But if the MX is missing, with your check the MXA will obviously always
fail. Why not check if an A record exists for the sender hostname? That's
legal per RFC. That would avoid forcing manual tracking and turning on
mxcaching (which I don't do because so many of our vendors are idiots and
often mess up their records, I want it to check every time).
On Thu, Apr 19, 2018 at 7:20 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> 1. a mail is only blocked if both MX and MXA failed
> 2. using the defaults for mxValencePB(10) and mxaValencePB(15) the
> resulting score is:
> - no MX : 25
> - no MXA : 10
>
> This check follows not any RFC. It assumes, that a missing MX and a
> missing MXA are very good indicators for spam sources.
>
> You have three options.
>
> 1. disable this check
> 2. adjust the penalty score settings to your needs
> 3. add long life entries for failing domains to the MXACache manually
> (means - fake the MX and MXA)
>
> Thomas
>
>
>
> Von: "K Post" <nntp.p...@gmail.com>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.
> net>
> Datum: 18.04.2018 16:45
> Betreff: Re: [Assp-test] Incorrect no A record
> ------------------------------
>
>
>
> I'm sorry for my recent volume of email to this list. I feel like this
> discussion has led to some significant ASSP improvements. Thank you for
> continuing to entertain my ideas.
>
> Summary:
> This doesn't happen very often, because what legit senders don't use an MX
> these days, but woot/amazon apparently does. My suggestion is to slightly
> change assp as follows
> 1) score for missing MX record (existing functionality)
> 2) score if there IS an MX record, but there's no IP for that - or if the
> mx record is an ip address itself, make sure there is a valid ptr if
> doinvalidptr is enabled (change: only do this if there IS an mx record)
> 3) score if there's no MX record and there's no IP for the hostname of the
> sender address (new functionality)
>
> Please allow to explain my thinking:
> Isn't it completely legal to send mail from *bounces.woot.com*
> <http://bounces.woot.com/> even though there's no MX record since there
> IS an A record for it? RFC5321 says
>
> If an empty list of MXs is returned, the address is treated as if it
> was associated with an implicit MX RR, with a preference of 0, pointing to
> that host.
>
> (if there's no MX, send to the A record)
>
> Now granted, this is unusual, but it's legal and woot/Amazon appears to be
> doing it. I've seen other legit senders only have an A address, especially
> for the *bounce.whatever.com* <http://bounce.whatever.com/> domains. I
> don't know why they do this, but they do.
>
> I DO think these kind of senders should be penalized for not having an MX
> record because that is kind of spammy, but to penalize a second time
> because there's *no A record associated with the non-existent MX* record
> seems too extreme, if there's a missing MX record there will of course
> never be an A record for that MX, because there is no MX. I think this is
> flawed. If there's a no MX score, MXA will also ALWAYS be added. The
> only time MXA gets added without the MX score is when there's an mx record
> but there's no a record/ptr. I'd think we would want this to be one or the
> other score for these 2 and my 1-2-3 suggestion above accomplishes that.
>
>
> My #3 option comes into play when there's no MX record (which is legal)
> but there's also no A record (which isn't legal if there's no MX record). I
> always assumed (I guess incorrectly) that if there was no MX record, ASSP
> checked for an IP Address for the hostname of the sending address. That's
> what DoDomainCheck implies to me at least. Sometimes it's just one word
> that can make the difference, here for me it's "or." My confusion stems
> from my thought that the sender address is checked fora valid MX OR for an
> A record like the description says.
>
> DoDomainCheck
> If activated, the sender address and each address found in the following
> header lines (ReturnReceipt:, Return-Receipt-To:,
> Disposition-Notification-To:, Return-Path:, Reply-To:, Sender:, Errors-To:,
> List-...:)* is checked for a valid MX **or** A record*. Scoring is done
> for non existing MX ( mxValencePB ) record and non existing A record (
> mxaValencePB ) - a messages fails (block), if both records are not found.
> If only an IP-address is found for a MX, the A record check fails, if the
> IP has no valid PTR and DoInvalidPTR is enabled.
>
> The sender address is checked for MX, but it is not checked for an A -
> it's the MX record (which doesn't exist) that's being checked for the A.
> With my option 3, the A check for a missing MX wouldn't be done, but an A
> check for the hostname would. If neither exists we could score pretty high.
>
> What do you think?
>
>
>
>
>
>
> On Wed, Apr 18, 2018 at 4:24 AM, Thomas Eckardt <
> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
> I can't find anything wrong.
>
> There is no MX record - and for this reason, there can't be an A record
> for the MX *[MissingMXA]* .
> Remember - the A record check is done for the MX - not for anything else!
>
> Thomas
>
>
>
>
> Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>>
> An: "ASSP development mailing list" <
> *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>>
> Datum: 17.04.2018 22:24
> Betreff: [Assp-test] Incorrect no A record
> ------------------------------
>
>
>
>
> I've got a constant problem with emails from *woot.com* <http://woot.com/>
> (an Amazon.com company). This has been going on at least for a month and
> I'm baffled (no surprise there :) )
> I've not seen this with any other sender, but it could be happening
> elsewhere and I just don't notice.
>
> Their mail from: is *longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>
> This domain does not have a MX record set (surprising for Amazon), so it's
> scored
> This DOES have an A record though, but ASSP reports MissingMXA
>
>
> (only significant log lines shown)
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org *woot.com*
> <http://woot.com/> - MX '*amazon-smtp.amazon.com*
> <http://amazon-smtp.amazon.com/>' - got IP (207.171.188.180)
> Apr-17-18 15:34:58 74882-14329 [MissingMX] 54.240.15.37 <
> *longstr...@bounces.woot.com* <longstr...@bounces.woot.com>> to:
> ouru...@ourcharity.org [[scoring]] MX missing: *bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:)
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org Message-Score:
> added 10 (mxValencePB) for MX missing: *bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:), total score for this message is
> now 3
> Apr-17-18 15:34:58 74882-14329 *[MissingMXA]* 54.240.15.37 <
> *longstr...@bounces.woot.com* <longstr...@bounces.woot.com>> to:
> ouru...@ourcharity.org [[scoring]] *A record missing: **bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:)
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org Message-Score:
> added 15 (mxaValencePB) for A record missing: *bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:), total score for this message is
> now 18
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org MX found:
> *woot.com* <http://woot.com/> (From) -> *amazon-smtp.amazon.com*
> <http://amazon-smtp.amazon.com/>
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org A record found:
> *woot.com* <http://woot.com/> (From) -> 207.171.188.180
>
> I thought it might be a caching thing, but PTRCacheInterval and
> MXChacheInterval are both 0.
> I did an nslookup using the dns servers that ASSP uses and I get the A
> record for *bounces.woot.com* <http://bounces.woot.com/>
>
> Any idea how this could be happening?
>
>
>
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
