Thanks for sticking with this! I'm sorry, but I don't quite follow. 153.69.214.203 shows a hostname when I query Senderbase 0-0=1|1=NCR CORPORATION|2=6.2|3=6.2|6=0|7=2|8=3410716|9=4530|20= csmail03.ncrwebhost.com|22=Y|40=4.6|41=4.5|43=4 .4|44=12.2|45=N|46=11|48=24|50=Duluth|51=GA|52=30096|53=US|54=-84.1494|55=33.9791
However, in the analyze GUI, it shows: 153.69.214.203 SenderBase: status=not classified, data=US, NCR CORPORATION, , , Y, 11 I don't understand why the gui wouldn't show the hostname. On Fri, May 8, 2015 at 11:58 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > It shows the same that stored in the cache - more is not used by assp. > > > > > > Von: K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 08.05.2015 17:52 > Betreff: Re: [Assp-test] Senderbase not always matching domain > > > > I hear ya... > > What about the senderbase result as it appears in the analyze gui? Why > isn't this showing the hostname? > > > On Fri, May 8, 2015 at 11:46 AM, Thomas Eckardt > <thomas.ecka...@thockar.com> > wrote: > > > >1) Is there a way to have Senderbase return the DOMAIN that it's > > guessing? > > > > ASSP has to take what it gets - DNS is used - retun values are the same > > like in nslookup or other DNS tools. > > > > 2) Is there a way to specify in the White Org file that ASSP uses to > only > > > > the 'White Org file' (regex) is checked against the SB-org and the domai > - > > no other way. > > > > Thomas > > > > > > > > > > Von: K Post <nntp.p...@gmail.com> > > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > > Datum: 08.05.2015 16:31 > > Betreff: Re: [Assp-test] Senderbase not always matching domain > > > > > > > > Thank you both for sticking with this. > > > > Greyhat, my name's Ken :) Seriously though, the Force has taught me > that > > you need to reverse the IP, which makes much more sense. Thanks. > > > > Thomas, I know ASSP uses DNS, I just didn't know if it was querying > > differently than I was testing - and it is, the RIGHT way - reversing > the > > IP. > > > > I now see the hostname being returned, and I can match on that through a > > regex. Doesn't that open up vulnerability though if a spammer has their > > SMTP server's IP address reverse to mtaxxx.e.delta.com? Likely, > probably > > not, but it's what I would do if I were trying to send spam appearing to > > be > > from Delta - or worse, one of the banks. > > > > My language was also incorrect in my original post. I talked about > > hostname, but what I'd really like to do is match on the "guess" DOMAIN > > name that the senderbase website shows, in this case e.delta.com. So: > > 1) Is there a way to have Senderbase return the DOMAIN that it's > guessing? > > 2) Is there a way to specify in the White Org file that ASSP uses to > only > > match against network name, hostname, or domain name? > > > > > > > > > > On Fri, May 8, 2015 at 2:55 AM, Thomas Eckardt > > <thomas.ecka...@thockar.com> > > wrote: > > > > > ASSP uses DNS queries for Senderbase. > > > > > > Thomas > > > > > > > > > > > > > > > > > > Von: K Post <nntp.p...@gmail.com> > > > An: ASSP development mailing list > <assp-test@lists.sourceforge.net> > > > Datum: 07.05.2015 20:36 > > > Betreff: Re: [Assp-test] Senderbase not always matching domain > > > > > > > > > > > > It doesn't seem like the domain is being returned, just the network > > name, > > > so a lot domains that should result in a white org score, aren't > > hitting. > > > This doesn't appear to be an ASSP problem > > > > > > I just did a lookup for the ip 38.100.169.66 > > > At the senderbase website, it shows a domain of e.delta.com, which I > > have > > > whitelisted (Delta Airlines) > > > > > > However, a nslookup for the txt record only shows > > > 38.100.169.66.query.senderbase.org text = > > > > > > "0-0=1|1=CHARTER > > > > > > > > > > > > COMMUNICATIONS|2=7.2|3=7.3|4=62870|6=0|7=47|8=9404927|9=157351|45=N|46=16|48=24|50=Fort > > > Worth|5 > > > 1=TX|52=76114|53=US|54=-97.3972|55=32.7807" > > > > > > Nowhere to I see e.delta.com which explains why ASSP isn't matching. > Is > > > this the same way that ASSP queries senderbase? Is there a way to > have > > > ASSP ask senderbase to return the best guess domain name just like > > > SenderBase does on its website? That would solve the problem where > the > > > netblock is a major carrier, that carrier can't be whitelisted, but > the > > > domain that's returned (or hostname) is whitelisted. > > > > > > > > > > > > > > > > > > > > > On Tue, May 5, 2015 at 5:34 PM, K Post <nntp.p...@gmail.com> wrote: > > > > > > > SenderBaseLog was set to standard before. Set it to diagnostic. > > > > > > > > On Tue, May 5, 2015 at 12:25 PM, Thomas Eckardt < > > > > thomas.ecka...@thockar.com> wrote: > > > > > > > >> > > but where's the senderbase line in the log? > > > >> > > > >> check SenderBaseLog > > > >> > > > >> Thomas > > > >> > > > >> > > > >> > > > >> > > > >> Von: K Post <nntp.p...@gmail.com> > > > >> An: ASSP development mailing list > > <assp-test@lists.sourceforge.net> > > > >> Datum: 05.05.2015 18:21 > > > >> Betreff: Re: [Assp-test] Senderbase not always matching > domain > > > >> > > > >> > > > >> > > > >> >good point but I've no answer, sounds like you found a bug > > > >> Hopefully Thomas will have some time to look into this. > > > >> > > > >> Thanks again. > > > >> > > > >> On Tue, May 5, 2015 at 11:42 AM, Grayhat <gray...@gmx.net> wrote: > > > >> > > > >> > :: On Tue, 5 May 2015 11:22:07 -0400 > > > >> > :: > > > <CALhpkAnP1_EObYXMgfduF7smppj82gPx1=tbtp+vpsq0xlj...@mail.gmail.com> > > > >> > :: K Post <nntp.p...@gmail.com> wrote: > > > >> > > > > >> > > > Sorry Greyhat, you lost me. What does this show different > from > > > >> > > > what I was > > > >> > > saying? Maybe I wasn't clear. > > > >> > > When I pull up the analyze interface in assp it shows only > > Cogent, > > > >> > > doesn't show e.delta.com, do it's not a match to my regex, and > > > >> > > thereby doesn't get the whitesenderorg bonus. > > > >> > > > > >> > yeah, you're right, it's a strange behavior; I wonder if ASSP is > > > using > > > >> > the /24 instead of the IP (didn't check the code) ... > > > >> > > > > >> > > And here's another issue I'm seeing with Senderbase: > > > >> > > > > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: > > > >> u...@ourcharity.org > > > >> > > DKIM-Signature found > > > >> > > > > >> > and here ASSP says that the message contains a DKIM signature > > > >> > > > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: > > > >> u...@ourcharity.org > > > >> > > info: domain emails.snapfish.com has published a DMARC record > > > >> > > > > >> > and that the sending MTA domain (emails...) publishes a DMARC > > record > > > >> > > > > >> > http://www.senderbase.org/lookup/?search_string=12.130.137.89 > > > >> > > > > >> > > [MissingMX] 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: > > > >> > > u...@ourcharity.org [scoring] MX missing: emails.snapfish.com > > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: > > > >> u...@ourcharity.org > > > >> > > Message-Score: added 10 (mxValencePB) for MX missing: > > > >> > > emails.snapfish.com, total score for this message is now 10 > > > >> > > > > >> > wrong, the domain has two MX records, that is > > > >> > > > > >> > MX 10 imh.rsys2.net. > > > >> > MX 20 imh2.rsys2.net. > > > >> > > > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: > > > >> > > u...@ourcharity.org HMM Check [scoring] - Prob: 1.00000 => spam > > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: > > > >> u...@ourcharity.org > > > >> > > Message-Score: added 49 for HMM Probability: 1.0000, total > score > > > for > > > >> > > this message is now 59 > > > >> > > > > >> > ok sounds like HMM isn't properly trained, let's skip this one > for > > > the > > > >> > moment ... > > > >> > > > > >> > > The from IP in the Responsys network, and I've got that network > > > >> > > whitelisted in my senderbasewhite org config. I've got > > senderbase > > > >> > > set to score. Senderbase logging is set to normal. > > > >> > > > > >> > here's what senderbase replies when queried (over DNS) for that > IP > > > >> > > > > >> > IP address : 12.130.137.89 > > > >> > version : 1 > > > >> > org_name : RESPONSYS > > > >> > org_daily_magnitude : 7.3 > > > >> > org_monthly_magnitude : 7.2 > > > >> > org_first_message : 0 > > > >> > org_domains_count : 3 > > > >> > org_ip_controlled_count : 5640 > > > >> > org_ip_used_count : 2889 > > > >> > hostname : omp.emails.snapfish.com > > > >> > hostname_matches_ip : Y > > > >> > ip_daily_magnitude : 4.1 > > > >> > ip_monthly_magnitude : 4.7 > > > >> > ip_average_magnitude : 4.8 > > > >> > ip_30_day_volume_percent : 7.8 > > > >> > ip_in_bonded_sender : N > > > >> > ip_cidr_range : 12.130.136.0/22 > > > >> > undocumented #48 : 24 > > > >> > ip_country : US > > > >> > ip_longitude : -97.0 > > > >> > ip_latitude : 38.0 > > > >> > > > > >> > so, yes, the ASSP org check should match that "RESPONSYS" if you > > > placed > > > >> > it in whiteorg > > > >> > > > > >> > > > > >> > > In the ASSP analyze interface, it shows a WHITE match as it > > > should) > > > >> > > 12.130.137.89 SenderBase: status=white SenderBase, > > > >> > > data=US, RESPONSYS, , , Y, 22 > > > >> > > but where's the senderbase line in the log? > > > >> > > > > >> > good point but I've no answer, sounds like you found a bug > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > >> > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > >> > One dashboard for servers and applications across > > > Physical-Virtual-Cloud > > > >> > Widest out-of-the-box monitoring support with 50+ applications > > > >> > Performance metrics, stats and reports that give you Actionable > > > Insights > > > >> > Deep dive visibility with transaction tracing using APM Insight. > > > >> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > >> > _______________________________________________ > > > >> > Assp-test mailing list > > > >> > Assp-test@lists.sourceforge.net > > > >> > https://lists.sourceforge.net/lists/listinfo/assp-test > > > >> > > > > >> > > > >> > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > >> One dashboard for servers and applications across > > > Physical-Virtual-Cloud > > > >> Widest out-of-the-box monitoring support with 50+ applications > > > >> Performance metrics, stats and reports that give you Actionable > > > Insights > > > >> Deep dive visibility with transaction tracing using APM Insight. > > > >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > >> _______________________________________________ > > > >> Assp-test mailing list > > > >> Assp-test@lists.sourceforge.net > > > >> https://lists.sourceforge.net/lists/listinfo/assp-test > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> DISCLAIMER: > > > >> ******************************************************* > > > >> This email and any files transmitted with it may be confidential, > > > legally > > > >> privileged and protected in law and are intended solely for the use > > of > > > the > > > >> > > > >> individual to whom it is addressed. > > > >> This email was multiple times scanned for viruses. There should be > no > > > >> known virus in this email! > > > >> ******************************************************* > > > >> > > > >> > > > >> > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > >> One dashboard for servers and applications across > > > Physical-Virtual-Cloud > > > >> Widest out-of-the-box monitoring support with 50+ applications > > > >> Performance metrics, stats and reports that give you Actionable > > > Insights > > > >> Deep dive visibility with transaction tracing using APM Insight. > > > >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > >> _______________________________________________ > > > >> Assp-test mailing list > > > >> Assp-test@lists.sourceforge.net > > > >> https://lists.sourceforge.net/lists/listinfo/assp-test > > > >> > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > One dashboard for servers and applications across > Physical-Virtual-Cloud > > > Widest out-of-the-box monitoring support with 50+ applications > > > Performance metrics, stats and reports that give you Actionable > Insights > > > Deep dive visibility with transaction tracing using APM Insight. > > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > _______________________________________________ > > > Assp-test mailing list > > > Assp-test@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > > > > > > > > DISCLAIMER: > > > ******************************************************* > > > This email and any files transmitted with it may be confidential, > > legally > > > privileged and protected in law and are intended solely for the use of > > the > > > > > > individual to whom it is addressed. > > > This email was multiple times scanned for viruses. There should be no > > > known virus in this email! > > > ******************************************************* > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > One dashboard for servers and applications across > Physical-Virtual-Cloud > > > Widest out-of-the-box monitoring support with 50+ applications > > > Performance metrics, stats and reports that give you Actionable > Insights > > > Deep dive visibility with transaction tracing using APM Insight. > > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > _______________________________________________ > > > Assp-test mailing list > > > Assp-test@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > ------------------------------------------------------------------------------ > > One dashboard for servers and applications across Physical-Virtual-Cloud > > Widest out-of-the-box monitoring support with 50+ applications > > Performance metrics, stats and reports that give you Actionable Insights > > Deep dive visibility with transaction tracing using APM Insight. > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > DISCLAIMER: > > ******************************************************* > > This email and any files transmitted with it may be confidential, > legally > > privileged and protected in law and are intended solely for the use of > the > > > > individual to whom it is addressed. > > This email was multiple times scanned for viruses. There should be no > > known virus in this email! > > ******************************************************* > > > > > > > > ------------------------------------------------------------------------------ > > One dashboard for servers and applications across Physical-Virtual-Cloud > > Widest out-of-the-box monitoring support with 50+ applications > > Performance metrics, stats and reports that give you Actionable Insights > > Deep dive visibility with transaction tracing using APM Insight. > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test