OK, got it.
My question then is how do I determine why a particular email was
blocked when I don't think it should have been.
In the example below, the IP address was in my local DNS WL, but because
the IP fell into a range that was in my local BL as well, then message
was rejected.
Thanks.
Farokh
----------------------------------------------------------------------------
Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc
On 9/27/21 03:42, Thomas Eckardt wrote:
all analyzer feature matching results are 'STATELESS' - read the
bottom of the analyzer web page
Thomas
Von: "Farokh - Best Tech Service, LLC" <far...@besttechsvc.com>
An: "For Users of ASSP" <assp-user@lists.sourceforge.net>
Datum: 26.09.2021 18:52
Betreff: [Assp-user] Mail analyzer question
------------------------------------------------------------------------
I'm not sure if I'm missing it, or if not, I'd like to put in a
feature request, but when I run an email through the analyzer, I don't
see where the total score is displayed.
I ran an email that got rejected as spam, even though the IP address
was in my local WL DNS and I saw the following:
*Subject: *[SPAM] [MessageLimit] -FEMA Adds Rockland County for
Federal Assistance*
Feature Matching:*
*
•****DoNoFrom* <https://ns1.mcf.com:55555/#DoNoFrom>: OK - mode is
scoring*
•** ARC pass* The most recent
*Authenticated-Received-Chain(ARC)-Signature*
<http://arc-spec.org/> instance i=1, provided by *untrusted*
<https://ns1.mcf.com:55555/#trustedAuthForwarders> host
mx.microsoft.com for domain microsoft.com is valid - details: spf=pass
smtp.mailfrom=fema.dhs.gov; dmarc=pass action=none
header.from=fema.dhs.gov; dkim=pass header.d=fema.dhs.gov; arc=none'*
•** DKIM-check returned OK* verified-OK for identity '@fema.dhs.gov'*
•** SPF-check returned OK* for 67.231.147.98 ->
maria.pad...@fema.dhs.gov, mx0e-00376703.gpphosted.com
• SPF: pass (cache)
ip=67.231.147.98mailfrom=maria.pad...@fema.dhs.gov helo=mx0e-00376703.gpphosted.com*
•** DMARC-check returned OK - results:* dmarc: pass , spf: pass ,
dkim: pass*
•****URIBL check* <https://ns1.mcf.com:55555/#ValidateURIBL>: 'OK'*
•****Valid Format of HELO*
<https://ns1.mcf.com:55555/#DoValidFormatHelo>:
'mx0e-00376703.gpphosted.com'*
•****IP in Helo check* <https://ns1.mcf.com:55555/#DoIPinHelo>: 'OK'*
•** AUTH would be disabled**
•** RBLCheck returned OK for 67.231.147.98*: DNSBL: failed,
67.231.147.98 listed in bl.mcf.com - message score: 60
• RBLScore: bl.mcf.com -> 127.0.0.8 -> 60*
•** domain fema.dhs.gov (in Mail From: , From) has a valid MX record*:
mxb-00376703.gslb.gpphosted.com*
•** domainMX mxb-00376703.gslb.gpphosted.com has a valid A record*:
67.231.147.98*
•** 67.231.147.98 PTR record via DNS*: status=PTR OK -
mx0e-00376703.gpphosted.com*
•** 67.231.147.98 is in RWLCache*: status=tusted*
•** 67.231.147.98 SenderBase*: status=not classified, data=[CN=US,
ORG=TELECITYGROUP INTERNATIONAL LIMITED, DOM=proofpoint.com, BLS=,
HNM=Y, CIDR=21, HN=mx0e-00376703.gpphosted.com]
*
Feature Matching Log:*
Sep-26-21 12:27:31 [Main_Thread] Info: analyze detected: IP:
'67.231.147.98' , HELO: 'mx0e-00376703.gpphosted.com' , assp-Host:
'assp.xmsi.net'
Sep-26-21 12:27:31 [Main_Thread] Info: forwarding host
'mx.microsoft.com' provided valid ARC-Authentication-Results: i=1;
spf=pass
smtp.mailfrom=fema.dhs.gov; dmarc=pass action=none
header.from=fema.dhs.gov;
dkim=pass header.d=fema.dhs.gov; arc=none
Sep-26-21 12:27:31 [Main_Thread] [scoring] DKIM signature verified-OK
- header-passed - identity is: @fema.dhs.gov - sender policy is:
neutral - author policy is: neutral
Sep-26-21 12:27:31 [Main_Thread] Info: domain fema.dhs.gov has
published a DMARC record
Sep-26-21 12:27:31 [Main_Thread] Info: analyzing MIME header in
incoming email for virus
Sep-26-21 12:27:31 [Main_Thread] Info: analyzing attachments in
incoming email
Sep-26-21 12:27:32 [Main_Thread] Info: word stemming engine detected
no language in mail
Sep-26-21 12:27:32 [Main_Thread] [scoring] DNSBL: failed,
67.231.147.98 listed in (bl.mcf.com<-127.0.0.8)
It shows that the IP address is in the RWLCache, but the only score I
see if the 60 from the DNSBL.
Am I missing something?
Thanks.
--
Farokh
----------------------------------------------------------------------------
Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook: _https://www.facebook.com/besttechsvc_
<https://www.facebook.com/besttechsvc>_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
<https://lists.sourceforge.net/lists/listinfo/assp-user>
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential,
legally privileged and protected in law and are intended solely for
the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user