Thomas,
X-Assp-Version: 2.3.4(13233)
There were three messages received, one each on three different ASSP.
All ASSP were running the same version. All messages from same sender.
All messages to same domain, but different recipients. All three
instances filtered identically. The messages were received at different
times; 1:02, 1:03, and 1:14.
The recipient domain is in spamlover.
The IP address, 124.247.247.100, is DNS black listed locally by me. Has
been black listed for weeks.
1. Issue: Note that in the Mail analyzer results, the IP address
triggered an "RBLCheck returned FAILED". Log file indicates it knows the
IP addresses involved. However, in log files, there is no indication
that an RBL check was run. Log file indicates URIBL checks were run.
Headers do not indicate RBL failure.
2. Issue: Headers indicate DKIM check was performed and passed. No
indication in log files that DKIM check was performed. There are entries
for DMARC.
3. Expectation: I would have expected the following headers in the message.
Expected but absent headers
================================
X-Assp-Message/IP-Score: 100 (DNSBL: failed, 124.247.247.100 listed in
blocklist.mathbox.net)
X-Assp-DNSBL: failed, 124.247.247.100 listed in
(blocklist.mathbox.net<-127.0.0.2; )
X-Assp-Spam: YES
X-Assp-Block: NO (Spamlover)
================================
Pertinent log entries
================================
13-Sep-02 01:02:06 [Worker_1] Info: enhanced Originated IP detection
ignored IP's: 209.85.160.54
13-Sep-02 01:02:06 [Worker_1] Info: enhanced Originated IP detection
found IP's: 124.247.247.100
.
.
.
13-Sep-02 01:02:07 [Worker_1] Info: try DMARC
13-Sep-02 01:02:07 [Worker_1] Info: looking for DMARC in _dmarc.gmail.com
13-Sep-02 01:02:07 [Worker_1] Info: got RR _dmarc.gmail.com - "v=dmarc1;
p=none; rua=mailto:mailauth-repo...@google.com
13-Sep-02 01:02:07 [Worker_1] Info: got DMARC rua =
mailto:mailauth-repo...@google.com
13-Sep-02 01:02:07 [Worker_1] Info: got DMARC p = none
13-Sep-02 01:02:07 [Worker_1] Info: got DMARC v = dmarc1
.
.
.
13-Sep-02 01:02:08 [Worker_1] Sending DNS(A)-query to 208.69.48.6[:53]
on blockuri.mathbox.net for URIBL checks on gmail.com
13-Sep-02 01:02:08 [Worker_1] Sending DNS(TXT)-query to 208.69.48.6[:53]
on blockuri.mathbox.net for URIBL checks on gmail.com
13-Sep-02 01:02:08 [Worker_1] Sending DNS(A)-query to 208.69.48.6[:53]
on multi.surbl.org for URIBL checks on gmail.com
13-Sep-02 01:02:08 [Worker_1] Sending DNS(TXT)-query to 208.69.48.6[:53]
on multi.surbl.org for URIBL checks on gmail.com
13-Sep-02 01:02:08 [Worker_1] Sending DNS(A)-query to 208.69.48.6[:53]
on black.uribl.com for URIBL checks on gmail.com
13-Sep-02 01:02:08 [Worker_1] Sending DNS(TXT)-query to 208.69.48.6[:53]
on black.uribl.com for URIBL checks on gmail.com
13-Sep-02 01:02:08 [Worker_1] Commencing URIBL checks on 'gmail.com'
13-Sep-02 01:02:09 [Worker_1] Got 3 answers, 3 replies and 0 hits after
1 seconds for URIBL checks on 'gmail.com'
13-Sep-02 01:02:09 [Worker_1] Got OK replies from (blockuri.mathbox.net
multi.surbl.org) - NOTOK replies from () for URIBL on 'gmail.com'
13-Sep-02 01:02:09 [Worker_1] Completed URIBL checks on 'gmail.com'
================================
Mail Analyzer with Full headers intact
=========================================
analyze is restricted to a maximum length of 10966 bytes
ASSP-ID: mx03-scanner.mathbox.net 98124-08976
ASSP-Session: 31DE1B24 (mail 1)
removed all local X-ASSP- header lines for analysis
sender and reply addresses:
From: rebecca53...@gmail.com
recipient addresses:
To: recipi...@recipientdomain.tld
using enhanced Originated IP detection
using enhanced Originated IP detection
•detected IP's on the mail routing way: 124.247.247.100(no PTR)
209.85.160.54(no PTR)
•detected source IP: 124.247.247.100
Feature Matching:
• Strict SPF RE: '@gmail.com'
• matching strictSPFRe(file:files/strictspf.txt[line 1]): '@gmail.com'
• DKIM-check returned OK failed
• URIBL check: 'OK'
• RBLCheck returned FAILED for 124.247.247.100: DNSBL: failed,
124.247.247.100 listed in blocklist.mathbox.net
• RBLCheck returned OK for 209.85.160.54:
• domain gmail.com has valid MXA record: gmail-smtp-in.l.google.com
173.194.75.26
• RWLcheck returned OK for : status=unknown
=========================================
Message Headers
=========================================
Received: from mx03.mathbox.net [208.69.48.43] by mail.mathbox.com
(SMTPD-8.22) id ABD904C4; Mon, 02 Sep 2013 01:02:17 -0400
Received: from mx03-scanner.mathbox.net ([208.69.48.43])
by mx03.mathbox.net
; Mon, 2 Sep 2013 01:02:09 -0400
Received: from mail-pb0-f54.google.com ([209.85.160.54]
helo=mail-pb0-f54.google.com)
by mx03-scanner.mathbox.net with SMTP (2.3.4); 2 Sep 2013 01:02:03 -0400
Received: by mail-pb0-f54.google.com with SMTP id ro12so4264446pbb.41
for <recipi...@recipientdomain.tld>; Sun, 01 Sep 2013 22:02:04
-0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=message-id:content-type:mime-version:subject:to:from:date;
bh=kCGVJWrIAJWKkBYLVR6xvpkK12INZ/TU80ZYudztIyE=;
b=bssct9d/08eKZ/Uc+eShocjHI1B7+7tc8jNa2q3ASuQeQyvzwisFArOY2ds99yrCYI
WdSc0Yk6vKDNX15JwWiEtPpIlhwdrj5CMMP8vDvZ+7pveNkuUDHdYjGL5gZ167f8KFVK
oNLMrG0napphog3S41M/pyfL7KeSDjc+FxNUwbw/haQRbTzUtWlEWzKTiXu9e4mOAK4Y
RLTUujD/agTtnYxMnkbG0dM/09Z/66wUUAXVQsded1alFldBYGSDbhw7Cr+iVjEk0hM+
JFkJ4YmvJxePmDFNq4Jm9kFOR4tk/AlI/30tbQnKOm67PUZu36evqvbk1h8jt8rNaPlZ
i+lw==
X-Received: by 10.68.102.165 with SMTP id fp5mr23501977pbb.83.1378098124518;
Sun, 01 Sep 2013 22:02:04 -0700 (PDT)
Return-Path: <rebecca53...@gmail.com>
Received: from optif-4.optifserver.com ([124.247.247.100])
by mx.google.com with ESMTPSA id
mz5sm13200256pbc.18.1969.12.31.16.00.00
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Sun, 01 Sep 2013 22:02:03 -0700 (PDT)
Message-ID: <52241bcb.25d3440a.6dda.7...@mx.google.com>
Content-Type: multipart/alternative; boundary="===============1389920264=="
MIME-Version: 1.0
Subject: Fws:Sales and Marketing lead data september 2013.
To: recipi...@recipientdomain.tld
From: "Emma" <rebecca53...@gmail.com>
Date: Mon, 02 Sep 2013 10:32:00 +0530
X-Assp-ID: mx03-scanner.mathbox.net 98124-08976
X-Assp-Session: 31DE1B24 (mail 1)
X-Assp-Detected-RIP: 124.247.247.100
X-Assp-Source-IP: 124.247.247.100
X-Assp-Envelope-From: rebecca53...@gmail.com
X-Assp-Intended-For: recipi...@recipientdomain.tld
X-Assp-Version: 2.3.4(13233) on mx03-scanner.mathbox.net
X-Assp-Re-SPFstrict: @gmail.com
X-Original-Authentication-Results: mx03-scanner.mathbox.net;
dkim=pass spf=pass
X-Assp-Remote-Outbound-IP: 209.85.160.54
X-Assp-Detected-URI: gmail.com(4)
X-Assp-DKIM: verified-OK
=========================================
--
Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
