Thanks Collin.
I've turned on debugSPF. The problem is that I only see this every once in
a while. Will debugSPF cause huge logs or does that go to a separate debug
file?
Any suggestion on how to debug DNS on WIndows? I don't think I can get
access to the servers themselves, but I can do whatever we need on this
Windows 2012 box.
Here's what I see in the log for this message with my notes in bold.
May-18-15 11:01:00 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org DKIM-Signature found
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org info: SenderBase - query using SenderBase
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org info: SenderBase - query using Whois
May-18-15 11:01:01 Info: whoisip_lookup '198.245.83.134' on 'ARIN' => ''
*nothing??*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org SenderBase -- used -- country: orgname: host:
mta6.e.hautelook.com *nothing??*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org [Scoring] SenderBase -- No CountryCode/Organization
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org checking MX/A for bounce.e.hautelook.com ,
e.nordstromrack.com
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org bounce.e.hautelook.com - no MX record found - () *no
mx??*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org e.nordstromrack.com - MX 'bounce-mx.exacttarget.com' -
got IP (66.231.91.54)
May-18-15 11:01:01 msg61260-00904 [MissingMX] 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org [[scoring]] MX missing: bounce.e.hautelook.com (Mail
From:)
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org Message-Score: added 10 (mxValencePB) for MX missing:
bounce.e.hautelook.com (Mail From:), total score for this message is now 10
May-18-15 11:01:01 msg61260-00904 [MissingMXA] 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org [[scoring]] A record missing: bounce.e.hautelook.com
(Mail From:) *NO A record??*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org deleting spamming safelisted tuplet: (198.245.83.0,
bounce.e.hautelook.com) age: 1s
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org Message-Score: added 15 (mxaValencePB) for A record
missing: bounce.e.hautelook.com (Mail From:), total score for this message
is now 25
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org MX found: e.nordstromrack.com (From , Reply-To) ->
bounce-mx.exacttarget.com *but it does find the MX record for the mail
from*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
bounce-15_html-123456789sam...@bounce.e.hautelook.com> to:
u...@ourcharity.org A record found: e.nordstromrack.com (From , Reply-To)
-> 66.231.91.54 and the *A record*
*Could this be a function of the mail-from differing from the from causing
a problem?*
On Tue, May 19, 2015 at 10:20 AM, Colin Waring <co...@dolphinict.co.uk>
wrote:
> You need debug logs and set something up to monitor your DNS traffic. You
> need to be certain whether the issue is with ASSP handling DNS or your DNS
> setup. This information is the only thing that will really let you track
> your issue down.
>
> All the best,
> Colin Waring.
>
> -----Original Message-----
> From: K Post [mailto:nntp.p...@gmail.com]
> Sent: 19 May 2015 14:57
> To: ASSP development mailing list
> Subject: [Assp-test] More MX and A record lookup issues
>
> Running 15135 on a Windows 2012 box.
>
> I've got a message that was ultimately erroneously rejected due to total
> score. Contributing to this score is ASSP being (for some reason) unable
> to find A or MX records for the sending IP. This isn't the first time I've
> seen this. My last suggestion of potentially having ASSP retry dns lookups
> if neither A or MX returns anything was dismissed as crazy. I don't know
> what else to suggest. Here's what I'm seeing:
>
> In analyze everything looks great:
> • domain bounce.e.hautelook.com (in Mail From:) has a valid MX record:
> bounce-mx.exacttarget.com
> • domainMX bounce-mx.exacttarget.com has a valid A record: 66.231.91.54 •
> domain e.nordstromrack.com (in From , Reply-To) has a valid MX record:
> reply-mx.s6.exacttarget.com
> • domainMX reply-mx.s6.exacttarget.com has a valid A record:
> 198.245.82.46 • 198.245.83.134 SenderBase: status=white SenderBase,
> data=[CN=US, ORG=EXACTTARGET, DOM=hautelook.com, BLS=, HNM=Y, CIDR=20,
> HN= mta6.e.hautelook.com] Senderbase should have given a bonus, the A and
> MX record is there, so it shouldn't have counted against the message.
>
> But in the message in the corpus, I see:
> X-ASSP-Message-Score: 10 (MX missing: bounce.e.hautelook.com (Mail From:))
> X-ASSP-IP-Score: 10 (MX missing: bounce.e.hautelook.com (Mail From:))
> X-ASSP-Message-Score: 15 (A record missing: bounce.e.hautelook.com (Mail
> From:))
> X-ASSP-IP-Score: 15 (A record missing: bounce.e.hautelook.com (Mail
> From:)) Senderbase doesn't seem to have run either
>
> I see nothing else to indicate that the machine is having DNS problems of
> any kind. It's looking to a set of internal DNS servers that are fast and
> reliable - they're used for all of our servers and none of them have any
> dns issues.
>
> It's not light exacttarget, a major mailing company used by big companies,
> temporarily removed the A and MX records for this hostname.
>
> Any idea of what could be going on and how to correct it? Could it be
> that this is happening to others but I'm the only one going through almost
> every questionally blocked message by hand (hate this part)??
>
>
> Thanks
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications Performance
> metrics, stats and reports that give you Actionable Insights Deep dive
> visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
