Re: [Assp-test] Senderbase not always matching domain

Thu, 07 May 2015 23:57:07 -0700 

ASSP uses DNS queries for Senderbase.

Thomas





Von:    K Post <nntp.p...@gmail.com>
An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum:  07.05.2015 20:36
Betreff:        Re: [Assp-test] Senderbase not always matching domain



It doesn't seem like the domain is being returned, just the network name,
so a lot domains that should result in a white org score, aren't hitting.
This doesn't appear to be an ASSP problem

I just did a lookup for the ip 38.100.169.66
At the senderbase website, it shows a domain of e.delta.com, which I have
whitelisted (Delta Airlines)

However, a nslookup for the txt record only shows
38.100.169.66.query.senderbase.org      text =

        "0-0=1|1=CHARTER
COMMUNICATIONS|2=7.2|3=7.3|4=62870|6=0|7=47|8=9404927|9=157351|45=N|46=16|48=24|50=Fort
Worth|5
1=TX|52=76114|53=US|54=-97.3972|55=32.7807"

Nowhere to I see e.delta.com which explains why ASSP isn't matching.   Is
this the same way that ASSP queries senderbase?  Is there a way to have
ASSP ask senderbase to return the best guess domain name just like
SenderBase does on its website?  That would solve the problem where the
netblock is a major carrier, that carrier can't be whitelisted, but the
domain that's returned (or hostname) is whitelisted.






On Tue, May 5, 2015 at 5:34 PM, K Post <nntp.p...@gmail.com> wrote:

> SenderBaseLog was set to standard before.  Set it to diagnostic.
>
> On Tue, May 5, 2015 at 12:25 PM, Thomas Eckardt <
> thomas.ecka...@thockar.com> wrote:
>
>> > > but where's the senderbase line in the log?
>>
>> check SenderBaseLog
>>
>> Thomas
>>
>>
>>
>>
>> Von:    K Post <nntp.p...@gmail.com>
>> An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
>> Datum:  05.05.2015 18:21
>> Betreff:        Re: [Assp-test] Senderbase not always matching domain
>>
>>
>>
>> >good point but I've no answer, sounds like you found a bug
>> Hopefully Thomas will have some time to look into this.
>>
>> Thanks again.
>>
>> On Tue, May 5, 2015 at 11:42 AM, Grayhat <gray...@gmx.net> wrote:
>>
>> > :: On Tue, 5 May 2015 11:22:07 -0400
>> > :: 
<CALhpkAnP1_EObYXMgfduF7smppj82gPx1=tbtp+vpsq0xlj...@mail.gmail.com>
>> > :: K Post <nntp.p...@gmail.com> wrote:
>> >
>> > > > Sorry Greyhat, you lost me.  What does this show different from
>> > > > what I was
>> > > saying?   Maybe I wasn't clear.
>> > > When I pull up the analyze interface in assp it shows only Cogent,
>> > > doesn't show e.delta.com, do it's not a match to my regex, and
>> > > thereby doesn't get the whitesenderorg bonus.
>> >
>> > yeah, you're right, it's a strange behavior; I wonder if ASSP is 
using
>> > the /24 instead of the IP (didn't check the code) ...
>> >
>> > > And here's another issue I'm seeing with Senderbase:
>> > >
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> u...@ourcharity.org
>> > > DKIM-Signature found
>> >
>> > and here ASSP says that the message contains a DKIM signature
>> >
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> u...@ourcharity.org
>> > > info: domain emails.snapfish.com has published a DMARC record
>> >
>> > and that the sending MTA domain (emails...) publishes a DMARC record
>> >
>> > http://www.senderbase.org/lookup/?search_string=12.130.137.89
>> >
>> > > [MissingMX] 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > u...@ourcharity.org [scoring] MX missing: emails.snapfish.com
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> u...@ourcharity.org
>> > > Message-Score: added 10 (mxValencePB) for MX missing:
>> > > emails.snapfish.com, total score for this message is now 10
>> >
>> > wrong, the domain has two MX records, that is
>> >
>> > MX 10 imh.rsys2.net.
>> > MX 20 imh2.rsys2.net.
>> >
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > u...@ourcharity.org HMM Check [scoring] - Prob: 1.00000 => spam
>> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> u...@ourcharity.org
>> > > Message-Score: added 49 for HMM Probability: 1.0000, total score 
for
>> > > this message is now 59
>> >
>> > ok sounds like HMM isn't properly trained, let's skip this one for 
the
>> > moment ...
>> >
>> > > The from IP in the Responsys network, and I've got that network
>> > > whitelisted in my senderbasewhite org config.  I've got senderbase
>> > > set to score. Senderbase logging is set to normal.
>> >
>> > here's what senderbase replies when queried (over DNS) for that IP
>> >
>> > IP address                       : 12.130.137.89
>> > version                          : 1
>> > org_name                         : RESPONSYS
>> > org_daily_magnitude              : 7.3
>> > org_monthly_magnitude            : 7.2
>> > org_first_message                : 0
>> > org_domains_count                : 3
>> > org_ip_controlled_count          : 5640
>> > org_ip_used_count                : 2889
>> > hostname                         : omp.emails.snapfish.com
>> > hostname_matches_ip              : Y
>> > ip_daily_magnitude               : 4.1
>> > ip_monthly_magnitude             : 4.7
>> > ip_average_magnitude             : 4.8
>> > ip_30_day_volume_percent         : 7.8
>> > ip_in_bonded_sender              : N
>> > ip_cidr_range                    : 12.130.136.0/22
>> > undocumented #48                 : 24
>> > ip_country                       : US
>> > ip_longitude                     : -97.0
>> > ip_latitude                      : 38.0
>> >
>> > so, yes, the ASSP org check should match that "RESPONSYS" if you 
placed
>> > it in whiteorg
>> >
>> >
>> > > In the ASSP analyze interface, it shows a WHITE match  as it 
should)
>> > >             12.130.137.89 SenderBase: status=white SenderBase,
>> > > data=US, RESPONSYS, , , Y, 22
>> > > but where's the senderbase line in the log?
>> >
>> > good point but I've no answer, sounds like you found a bug
>> >
>> >
>> >
>> >
>>
>> 
------------------------------------------------------------------------------
>> > One dashboard for servers and applications across 
Physical-Virtual-Cloud
>> > Widest out-of-the-box monitoring support with 50+ applications
>> > Performance metrics, stats and reports that give you Actionable 
Insights
>> > Deep dive visibility with transaction tracing using APM Insight.
>> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> > _______________________________________________
>> > Assp-test mailing list
>> > Assp-test@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/assp-test
>> >
>>
>> 
------------------------------------------------------------------------------
>> One dashboard for servers and applications across 
Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable 
Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential, 
legally
>> privileged and protected in law and are intended solely for the use of 
the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>> 
------------------------------------------------------------------------------
>> One dashboard for servers and applications across 
Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable 
Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to