Yes, (see results below) - it says SPF-CHECK returned failed, and I have spfTestMode turned on.
However, the subject does not have any ASSP added text (even though it should since it failed) and I have test mode on. Am I interpreting the fail wrong, or could this be an ASSP bug in not adding the string to the subject? Thanks! •ISP/Secondary Header:'Received: from smtp2.netdorm.com (172.31.254.35) by mail.mydomain.com (172.31.254.35) with Microsoft SMTP Server id 8.1.436.0; Fri, 30 Mar 2012 09:15:01 -0400 Received: from smtp2.netdorm.com ([67.214.161.138] helo=smtp2.netdorm.com) by spamfilter.mydomain.com with ESMTP (2.1.1); 30 Mar 2012 09:15:00 -0400 Received: from usps.com (168-226-66-116.speedy.com.ar [168.226.66.116] (may be forged)) by smtp2.netdorm.com' •Switched to ISP/Secondary IP: '168.226.66.116' using enhanced Originated IP detection •detected IP's on the mail routing way: 66.46.31.241(no PTR) •detected source IP: 66.46.31.241 sender and reply addresses: MAIL FROM: usps_shipping_services@usps.comrecipient addresses: Feature Matching: • Strict SPF RE: '@usps.com' • matching strictSPFRe(file:files/strictspf.txt[line 17]): '@usps.com' • Block Strict SPF RE: '@usps.com' • matching blockstrictSPFRe(@usps.com): '@usps.com' • 168.226.66.116 is in SPFCache: status=softfail with helo=smtp2.netdorm.com • SPF-check returned FAILED for 168.226.66.116 -> usps_shipping_servi...@usps.com, smtp2.netdorm.com • URIBL check: 'OK' • Valid Format of HELO: 'smtp2.netdorm.com' • 66.46.31.241 is in RBLCache: inserted as ok at 2012-03-30 09:15:02 • 168.226.66.116 is in RBLCache: inserted as not ok at 2012-03-30 09:15:02 , listed by l2.apews.org{127.0.0.2} • domain usps.com has valid MXA record: gk-e-mail.srvs.usps.gov 56.0.101.24 • 168.226.66.0 has a Griplist value of 0.8 ________________________________________ From: Paul Farrow [a...@thefabfarrows.com] Sent: Friday, March 30, 2012 9:56 AM To: ASSP development mailing list Subject: Re: [Assp-test] Still not catching falsified sender domain Have you tried the mail analyzer provided by ASSP, it might give you a clue as to why it is accepting it? On Fri, 30 Mar 2012 09:30:53 -0400, Michelle Dupuis wrote: > I'm still trying to get settings right (and I think I'm close), but > ASSP is failing to catch really obviously faked domains! > > I put the header below, and you can see that > 168-226-66-116.speedy.com.ar is pretending to be usps.com. I run my > mail through netdorm (and have setup netdorm correctly per previous > advice). Why is ASSP not throwing out this message based on the > obviously faked sender domain/ip ? (I even have usps.com in the > strictSPF file but no difference). > > Thanks! > > > Received: from smtp2.netdorm.com (172.31.254.35) by mail.mydomain.com > (172.31.254.35) with Microsoft SMTP Server id 8.1.436.0; Fri, 30 Mar > 2012 > 09:15:01 -0400 > Received: from smtp2.netdorm.com ([67.214.161.138] > helo=smtp2.netdorm.com) by > spamfilter.mydomain.com with ESMTP (2.1.1); 30 Mar 2012 09:15:00 > -0400 > Received: from usps.com (168-226-66-116.speedy.com.ar > [168.226.66.116] (may be > forged)) by smtp2.netdorm.com (8.13.8/8.13.8) with ESMTP id > q2UDExvD014961; > Fri, 30 Mar 2012 09:15:05 -0400 > Received: from [66.46.31.241] (account > > usps_shipping_servi...@usps.com<mailto:usps_shipping_servi...@usps.com> > HELO > uxrxqlfpoztpdtk.vejgrirrwzx.info) by (CommuniGate Pro SMTP 5.2.3) > with > ESMTPA id 274623071 for > us...@mydomain.com<mailto:us...@mydomain.com>; Fri, 30 Mar 2012 > 10:14:56 -0300 > From: Rudy Gould > > <usps_shipping_servi...@usps.com<mailto:usps_shipping_servi...@usps.com>> > To: <us...@mydomain.com<mailto:us...@mydomain.com>>, > <us...@mydomain.com<mailto:us...@mydomain.com>> > Subject: USPS postage labels order confirmation. > Date: Fri, 30 Mar 2012 10:14:56 -0300 > MIME-Version: 1.0 > Content-Type: multipart/alternative; boundary="----=_ryqoj_39_54_73" > X-Priority: 3 > X-Mailer: wynuuy_29 > Message-ID: > > <6979509404.jvx74cpq755...@tcidqwlmahhk.zettatccivjbe.org<mailto:6979509404.jvx74cpq755...@tcidqwlmahhk.zettatccivjbe.org>> > X-Assp-Version: 2.1.1(11364) on spamfilter.mydomain.com > X-Assp-Re-SPFstrict: @usps.com > X-Assp-Received-SPF: softfail (cache) ip=67.214.161.138 > > mailfrom=usps_shipping_servi...@usps.com<mailto:mailfrom=usps_shipping_servi...@usps.com> > helo=smtp2.netdorm.com > X-Assp-Message/IP-Score: 10 (SPF softfail) > X-Assp-Message/IP-Score: 17 (DNSBL: neutral, 168.226.66.116 listed in > l2.apews.org) > X-Assp-DNSBL: neutral, 168.226.66.116 listed in > (l2.apews.org<-127.0.0.2; ) > X-Assp-Spam-Prob: 0.49675 > X-Assp-ID: spamfilter.mydomain.com m1-13300-75165 > X-Assp-Detected-RIP: 66.46.31.241, 168.226.66.116 > X-Assp-Source-IP: 66.46.31.241 > X-Assp-Envelope-From: > > usps_shipping_servi...@usps.com<mailto:usps_shipping_servi...@usps.com> > X-Assp-Intended-For: us...@mydomain.com<mailto:us...@mydomain.com> > Return-Path: > > usps_shipping_servi...@usps.com<mailto:usps_shipping_servi...@usps.com> > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test