Understanding cutoff-dsn

Mark Martinec Mark.Martinec+amavis at ijs.si
Fri Aug 26 18:53:49 CEST 2011


Lars,

> I have this in amavisd.conf:
> 
> $sa_dsn_cutoff_level = 6.3;
> $sa_crediblefrom_dsn_cutoff_level = 18;
> 
> I understand the first one, but what does the second one do? About half 
> my daily ndrs have scores higher than 6.3, and I suspect that is because 
> of the "crediblefrom".

amavisd-new-2.6.0 release notes:

- usually a sending address in spam messages is faked and it is desirable
  to suppress most if not all bounces by keeping $sa_dsn_cutoff_level low,
  but sometimes it may be possible to be more certain of the validity of
  a sending address, and when such mail is considered spam, it may still be
  desirable to send a non-delivery notification, knowing that a notification
  will most likely be addressed to a genuine sender.

  Two new settings are provided for this purpose:
    @spam_crediblefrom_dsn_cutoff_level_bysender_maps and
    @spam_crediblefrom_dsn_cutoff_level_maps
  (with their default being $sa_crediblefrom_dsn_cutoff_level),
  complementing the existing @spam_dsn_cutoff_level_bysender_maps and
  @spam_dsn_cutoff_level_maps.

  It is expected that $sa_crediblefrom_dsn_cutoff_level would be set somewhat
  higher than $sa_dsn_cutoff_level, allowing for more bounces to be generated
  for spam from likely-to-be-genuine senders (possibly false positives).

  The choice between taking a cutoff value from one or the other pair of
  settings depends on an attribute $msginfo->sender_credible - when it is
  true (e.g. some nonempty string) the *spam_crediblefrom_* settings will
  be used instead of the baseline @spam_dsn_cutoff_level_*maps.

  An initial value of a sender_credible attribute as provided by amavisd
  is true if either the 'originating' flag is true (e.g. mail from inside),
  or if dkim_envsender_sig attribute is true, e.g. a domain of a valid
  DKIM signature matches envelope sender address, otherwise it is false.
  A user-provided custom hook code is free to change the value of
  sender_credible attribute. An exact value does not matter (it is only
  interpreted as a boolean), but serves for logging purposes. Heuristics
  may be based on some tests provided by SpamAssassin, on DKIM signatures,
  on p0f results, on policy banks, etc.

  Here is one complete example of a custom hook, which turns on the
  sender_credible attribute based on some criteria. Note that some of
  the referenced SpamAssassin tests may not yet be available in the
  last officially released version of SpamAssassin.

  added to amavisd.conf:
    include_config_files('/etc/amavisd-custom.conf');

  /etc/amavisd-custom.conf :

    package Amavis::Custom;
    use strict;
    sub new { my($class,$conn,$msginfo) = @_; bless {}, $class }
    sub after_send {
      my($self,$conn,$msginfo) = @_;
      if ($msginfo->sender ne '') {
        my(@cred); local($1);
        my($tests) = $msginfo->supplementary_info('TESTS');
        $tests = ''  if !defined($tests) || $tests eq 'none';
        push(@cred,'orig')   if $msginfo->originating;
        push(@cred,$1)       if $tests =~ /\b(RCVD_IN_DNSWL_HI)\b/;
        push(@cred,$1)       if $tests =~ /\b(RCVD_IN_DNSWL_MED)\b/;
        push(@cred,$1)       if $tests =~ /\b(RP_MATCHES_RCVD)\b/;
        my($os_fingerprint) = $msginfo->client_os_fingerprint;
        if ($os_fingerprint !~ /^Windows XP(?![^(]*\b2000 SP)/) {
          push(@cred,'dkim') if $msginfo->dkim_envsender_sig;
          push(@cred,$1)     if $tests =~ /\b(SPF_PASS)\b/;
        }
        $msginfo->sender_credible(join(",", at cred))  if @cred;
      }
    }
    1;  # insure a defined return



Mark


More information about the amavis-users mailing list