cutoff_level_bysender_maps and
@spam_crediblefrom_dsn_cutoff_level_maps
(with their default being $sa_crediblefrom_dsn_cutoff_level),
complementing the existing @spam_dsn_cutoff_level_bysender_maps and
@spam_dsn_cutoff_level_maps.
It is expected that $sa_crediblefrom_dsn_cutoff_level would be set somewhat
higher than $sa_dsn_cutoff_level, allowing for more bounces to be generated
for spam from likely-to-be-genuine senders (possibly false positives).
The choice between taking a cutoff value from one or the other pair of
settings depends on an attribute $msginfo->sender_credible - when it is
true (e.g. some nonempty string) the *spam_crediblefrom_* settings will
be used instead of the baseline @spam_dsn_cutoff_level_*maps.
An initial value of a sender_credible attribute as provided by amavisd
is true if either the 'originating' flag is true (e.g. mail from inside),
or if dkim_envsender_sig attribute is true, e.g. a domain of a valid
DKIM signature matches envelope sender address, otherwise it is false.
A user-provided custom hook code is free to change the value of
sender_credible attribute. An exact value does not matter (it is only
interpreted as a boolean), but serves for logging purposes. Heuristics
may be based on some tests provided by SpamAssassin, on DKIM signatures,
on p0f results, on policy banks, etc.
Here is one complete example of a custom hook, which turns on the
sender_credible attribute based on some criteria. Note that some of
the referenced SpamAssassin tests may not yet be available in the
last officially released version of SpamAssassin.
added to amavisd.conf:
include_config_files('/etc/amavisd-custom.conf');
/etc/amavisd-custom.conf :
package Amavis::Custom;
use strict;
sub new { my($class,$conn,$msginfo) = @_; bless {}, $class }
sub after_send {
my($self,$conn,$msginfo) = @_;
if ($msginfo->sender ne '') {
my(@cred); local($1);
my($tests) = $msginfo->supplementary_info('TESTS');
$tests = '' if !defined($tests) || $tests eq 'none';
push(@cred,'orig') if $msginfo->originating;
push(@cred,$1) if $tests =~ /\b(RCVD_IN_DNSWL_HI)\b/;
push(@cred,$1) if $tests =~ /\b(RCVD_IN_DNSWL_MED)\b/;
push(@cred,$1) if $tests =~ /\b(RP_MATCHES_RCVD)\b/;
my($os_fingerprint) = $msginfo->client_os_fingerprint;
if ($os_fingerprint !~ /^Windows XP(?![^(]*\b2000 SP)/) {
push(@cred,'dkim') if $msginfo->dkim_envsender_sig;
push(@cred,$1) if $tests =~ /\b(SPF_PASS)\b/;
}
$msginfo->sender_credible(join(",", at cred)) if @cred;
}
}
1; # insure a defined return
Mark
More information about the amavis-users
mailing list