It shows the same that stored in the cache - more is not used by assp.




Von:    K Post <nntp.p...@gmail.com>
An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum:  08.05.2015 17:52
Betreff:        Re: [Assp-test] Senderbase not always matching domain



I hear ya...

What about the senderbase result as it appears in the analyze gui?  Why
isn't this showing the hostname?


On Fri, May 8, 2015 at 11:46 AM, Thomas Eckardt 
<thomas.ecka...@thockar.com>
wrote:

> >1) Is there a way to have Senderbase return the DOMAIN that it's
> guessing?
>
> ASSP has to take what it gets - DNS is used - retun values are the same
> like in nslookup or other DNS tools.
>
> 2) Is there a way to specify in the White Org file that ASSP uses to 
only
>
> the 'White Org file' (regex) is checked against the SB-org and the domai 
-
> no other way.
>
> Thomas
>
>
>
>
> Von:    K Post <nntp.p...@gmail.com>
> An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
> Datum:  08.05.2015 16:31
> Betreff:        Re: [Assp-test] Senderbase not always matching domain
>
>
>
> Thank you both for sticking with this.
>
> Greyhat, my name's Ken :)  Seriously though, the Force has taught me 
that
> you need to reverse the IP, which makes much more sense.  Thanks.
>
> Thomas, I know ASSP uses DNS, I just didn't know if it was querying
> differently than I was testing - and it is, the RIGHT way - reversing 
the
> IP.
>
> I now see the hostname being returned, and I can match on that through a
> regex.  Doesn't that open up vulnerability though if a spammer has their
> SMTP server's IP address reverse to mtaxxx.e.delta.com?   Likely, 
probably
> not, but it's what I would do if I were trying to send spam appearing to
> be
> from Delta - or worse, one of the banks.
>
> My language was also incorrect in my original post.  I talked about
> hostname, but what I'd really like to do is match on the "guess" DOMAIN
> name that the senderbase website shows, in this case e.delta.com.  So:
> 1) Is there a way to have Senderbase return the DOMAIN that it's 
guessing?
> 2) Is there a way to specify in the White Org file that ASSP uses to 
only
> match against network name, hostname, or domain name?
>
>
>
>
> On Fri, May 8, 2015 at 2:55 AM, Thomas Eckardt
> <thomas.ecka...@thockar.com>
> wrote:
>
> > ASSP uses DNS queries for Senderbase.
> >
> > Thomas
> >
> >
> >
> >
> >
> > Von:    K Post <nntp.p...@gmail.com>
> > An:     ASSP development mailing list 
<assp-test@lists.sourceforge.net>
> > Datum:  07.05.2015 20:36
> > Betreff:        Re: [Assp-test] Senderbase not always matching domain
> >
> >
> >
> > It doesn't seem like the domain is being returned, just the network
> name,
> > so a lot domains that should result in a white org score, aren't
> hitting.
> > This doesn't appear to be an ASSP problem
> >
> > I just did a lookup for the ip 38.100.169.66
> > At the senderbase website, it shows a domain of e.delta.com, which I
> have
> > whitelisted (Delta Airlines)
> >
> > However, a nslookup for the txt record only shows
> > 38.100.169.66.query.senderbase.org      text =
> >
> >         "0-0=1|1=CHARTER
> >
> >
>
> 
COMMUNICATIONS|2=7.2|3=7.3|4=62870|6=0|7=47|8=9404927|9=157351|45=N|46=16|48=24|50=Fort
> > Worth|5
> > 1=TX|52=76114|53=US|54=-97.3972|55=32.7807"
> >
> > Nowhere to I see e.delta.com which explains why ASSP isn't matching. 
Is
> > this the same way that ASSP queries senderbase?  Is there a way to 
have
> > ASSP ask senderbase to return the best guess domain name just like
> > SenderBase does on its website?  That would solve the problem where 
the
> > netblock is a major carrier, that carrier can't be whitelisted, but 
the
> > domain that's returned (or hostname) is whitelisted.
> >
> >
> >
> >
> >
> >
> > On Tue, May 5, 2015 at 5:34 PM, K Post <nntp.p...@gmail.com> wrote:
> >
> > > SenderBaseLog was set to standard before.  Set it to diagnostic.
> > >
> > > On Tue, May 5, 2015 at 12:25 PM, Thomas Eckardt <
> > > thomas.ecka...@thockar.com> wrote:
> > >
> > >> > > but where's the senderbase line in the log?
> > >>
> > >> check SenderBaseLog
> > >>
> > >> Thomas
> > >>
> > >>
> > >>
> > >>
> > >> Von:    K Post <nntp.p...@gmail.com>
> > >> An:     ASSP development mailing list
> <assp-test@lists.sourceforge.net>
> > >> Datum:  05.05.2015 18:21
> > >> Betreff:        Re: [Assp-test] Senderbase not always matching 
domain
> > >>
> > >>
> > >>
> > >> >good point but I've no answer, sounds like you found a bug
> > >> Hopefully Thomas will have some time to look into this.
> > >>
> > >> Thanks again.
> > >>
> > >> On Tue, May 5, 2015 at 11:42 AM, Grayhat <gray...@gmx.net> wrote:
> > >>
> > >> > :: On Tue, 5 May 2015 11:22:07 -0400
> > >> > ::
> > <CALhpkAnP1_EObYXMgfduF7smppj82gPx1=tbtp+vpsq0xlj...@mail.gmail.com>
> > >> > :: K Post <nntp.p...@gmail.com> wrote:
> > >> >
> > >> > > > Sorry Greyhat, you lost me.  What does this show different 
from
> > >> > > > what I was
> > >> > > saying?   Maybe I wasn't clear.
> > >> > > When I pull up the analyze interface in assp it shows only
> Cogent,
> > >> > > doesn't show e.delta.com, do it's not a match to my regex, and
> > >> > > thereby doesn't get the whitesenderorg bonus.
> > >> >
> > >> > yeah, you're right, it's a strange behavior; I wonder if ASSP is
> > using
> > >> > the /24 instead of the IP (didn't check the code) ...
> > >> >
> > >> > > And here's another issue I'm seeing with Senderbase:
> > >> > >
> > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
> > >> u...@ourcharity.org
> > >> > > DKIM-Signature found
> > >> >
> > >> > and here ASSP says that the message contains a DKIM signature
> > >> >
> > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
> > >> u...@ourcharity.org
> > >> > > info: domain emails.snapfish.com has published a DMARC record
> > >> >
> > >> > and that the sending MTA domain (emails...) publishes a DMARC
> record
> > >> >
> > >> > http://www.senderbase.org/lookup/?search_string=12.130.137.89
> > >> >
> > >> > > [MissingMX] 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
> > >> > > u...@ourcharity.org [scoring] MX missing: emails.snapfish.com
> > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
> > >> u...@ourcharity.org
> > >> > > Message-Score: added 10 (mxValencePB) for MX missing:
> > >> > > emails.snapfish.com, total score for this message is now 10
> > >> >
> > >> > wrong, the domain has two MX records, that is
> > >> >
> > >> > MX 10 imh.rsys2.net.
> > >> > MX 20 imh2.rsys2.net.
> > >> >
> > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
> > >> > > u...@ourcharity.org HMM Check [scoring] - Prob: 1.00000 => spam
> > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
> > >> u...@ourcharity.org
> > >> > > Message-Score: added 49 for HMM Probability: 1.0000, total 
score
> > for
> > >> > > this message is now 59
> > >> >
> > >> > ok sounds like HMM isn't properly trained, let's skip this one 
for
> > the
> > >> > moment ...
> > >> >
> > >> > > The from IP in the Responsys network, and I've got that network
> > >> > > whitelisted in my senderbasewhite org config.  I've got
> senderbase
> > >> > > set to score. Senderbase logging is set to normal.
> > >> >
> > >> > here's what senderbase replies when queried (over DNS) for that 
IP
> > >> >
> > >> > IP address                       : 12.130.137.89
> > >> > version                          : 1
> > >> > org_name                         : RESPONSYS
> > >> > org_daily_magnitude              : 7.3
> > >> > org_monthly_magnitude            : 7.2
> > >> > org_first_message                : 0
> > >> > org_domains_count                : 3
> > >> > org_ip_controlled_count          : 5640
> > >> > org_ip_used_count                : 2889
> > >> > hostname                         : omp.emails.snapfish.com
> > >> > hostname_matches_ip              : Y
> > >> > ip_daily_magnitude               : 4.1
> > >> > ip_monthly_magnitude             : 4.7
> > >> > ip_average_magnitude             : 4.8
> > >> > ip_30_day_volume_percent         : 7.8
> > >> > ip_in_bonded_sender              : N
> > >> > ip_cidr_range                    : 12.130.136.0/22
> > >> > undocumented #48                 : 24
> > >> > ip_country                       : US
> > >> > ip_longitude                     : -97.0
> > >> > ip_latitude                      : 38.0
> > >> >
> > >> > so, yes, the ASSP org check should match that "RESPONSYS" if you
> > placed
> > >> > it in whiteorg
> > >> >
> > >> >
> > >> > > In the ASSP analyze interface, it shows a WHITE match  as it
> > should)
> > >> > >             12.130.137.89 SenderBase: status=white SenderBase,
> > >> > > data=US, RESPONSYS, , , Y, 22
> > >> > > but where's the senderbase line in the log?
> > >> >
> > >> > good point but I've no answer, sounds like you found a bug
> > >> >
> > >> >
> > >> >
> > >> >
> > >>
> > >>
> >
> >
>
> 
------------------------------------------------------------------------------
> > >> > One dashboard for servers and applications across
> > Physical-Virtual-Cloud
> > >> > Widest out-of-the-box monitoring support with 50+ applications
> > >> > Performance metrics, stats and reports that give you Actionable
> > Insights
> > >> > Deep dive visibility with transaction tracing using APM Insight.
> > >> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > >> > _______________________________________________
> > >> > Assp-test mailing list
> > >> > Assp-test@lists.sourceforge.net
> > >> > https://lists.sourceforge.net/lists/listinfo/assp-test
> > >> >
> > >>
> > >>
> >
> >
>
> 
------------------------------------------------------------------------------
> > >> One dashboard for servers and applications across
> > Physical-Virtual-Cloud
> > >> Widest out-of-the-box monitoring support with 50+ applications
> > >> Performance metrics, stats and reports that give you Actionable
> > Insights
> > >> Deep dive visibility with transaction tracing using APM Insight.
> > >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > >> _______________________________________________
> > >> Assp-test mailing list
> > >> Assp-test@lists.sourceforge.net
> > >> https://lists.sourceforge.net/lists/listinfo/assp-test
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> DISCLAIMER:
> > >> *******************************************************
> > >> This email and any files transmitted with it may be confidential,
> > legally
> > >> privileged and protected in law and are intended solely for the use
> of
> > the
> > >>
> > >> individual to whom it is addressed.
> > >> This email was multiple times scanned for viruses. There should be 
no
> > >> known virus in this email!
> > >> *******************************************************
> > >>
> > >>
> > >>
> >
> >
>
> 
------------------------------------------------------------------------------
> > >> One dashboard for servers and applications across
> > Physical-Virtual-Cloud
> > >> Widest out-of-the-box monitoring support with 50+ applications
> > >> Performance metrics, stats and reports that give you Actionable
> > Insights
> > >> Deep dive visibility with transaction tracing using APM Insight.
> > >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > >> _______________________________________________
> > >> Assp-test mailing list
> > >> Assp-test@lists.sourceforge.net
> > >> https://lists.sourceforge.net/lists/listinfo/assp-test
> > >>
> > >
> > >
> >
> >
>
> 
------------------------------------------------------------------------------
> > One dashboard for servers and applications across 
Physical-Virtual-Cloud
> > Widest out-of-the-box monitoring support with 50+ applications
> > Performance metrics, stats and reports that give you Actionable 
Insights
> > Deep dive visibility with transaction tracing using APM Insight.
> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> >
>
> 
------------------------------------------------------------------------------
> > One dashboard for servers and applications across 
Physical-Virtual-Cloud
> > Widest out-of-the-box monitoring support with 50+ applications
> > Performance metrics, stats and reports that give you Actionable 
Insights
> > Deep dive visibility with transaction tracing using APM Insight.
> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
>
> 
------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, 
legally
> privileged and protected in law and are intended solely for the use of 
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> 
------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to