Yes, (see results below) - it says SPF-CHECK returned failed, and I have
spfTestMode turned on.
However, the subject does not have any ASSP added text (even though it should
since it failed) and I have test mode on.
Am I interpreting the fail wrong, or could this be an ASSP bug in not adding
the string to the subject?
Thanks!
•ISP/Secondary Header:'Received: from smtp2.netdorm.com (172.31.254.35) by
mail.mydomain.com (172.31.254.35) with Microsoft SMTP Server id 8.1.436.0; Fri,
30 Mar 2012 09:15:01 -0400 Received: from smtp2.netdorm.com ([67.214.161.138]
helo=smtp2.netdorm.com) by spamfilter.mydomain.com with ESMTP (2.1.1); 30 Mar
2012 09:15:00 -0400 Received: from usps.com (168-226-66-116.speedy.com.ar
[168.226.66.116] (may be forged)) by smtp2.netdorm.com'
•Switched to ISP/Secondary IP: '168.226.66.116'
using enhanced Originated IP detection
•detected IP's on the mail routing way: 66.46.31.241(no PTR)
•detected source IP: 66.46.31.241
sender and reply addresses:
MAIL FROM: usps_shipping_services@usps.comrecipient addresses:
Feature Matching:
• Strict SPF RE: '@usps.com'
• matching strictSPFRe(file:files/strictspf.txt[line 17]): '@usps.com'
• Block Strict SPF RE: '@usps.com'
• matching blockstrictSPFRe(@usps.com): '@usps.com'
• 168.226.66.116 is in SPFCache: status=softfail with helo=smtp2.netdorm.com
• SPF-check returned FAILED for 168.226.66.116 ->
usps_shipping_servi...@usps.com, smtp2.netdorm.com
• URIBL check: 'OK'
• Valid Format of HELO: 'smtp2.netdorm.com'
• 66.46.31.241 is in RBLCache: inserted as ok at 2012-03-30 09:15:02
• 168.226.66.116 is in RBLCache: inserted as not ok at 2012-03-30 09:15:02 ,
listed by l2.apews.org{127.0.0.2}
• domain usps.com has valid MXA record: gk-e-mail.srvs.usps.gov 56.0.101.24
• 168.226.66.0 has a Griplist value of 0.8
________________________________________
From: Paul Farrow [a...@thefabfarrows.com]
Sent: Friday, March 30, 2012 9:56 AM
To: ASSP development mailing list
Subject: Re: [Assp-test] Still not catching falsified sender domain
Have you tried the mail analyzer provided by ASSP, it might give you a
clue as to why it is accepting it?
On Fri, 30 Mar 2012 09:30:53 -0400, Michelle Dupuis wrote:
> I'm still trying to get settings right (and I think I'm close), but
> ASSP is failing to catch really obviously faked domains!
>
> I put the header below, and you can see that
> 168-226-66-116.speedy.com.ar is pretending to be usps.com. I run my
> mail through netdorm (and have setup netdorm correctly per previous
> advice). Why is ASSP not throwing out this message based on the
> obviously faked sender domain/ip ? (I even have usps.com in the
> strictSPF file but no difference).
>
> Thanks!
>
>
> Received: from smtp2.netdorm.com (172.31.254.35) by mail.mydomain.com
> (172.31.254.35) with Microsoft SMTP Server id 8.1.436.0; Fri, 30 Mar
> 2012
> 09:15:01 -0400
> Received: from smtp2.netdorm.com ([67.214.161.138]
> helo=smtp2.netdorm.com) by
> spamfilter.mydomain.com with ESMTP (2.1.1); 30 Mar 2012 09:15:00
> -0400
> Received: from usps.com (168-226-66-116.speedy.com.ar
> [168.226.66.116] (may be
> forged)) by smtp2.netdorm.com (8.13.8/8.13.8) with ESMTP id
> q2UDExvD014961;
> Fri, 30 Mar 2012 09:15:05 -0400
> Received: from [66.46.31.241] (account
>
> usps_shipping_servi...@usps.com<mailto:usps_shipping_servi...@usps.com>
> HELO
> uxrxqlfpoztpdtk.vejgrirrwzx.info) by (CommuniGate Pro SMTP 5.2.3)
> with
> ESMTPA id 274623071 for
> us...@mydomain.com<mailto:us...@mydomain.com>; Fri, 30 Mar 2012
> 10:14:56 -0300
> From: Rudy Gould
>
> <usps_shipping_servi...@usps.com<mailto:usps_shipping_servi...@usps.com>>
> To: <us...@mydomain.com<mailto:us...@mydomain.com>>,
> <us...@mydomain.com<mailto:us...@mydomain.com>>
> Subject: USPS postage labels order confirmation.
> Date: Fri, 30 Mar 2012 10:14:56 -0300
> MIME-Version: 1.0
> Content-Type: multipart/alternative; boundary="----=_ryqoj_39_54_73"
> X-Priority: 3
> X-Mailer: wynuuy_29
> Message-ID:
>
> <6979509404.jvx74cpq755...@tcidqwlmahhk.zettatccivjbe.org<mailto:6979509404.jvx74cpq755...@tcidqwlmahhk.zettatccivjbe.org>>
> X-Assp-Version: 2.1.1(11364) on spamfilter.mydomain.com
> X-Assp-Re-SPFstrict: @usps.com
> X-Assp-Received-SPF: softfail (cache) ip=67.214.161.138
>
> mailfrom=usps_shipping_servi...@usps.com<mailto:mailfrom=usps_shipping_servi...@usps.com>
> helo=smtp2.netdorm.com
> X-Assp-Message/IP-Score: 10 (SPF softfail)
> X-Assp-Message/IP-Score: 17 (DNSBL: neutral, 168.226.66.116 listed in
> l2.apews.org)
> X-Assp-DNSBL: neutral, 168.226.66.116 listed in
> (l2.apews.org<-127.0.0.2; )
> X-Assp-Spam-Prob: 0.49675
> X-Assp-ID: spamfilter.mydomain.com m1-13300-75165
> X-Assp-Detected-RIP: 66.46.31.241, 168.226.66.116
> X-Assp-Source-IP: 66.46.31.241
> X-Assp-Envelope-From:
>
> usps_shipping_servi...@usps.com<mailto:usps_shipping_servi...@usps.com>
> X-Assp-Intended-For: us...@mydomain.com<mailto:us...@mydomain.com>
> Return-Path:
>
> usps_shipping_servi...@usps.com<mailto:usps_shipping_servi...@usps.com>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
