ASSP uses DNS queries for Senderbase. Thomas
Von: K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 07.05.2015 20:36 Betreff: Re: [Assp-test] Senderbase not always matching domain It doesn't seem like the domain is being returned, just the network name, so a lot domains that should result in a white org score, aren't hitting. This doesn't appear to be an ASSP problem I just did a lookup for the ip 38.100.169.66 At the senderbase website, it shows a domain of e.delta.com, which I have whitelisted (Delta Airlines) However, a nslookup for the txt record only shows 38.100.169.66.query.senderbase.org text = "0-0=1|1=CHARTER COMMUNICATIONS|2=7.2|3=7.3|4=62870|6=0|7=47|8=9404927|9=157351|45=N|46=16|48=24|50=Fort Worth|5 1=TX|52=76114|53=US|54=-97.3972|55=32.7807" Nowhere to I see e.delta.com which explains why ASSP isn't matching. Is this the same way that ASSP queries senderbase? Is there a way to have ASSP ask senderbase to return the best guess domain name just like SenderBase does on its website? That would solve the problem where the netblock is a major carrier, that carrier can't be whitelisted, but the domain that's returned (or hostname) is whitelisted. On Tue, May 5, 2015 at 5:34 PM, K Post <nntp.p...@gmail.com> wrote: > SenderBaseLog was set to standard before. Set it to diagnostic. > > On Tue, May 5, 2015 at 12:25 PM, Thomas Eckardt < > thomas.ecka...@thockar.com> wrote: > >> > > but where's the senderbase line in the log? >> >> check SenderBaseLog >> >> Thomas >> >> >> >> >> Von: K Post <nntp.p...@gmail.com> >> An: ASSP development mailing list <assp-test@lists.sourceforge.net> >> Datum: 05.05.2015 18:21 >> Betreff: Re: [Assp-test] Senderbase not always matching domain >> >> >> >> >good point but I've no answer, sounds like you found a bug >> Hopefully Thomas will have some time to look into this. >> >> Thanks again. >> >> On Tue, May 5, 2015 at 11:42 AM, Grayhat <gray...@gmx.net> wrote: >> >> > :: On Tue, 5 May 2015 11:22:07 -0400 >> > :: <CALhpkAnP1_EObYXMgfduF7smppj82gPx1=tbtp+vpsq0xlj...@mail.gmail.com> >> > :: K Post <nntp.p...@gmail.com> wrote: >> > >> > > > Sorry Greyhat, you lost me. What does this show different from >> > > > what I was >> > > saying? Maybe I wasn't clear. >> > > When I pull up the analyze interface in assp it shows only Cogent, >> > > doesn't show e.delta.com, do it's not a match to my regex, and >> > > thereby doesn't get the whitesenderorg bonus. >> > >> > yeah, you're right, it's a strange behavior; I wonder if ASSP is using >> > the /24 instead of the IP (didn't check the code) ... >> > >> > > And here's another issue I'm seeing with Senderbase: >> > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> u...@ourcharity.org >> > > DKIM-Signature found >> > >> > and here ASSP says that the message contains a DKIM signature >> > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> u...@ourcharity.org >> > > info: domain emails.snapfish.com has published a DMARC record >> > >> > and that the sending MTA domain (emails...) publishes a DMARC record >> > >> > http://www.senderbase.org/lookup/?search_string=12.130.137.89 >> > >> > > [MissingMX] 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> > > u...@ourcharity.org [scoring] MX missing: emails.snapfish.com >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> u...@ourcharity.org >> > > Message-Score: added 10 (mxValencePB) for MX missing: >> > > emails.snapfish.com, total score for this message is now 10 >> > >> > wrong, the domain has two MX records, that is >> > >> > MX 10 imh.rsys2.net. >> > MX 20 imh2.rsys2.net. >> > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> > > u...@ourcharity.org HMM Check [scoring] - Prob: 1.00000 => spam >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: >> u...@ourcharity.org >> > > Message-Score: added 49 for HMM Probability: 1.0000, total score for >> > > this message is now 59 >> > >> > ok sounds like HMM isn't properly trained, let's skip this one for the >> > moment ... >> > >> > > The from IP in the Responsys network, and I've got that network >> > > whitelisted in my senderbasewhite org config. I've got senderbase >> > > set to score. Senderbase logging is set to normal. >> > >> > here's what senderbase replies when queried (over DNS) for that IP >> > >> > IP address : 12.130.137.89 >> > version : 1 >> > org_name : RESPONSYS >> > org_daily_magnitude : 7.3 >> > org_monthly_magnitude : 7.2 >> > org_first_message : 0 >> > org_domains_count : 3 >> > org_ip_controlled_count : 5640 >> > org_ip_used_count : 2889 >> > hostname : omp.emails.snapfish.com >> > hostname_matches_ip : Y >> > ip_daily_magnitude : 4.1 >> > ip_monthly_magnitude : 4.7 >> > ip_average_magnitude : 4.8 >> > ip_30_day_volume_percent : 7.8 >> > ip_in_bonded_sender : N >> > ip_cidr_range : 12.130.136.0/22 >> > undocumented #48 : 24 >> > ip_country : US >> > ip_longitude : -97.0 >> > ip_latitude : 38.0 >> > >> > so, yes, the ASSP org check should match that "RESPONSYS" if you placed >> > it in whiteorg >> > >> > >> > > In the ASSP analyze interface, it shows a WHITE match as it should) >> > > 12.130.137.89 SenderBase: status=white SenderBase, >> > > data=US, RESPONSYS, , , Y, 22 >> > > but where's the senderbase line in the log? >> > >> > good point but I've no answer, sounds like you found a bug >> > >> > >> > >> > >> >> ------------------------------------------------------------------------------ >> > One dashboard for servers and applications across Physical-Virtual-Cloud >> > Widest out-of-the-box monitoring support with 50+ applications >> > Performance metrics, stats and reports that give you Actionable Insights >> > Deep dive visibility with transaction tracing using APM Insight. >> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> > _______________________________________________ >> > Assp-test mailing list >> > Assp-test@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/assp-test >> > >> >> ------------------------------------------------------------------------------ >> One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable Insights >> Deep dive visibility with transaction tracing using APM Insight. >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >> >> >> >> >> >> DISCLAIMER: >> ******************************************************* >> This email and any files transmitted with it may be confidential, legally >> privileged and protected in law and are intended solely for the use of the >> >> individual to whom it is addressed. >> This email was multiple times scanned for viruses. There should be no >> known virus in this email! >> ******************************************************* >> >> >> ------------------------------------------------------------------------------ >> One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable Insights >> Deep dive visibility with transaction tracing using APM Insight. >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> > > ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test