It doesn't seem like the domain is being returned, just the network name,
so a lot domains that should result in a white org score, aren't hitting.
This doesn't appear to be an ASSP problem
I just did a lookup for the ip 38.100.169.66
At the senderbase website, it shows a domain of e.delta.com, which I have
whitelisted (Delta Airlines)
However, a nslookup for the txt record only shows
38.100.169.66.query.senderbase.org text =
"0-0=1|1=CHARTER
COMMUNICATIONS|2=7.2|3=7.3|4=62870|6=0|7=47|8=9404927|9=157351|45=N|46=16|48=24|50=Fort
Worth|5
1=TX|52=76114|53=US|54=-97.3972|55=32.7807"
Nowhere to I see e.delta.com which explains why ASSP isn't matching. Is
this the same way that ASSP queries senderbase? Is there a way to have
ASSP ask senderbase to return the best guess domain name just like
SenderBase does on its website? That would solve the problem where the
netblock is a major carrier, that carrier can't be whitelisted, but the
domain that's returned (or hostname) is whitelisted.
On Tue, May 5, 2015 at 5:34 PM, K Post <nntp.p...@gmail.com> wrote:
> SenderBaseLog was set to standard before. Set it to diagnostic.
>
> On Tue, May 5, 2015 at 12:25 PM, Thomas Eckardt <
> thomas.ecka...@thockar.com> wrote:
>
>> > > but where's the senderbase line in the log?
>>
>> check SenderBaseLog
>>
>> Thomas
>>
>>
>>
>>
>> Von: K Post <nntp.p...@gmail.com>
>> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
>> Datum: 05.05.2015 18:21
>> Betreff: Re: [Assp-test] Senderbase not always matching domain
>>
>>
>>
>> >good point but I've no answer, sounds like you found a bug
>> Hopefully Thomas will have some time to look into this.
>>
>> Thanks again.
>>
>> On Tue, May 5, 2015 at 11:42 AM, Grayhat <gray...@gmx.net> wrote:
>>
>> > :: On Tue, 5 May 2015 11:22:07 -0400
>> > :: <CALhpkAnP1_EObYXMgfduF7smppj82gPx1=tbtp+vpsq0xlj...@mail.gmail.com>
>> > :: K Post <nntp.p...@gmail.com> wrote:
>> >
>> > > > Sorry Greyhat, you lost me. What does this show different from
>> > > > what I was
>> > > saying? Maybe I wasn't clear.
>> > > When I pull up the analyze interface in assp it shows only Cogent,
>> > > doesn't show e.delta.com, do it's not a match to my regex, and
>> > > thereby doesn't get the whitesenderorg bonus.
>> >
>> > yeah, you're right, it's a strange behavior; I wonder if ASSP is using
>> > the /24 instead of the IP (didn't check the code) ...
>> >
>> > > And here's another issue I'm seeing with Senderbase:
>> > >
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> u...@ourcharity.org
>> > > DKIM-Signature found
>> >
>> > and here ASSP says that the message contains a DKIM signature
>> >
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> u...@ourcharity.org
>> > > info: domain emails.snapfish.com has published a DMARC record
>> >
>> > and that the sending MTA domain (emails...) publishes a DMARC record
>> >
>> > http://www.senderbase.org/lookup/?search_string=12.130.137.89
>> >
>> > > [MissingMX] 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > u...@ourcharity.org [scoring] MX missing: emails.snapfish.com
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> u...@ourcharity.org
>> > > Message-Score: added 10 (mxValencePB) for MX missing:
>> > > emails.snapfish.com, total score for this message is now 10
>> >
>> > wrong, the domain has two MX records, that is
>> >
>> > MX 10 imh.rsys2.net.
>> > MX 20 imh2.rsys2.net.
>> >
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > u...@ourcharity.org HMM Check [scoring] - Prob: 1.00000 => spam
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> u...@ourcharity.org
>> > > Message-Score: added 49 for HMM Probability: 1.0000, total score for
>> > > this message is now 59
>> >
>> > ok sounds like HMM isn't properly trained, let's skip this one for the
>> > moment ...
>> >
>> > > The from IP in the Responsys network, and I've got that network
>> > > whitelisted in my senderbasewhite org config. I've got senderbase
>> > > set to score. Senderbase logging is set to normal.
>> >
>> > here's what senderbase replies when queried (over DNS) for that IP
>> >
>> > IP address : 12.130.137.89
>> > version : 1
>> > org_name : RESPONSYS
>> > org_daily_magnitude : 7.3
>> > org_monthly_magnitude : 7.2
>> > org_first_message : 0
>> > org_domains_count : 3
>> > org_ip_controlled_count : 5640
>> > org_ip_used_count : 2889
>> > hostname : omp.emails.snapfish.com
>> > hostname_matches_ip : Y
>> > ip_daily_magnitude : 4.1
>> > ip_monthly_magnitude : 4.7
>> > ip_average_magnitude : 4.8
>> > ip_30_day_volume_percent : 7.8
>> > ip_in_bonded_sender : N
>> > ip_cidr_range : 12.130.136.0/22
>> > undocumented #48 : 24
>> > ip_country : US
>> > ip_longitude : -97.0
>> > ip_latitude : 38.0
>> >
>> > so, yes, the ASSP org check should match that "RESPONSYS" if you placed
>> > it in whiteorg
>> >
>> >
>> > > In the ASSP analyze interface, it shows a WHITE match as it should)
>> > > 12.130.137.89 SenderBase: status=white SenderBase,
>> > > data=US, RESPONSYS, , , Y, 22
>> > > but where's the senderbase line in the log?
>> >
>> > good point but I've no answer, sounds like you found a bug
>> >
>> >
>> >
>> >
>>
>> ------------------------------------------------------------------------------
>> > One dashboard for servers and applications across Physical-Virtual-Cloud
>> > Widest out-of-the-box monitoring support with 50+ applications
>> > Performance metrics, stats and reports that give you Actionable Insights
>> > Deep dive visibility with transaction tracing using APM Insight.
>> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> > _______________________________________________
>> > Assp-test mailing list
>> > Assp-test@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/assp-test
>> >
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential, legally
>> privileged and protected in law and are intended solely for the use of the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
