Help with IP reputation

Christian Rößner c at roessner-network-solutions.com
Tue Dec 9 17:27:33 CET 2014


Hi,

I have a problem with the redis based IP reputation. We get legitimate mail from Euronics Germany, which did not arrive today, as amavisd rejected dozens of mail recognized as spam.

I can see that most mail score around 1.2 - 2.0, bur rhis shouldn’t matter. Unfortunately this mornig, we got a mail, which was above spam level 4.89, at which we reject mail. At this moment, all later mail got AM.IP_BAD_… added, which led to massive mail loss at the receiving side.

Now I simply could add their IP address to the ignore networks parameter, but I would love to solve the problem at the source.

I found this code in amavisd:

13860     if ($redis_storage && c('enable_ip_repu')) {
13861       $which_section = 'redis_ip_repu';
13862       my($score, $worst_ip) =
13863         $redis_storage->query_and_update_ip_reputation($msginfo);
13864       if ($score && $score >= 0.5) {
13865         $msginfo->ip_repu_score($score);
13866         my $spam_test = sprintf('AM.IP_BAD_%s=%.1f', $worst_ip, $score);
13867         for my $r (@{$msginfo->per_recip_data}) {
13868           $r->spam_level( ($r->spam_level || 0) + $score);
13869           $r->spam_tests([])  if !$r->spam_tests;
13870           unshift(@{$r->spam_tests}, \$spam_test);
13871         }
13872       }

I am not a Perl developer, so I have a little bit problems to understand things. What I would love to reach is that the $score can never be more than a fixed value. Let’s say 3.5. So one wishlist feature is to have a parameter that specifies a max_bad_ip_score, but in the meantime, I would like to hard-code this to get things back to work.

Could someone help me with this?

Thanks a lot

Christian
--
Bachelor of Science Informatik
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20141209/fce52222/attachment.sig>


More information about the amavis-users mailing list