- CLASS ATTRIBUTES
This module tries to figure out wheter the sender domain is somewhat related to the sending server.
There are three methods to determine wheter this is the case:
- 1. direct IP hit
The sender IP name is equal to the A or AAAA of the domain or the resolved (CNAME, MX) record.
Example 1: sender ip is 22.214.171.124 and the first MX record of the sender domain sender.tld is points to mail.sender.tld which has the IP 126.96.36.199
Example 2: sender ip is 188.8.131.52 and the A record of sender.tld is 184.108.40.206
- 2. domain hit
Tries to identify the association via the domain name.
Example: sender domain is something.sender.tld and the reverse hostname of the sender IP is mail.domain.tld -> both under sender.tld.
- 3. IP range hit
Tries to identify the relation via ip ranges.
Example: ip of the sender is 220.127.116.11 and ip of the A record of the sender domain is 18.104.22.168 which is within a /31 subnet
The bigger the subnet, the lower the positive weight (can be adjusted).
If no relation could be determined, the session will be scored negatively.
Keep in mind: the association of the sender ip to the sender domain does not imply at all that the mail is not spam. Only the opposite gives a hint, that the mail might be forged - or one of those webservers not associated to the domain sending a (maybe even valid) mail.
--- disable: 0 weight_direct_hit: 20 weight_domain_hit: 15 weight_range_hit: 31: 20 30: 20 29: 10 28: 10 27: 10 26: 5 25: 5 24: 5 weight_no_hit: -20
Will be created automatically.
Pre-compiled regex containing tlds.
The sender domain is directly associated to the client address
The sender domain is associated via an ip range to the client address ..
The sender domain is via a shared domain name to the client address. Eg the client address resolves to smtp.somedomain.tld and the sender is somedomain.tld or the sender's mx is mx.somedomain.tld whereas they at least somedomain.tld
Negative score. No match found.
Checks weight_range_hit for correctness, reads config
Never handle anything from localhost. Handle results are cached. First checks for exact match, then domain hit, then range hit.
Write to cache, add spam score.
Retreive records for a hostname (A, CNAME, MX) / ip (PTR)
Ulrich Kautz <email@example.com>
Copyright (c) 2010 the "AUTHOR" as listed above
This library is free software and may be distributed under the same terms as perl itself.