It doesn't seem like the domain is being returned, just the network name, so a lot domains that should result in a white org score, aren't hitting. This doesn't appear to be an ASSP problem
I just did a lookup for the ip 38.100.169.66 At the senderbase website, it shows a domain of e.delta.com, which I have whitelisted (Delta Airlines) However, a nslookup for the txt record only shows 38.100.169.66.query.senderbase.org text = "0-0=1|1=CHARTER COMMUNICATIONS|2=7.2|3=7.3|4=62870|6=0|7=47|8=9404927|9=157351|45=N|46=16|48=24|50=Fort Worth|5 1=TX|52=76114|53=US|54=-97.3972|55=32.7807" Nowhere to I see e.delta.com which explains why ASSP isn't matching. Is this the same way that ASSP queries senderbase? Is there a way to have ASSP ask senderbase to return the best guess domain name just like SenderBase does on its website? That would solve the problem where the netblock is a major carrier, that carrier can't be whitelisted, but the domain that's returned (or hostname) is whitelisted. On Tue, May 5, 2015 at 5:34 PM, K Post <nntp.p...@gmail.com> wrote: > SenderBaseLog was set to standard before. Set it to diagnostic. > > On Tue, May 5, 2015 at 12:25 PM, Thomas Eckardt < > thomas.ecka...@thockar.com> wrote: > >> > > but where's the senderbase line in the log? >> >> check SenderBaseLog >> >> Thomas >> >> >> >> >> Von: K Post <nntp.p...@gmail.com> >> An: ASSP development mailing list <assp-test@lists.sourceforge.net> >> Datum: 05.05.2015 18:21 >> Betreff: Re: [Assp-test] Senderbase not always matching domain >> >> >> >> >good point but I've no answer, sounds like you found a bug >> Hopefully Thomas will have some time to look into this. >> >> Thanks again. >> >> On Tue, May 5, 2015 at 11:42 AM, Grayhat <gray...@gmx.net> wrote: >> >> > :: On Tue, 5 May 2015 11:22:07 -0400 >> > :: <CALhpkAnP1_EObYXMgfduF7smppj82gPx1=tbtp+vpsq0xlj...@mail.gmail.com> >> > :: K Post <nntp.p...@gmail.com> wrote: >> > >> > > > Sorry Greyhat, you lost me. What does this show different from >> > > > what I was >> > > saying? Maybe I wasn't clear. >> > > When I pull up the analyze interface in assp it shows only Cogent, >> > > doesn't show e.delta.com, do it's not a match to my regex, and >> > > thereby doesn't get the whitesenderorg bonus. >> > >> > yeah, you're right, it's a strange behavior; I wonder if ASSP is using >> > the /24 instead of the IP (didn't check the code) ... >> > >> > > And here's another issue I'm seeing with Senderbase: >> > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> u...@ourcharity.org >> > > DKIM-Signature found >> > >> > and here ASSP says that the message contains a DKIM signature >> > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> u...@ourcharity.org >> > > info: domain emails.snapfish.com has published a DMARC record >> > >> > and that the sending MTA domain (emails...) publishes a DMARC record >> > >> > http://www.senderbase.org/lookup/?search_string=12.130.137.89 >> > >> > > [MissingMX] 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> > > u...@ourcharity.org [scoring] MX missing: emails.snapfish.com >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> u...@ourcharity.org >> > > Message-Score: added 10 (mxValencePB) for MX missing: >> > > emails.snapfish.com, total score for this message is now 10 >> > >> > wrong, the domain has two MX records, that is >> > >> > MX 10 imh.rsys2.net. >> > MX 20 imh2.rsys2.net. >> > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> > > u...@ourcharity.org HMM Check [scoring] - Prob: 1.00000 => spam >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> u...@ourcharity.org >> > > Message-Score: added 49 for HMM Probability: 1.0000, total score for >> > > this message is now 59 >> > >> > ok sounds like HMM isn't properly trained, let's skip this one for the >> > moment ... >> > >> > > The from IP in the Responsys network, and I've got that network >> > > whitelisted in my senderbasewhite org config. I've got senderbase >> > > set to score. Senderbase logging is set to normal. >> > >> > here's what senderbase replies when queried (over DNS) for that IP >> > >> > IP address : 12.130.137.89 >> > version : 1 >> > org_name : RESPONSYS >> > org_daily_magnitude : 7.3 >> > org_monthly_magnitude : 7.2 >> > org_first_message : 0 >> > org_domains_count : 3 >> > org_ip_controlled_count : 5640 >> > org_ip_used_count : 2889 >> > hostname : omp.emails.snapfish.com >> > hostname_matches_ip : Y >> > ip_daily_magnitude : 4.1 >> > ip_monthly_magnitude : 4.7 >> > ip_average_magnitude : 4.8 >> > ip_30_day_volume_percent : 7.8 >> > ip_in_bonded_sender : N >> > ip_cidr_range : 12.130.136.0/22 >> > undocumented #48 : 24 >> > ip_country : US >> > ip_longitude : -97.0 >> > ip_latitude : 38.0 >> > >> > so, yes, the ASSP org check should match that "RESPONSYS" if you placed >> > it in whiteorg >> > >> > >> > > In the ASSP analyze interface, it shows a WHITE match as it should) >> > > 12.130.137.89 SenderBase: status=white SenderBase, >> > > data=US, RESPONSYS, , , Y, 22 >> > > but where's the senderbase line in the log? >> > >> > good point but I've no answer, sounds like you found a bug >> > >> > >> > >> > >> >> ------------------------------------------------------------------------------ >> > One dashboard for servers and applications across Physical-Virtual-Cloud >> > Widest out-of-the-box monitoring support with 50+ applications >> > Performance metrics, stats and reports that give you Actionable Insights >> > Deep dive visibility with transaction tracing using APM Insight. >> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> > _______________________________________________ >> > Assp-test mailing list >> > Assp-test@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/assp-test >> > >> >> ------------------------------------------------------------------------------ >> One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable Insights >> Deep dive visibility with transaction tracing using APM Insight. >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >> >> >> >> >> >> DISCLAIMER: >> ******************************************************* >> This email and any files transmitted with it may be confidential, legally >> privileged and protected in law and are intended solely for the use of the >> >> individual to whom it is addressed. >> This email was multiple times scanned for viruses. There should be no >> known virus in this email! >> ******************************************************* >> >> >> ------------------------------------------------------------------------------ >> One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable Insights >> Deep dive visibility with transaction tracing using APM Insight. >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> > > ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test