I'm sorry for my recent volume of email to this list. I feel like this
discussion has led to some significant ASSP improvements. Thank you for
continuing to entertain my ideas.
Summary:
This doesn't happen very often, because what legit senders don't use an MX
these days, but woot/amazon apparently does. My suggestion is to slightly
change assp as follows
1) score for missing MX record (existing functionality)
2) score if there IS an MX record, but there's no IP for that - or if the
mx record is an ip address itself, make sure there is a valid ptr if
doinvalidptr is enabled (change: only do this if there IS an mx record)
3) score if there's no MX record and there's no IP for the hostname of the
sender address (new functionality)
Please allow to explain my thinking:
Isn't it completely legal to send mail from bounces.woot.com even though
there's no MX record since there IS an A record for it? RFC5321 says
If an empty list of MXs is returned, the address is treated as if
it was associated with an implicit MX RR, with a preference of 0,
pointing to that host.
(if there's no MX, send to the A record)
Now granted, this is unusual, but it's legal and woot/Amazon appears to be
doing it. I've seen other legit senders only have an A address, especially
for the bounce.whatever.com domains. I don't know why they do this, but
they do.
I DO think these kind of senders should be penalized for not having an MX
record because that is kind of spammy, but to penalize a second time
because there's *no A record associated with the non-existent MX* record
seems too extreme, if there's a missing MX record there will of course
never be an A record for that MX, because there is no MX. I think this is
flawed. If there's a no MX score, MXA will also ALWAYS be added. The
only time MXA gets added without the MX score is when there's an mx record
but there's no a record/ptr. I'd think we would want this to be one or the
other score for these 2 and my 1-2-3 suggestion above accomplishes that.
My #3 option comes into play when there's no MX record (which is legal) but
there's also no A record (which isn't legal if there's no MX record). I
always assumed (I guess incorrectly) that if there was no MX record, ASSP
checked for an IP Address for the hostname of the sending address. That's
what DoDomainCheck implies to me at least. Sometimes it's just one word
that can make the difference, here for me it's "or." My confusion stems
from my thought that the sender address is checked fora valid MX OR for an
A record like the description says.
DoDomainCheck
If activated, the sender address and each address found in the following
header lines (ReturnReceipt:, Return-Receipt-To:,
Disposition-Notification-To:, Return-Path:, Reply-To:, Sender:, Errors-To:,
List-...:)* is checked for a valid MX or A record*. Scoring is done for non
existing MX ( mxValencePB ) record and non existing A record ( mxaValencePB
) - a messages fails (block), if both records are not found. If only an
IP-address is found for a MX, the A record check fails, if the IP has no
valid PTR and DoInvalidPTR is enabled.
The sender address is checked for MX, but it is not checked for an A - it's
the MX record (which doesn't exist) that's being checked for the A. With
my option 3, the A check for a missing MX wouldn't be done, but an A check
for the hostname would. If neither exists we could score pretty high.
What do you think?
On Wed, Apr 18, 2018 at 4:24 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> I can't find anything wrong.
>
> There is no MX record - and for this reason, there can't be an A record
> for the MX *[MissingMXA]* .
> Remember - the A record check is done for the MX - not for anything else!
>
> Thomas
>
>
>
>
> Von: "K Post" <nntp.p...@gmail.com>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.n
> et>
> Datum: 17.04.2018 22:24
> Betreff: [Assp-test] Incorrect no A record
> ------------------------------
>
>
>
> I've got a constant problem with emails from *woot.com* <http://woot.com/>
> (an Amazon.com company). This has been going on at least for a month and
> I'm baffled (no surprise there :) )
> I've not seen this with any other sender, but it could be happening
> elsewhere and I just don't notice.
>
> Their mail from: is *longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>
> This domain does not have a MX record set (surprising for Amazon), so it's
> scored
> This DOES have an A record though, but ASSP reports MissingMXA
>
>
> (only significant log lines shown)
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org *woot.com*
> <http://woot.com/> - MX '*amazon-smtp.amazon.com*
> <http://amazon-smtp.amazon.com/>' - got IP (207.171.188.180)
> Apr-17-18 15:34:58 74882-14329 [MissingMX] 54.240.15.37 <
> *longstr...@bounces.woot.com* <longstr...@bounces.woot.com>> to:
> ouru...@ourcharity.org [[scoring]] MX missing: *bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:)
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org Message-Score:
> added 10 (mxValencePB) for MX missing: *bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:), total score for this message is
> now 3
> Apr-17-18 15:34:58 74882-14329 *[MissingMXA]* 54.240.15.37 <
> *longstr...@bounces.woot.com* <longstr...@bounces.woot.com>> to:
> ouru...@ourcharity.org [[scoring]] *A record missing: **bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:)
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org Message-Score:
> added 15 (mxaValencePB) for A record missing: *bounces.woot.com*
> <http://bounces.woot.com/> (Mail From:), total score for this message is
> now 18
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org MX found:
> *woot.com* <http://woot.com/> (From) -> *amazon-smtp.amazon.com*
> <http://amazon-smtp.amazon.com/>
> Apr-17-18 15:34:58 74882-14329 54.240.15.37 <*longstr...@bounces.woot.com*
> <longstr...@bounces.woot.com>> to: ouru...@ourcharity.org A record found:
> *woot.com* <http://woot.com/> (From) -> 207.171.188.180
>
> I thought it might be a caching thing, but PTRCacheInterval and
> MXChacheInterval are both 0.
> I did an nslookup using the dns servers that ASSP uses and I get the A
> record for *bounces.woot.com* <http://bounces.woot.com/>
>
> Any idea how this could be happening?
>
>
>
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
