Thanks Collin. I've turned on debugSPF. The problem is that I only see this every once in a while. Will debugSPF cause huge logs or does that go to a separate debug file?
Any suggestion on how to debug DNS on WIndows? I don't think I can get access to the servers themselves, but I can do whatever we need on this Windows 2012 box. Here's what I see in the log for this message with my notes in bold. May-18-15 11:01:00 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org DKIM-Signature found May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org info: SenderBase - query using SenderBase May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org info: SenderBase - query using Whois May-18-15 11:01:01 Info: whoisip_lookup '198.245.83.134' on 'ARIN' => '' *nothing??* May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org SenderBase -- used -- country: orgname: host: mta6.e.hautelook.com *nothing??* May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org [Scoring] SenderBase -- No CountryCode/Organization May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org checking MX/A for bounce.e.hautelook.com , e.nordstromrack.com May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org bounce.e.hautelook.com - no MX record found - () *no mx??* May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org e.nordstromrack.com - MX 'bounce-mx.exacttarget.com' - got IP (66.231.91.54) May-18-15 11:01:01 msg61260-00904 [MissingMX] 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org [[scoring]] MX missing: bounce.e.hautelook.com (Mail From:) May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org Message-Score: added 10 (mxValencePB) for MX missing: bounce.e.hautelook.com (Mail From:), total score for this message is now 10 May-18-15 11:01:01 msg61260-00904 [MissingMXA] 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org [[scoring]] A record missing: bounce.e.hautelook.com (Mail From:) *NO A record??* May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org deleting spamming safelisted tuplet: (198.245.83.0, bounce.e.hautelook.com) age: 1s May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org Message-Score: added 15 (mxaValencePB) for A record missing: bounce.e.hautelook.com (Mail From:), total score for this message is now 25 May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org MX found: e.nordstromrack.com (From , Reply-To) -> bounce-mx.exacttarget.com *but it does find the MX record for the mail from* May-18-15 11:01:01 msg61260-00904 198.245.83.134 < bounce-15_html-123456789sam...@bounce.e.hautelook.com> to: u...@ourcharity.org A record found: e.nordstromrack.com (From , Reply-To) -> 66.231.91.54 and the *A record* *Could this be a function of the mail-from differing from the from causing a problem?* On Tue, May 19, 2015 at 10:20 AM, Colin Waring <co...@dolphinict.co.uk> wrote: > You need debug logs and set something up to monitor your DNS traffic. You > need to be certain whether the issue is with ASSP handling DNS or your DNS > setup. This information is the only thing that will really let you track > your issue down. > > All the best, > Colin Waring. > > -----Original Message----- > From: K Post [mailto:nntp.p...@gmail.com] > Sent: 19 May 2015 14:57 > To: ASSP development mailing list > Subject: [Assp-test] More MX and A record lookup issues > > Running 15135 on a Windows 2012 box. > > I've got a message that was ultimately erroneously rejected due to total > score. Contributing to this score is ASSP being (for some reason) unable > to find A or MX records for the sending IP. This isn't the first time I've > seen this. My last suggestion of potentially having ASSP retry dns lookups > if neither A or MX returns anything was dismissed as crazy. I don't know > what else to suggest. Here's what I'm seeing: > > In analyze everything looks great: > • domain bounce.e.hautelook.com (in Mail From:) has a valid MX record: > bounce-mx.exacttarget.com > • domainMX bounce-mx.exacttarget.com has a valid A record: 66.231.91.54 • > domain e.nordstromrack.com (in From , Reply-To) has a valid MX record: > reply-mx.s6.exacttarget.com > • domainMX reply-mx.s6.exacttarget.com has a valid A record: > 198.245.82.46 • 198.245.83.134 SenderBase: status=white SenderBase, > data=[CN=US, ORG=EXACTTARGET, DOM=hautelook.com, BLS=, HNM=Y, CIDR=20, > HN= mta6.e.hautelook.com] Senderbase should have given a bonus, the A and > MX record is there, so it shouldn't have counted against the message. > > But in the message in the corpus, I see: > X-ASSP-Message-Score: 10 (MX missing: bounce.e.hautelook.com (Mail From:)) > X-ASSP-IP-Score: 10 (MX missing: bounce.e.hautelook.com (Mail From:)) > X-ASSP-Message-Score: 15 (A record missing: bounce.e.hautelook.com (Mail > From:)) > X-ASSP-IP-Score: 15 (A record missing: bounce.e.hautelook.com (Mail > From:)) Senderbase doesn't seem to have run either > > I see nothing else to indicate that the machine is having DNS problems of > any kind. It's looking to a set of internal DNS servers that are fast and > reliable - they're used for all of our servers and none of them have any > dns issues. > > It's not light exacttarget, a major mailing company used by big companies, > temporarily removed the A and MX records for this hostname. > > Any idea of what could be going on and how to correct it? Could it be > that this is happening to others but I'm the only one going through almost > every questionally blocked message by hand (hate this part)?? > > > Thanks > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications Performance > metrics, stats and reports that give you Actionable Insights Deep dive > visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test