> A record for the sender's hostname (bounces.woot.com does have an
And I explained - having a hostname does not mean, that there is a SMTP
host and this is what assp wants to see. Doing a more complex check is not
usefull for assp.
This check is not powerfull, it is a very very simple check. Every spammer
who owns a domain can define a MX and A record wihout providing any SMTP
services.
This check will not be changed.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 20.04.2018 17:49
Betreff: Re: [Assp-test] Incorrect no A record
Woot (Amazon owned) is stupid. I have reported for months, but they don't
listen. They're not the only ones doing this though. It's the case of
lousy IT with marketing people who don't understand tech.
I don't think I did a very good of explaining what I'm thinking. Sorry.
I won't not turn off MX / MXA checking, it's way too powerful of a
feature, but I do think there's room for improvement. Please allow me to
try one last time more concisely.
Summary: I'd like you to consider MXA as
If there is an MX record, make sure there's an A record for that MX record
(no change to functionality)
But, if we know there's no MX record, then instead of automatically
assigning the MXA socre too as is done now, first check for an A record
for the sender's hostname (bounces.woot.com does have an IP address, so
don't double score). If there wasn't even an A record for
bounces.woot.com then you'd also assign the MXA penalty.
This would be helpful for the handful of organizations that we have to
deal with who don't know what they're doing and have no MX record for some
sender addresses but do have an A record for them.
On Fri, Apr 20, 2018 at 5:26 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
>Why not check if an A record exists for the sender hostname?
What we are talking about here?
bounces.woot.com has no MX record and there is NO SMTP service available
for this subdomain (A record) -> IT IS NOT ALLOWED to use this subdomain
in an email addresses in SMTP traffic.
If you have problems receiving emails from this subdomain, contact the
domain holder and advise him to correct the DNS records.
ASSP does NOT check if, there is a SMTP service available for a given
domain/subdomain. For this reason it IS NONSENSE to change this check ( in
your suggested way ). The possibly existing A record may point to anything
else, but not to a SMTP host. Again, this check is a indicator not a RFC
compliance check. An RFC compliance check would mean:
- check the MX record(s) or use the A record
- check that port 25 is opened at at least one IP (MX or A)
- check that there is a postmas...@domain.tld available
- check the given email address exists (is accepted)
Such a check would simply take too long.
If YOU don't like this check as it is - switch it OFF.
I feel very comfortable with the current behavior of this check.
My statistic over all ever processed mails is:
block MX+MXA: 0.95%
score MX : 0.95%
score MXA : 5%
with not a single false positive!
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 19.04.2018 23:19
Betreff: Re: [Assp-test] Incorrect no A record
But if the MX is missing, with your check the MXA will obviously always
fail. Why not check if an A record exists for the sender hostname?
That's legal per RFC. That would avoid forcing manual tracking and
turning on mxcaching (which I don't do because so many of our vendors are
idiots and often mess up their records, I want it to check every time).
On Thu, Apr 19, 2018 at 7:20 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
1. a mail is only blocked if both MX and MXA failed
2. using the defaults for mxValencePB(10) and mxaValencePB(15) the
resulting score is:
- no MX : 25
- no MXA : 10
This check follows not any RFC. It assumes, that a missing MX and a
missing MXA are very good indicators for spam sources.
You have three options.
1. disable this check
2. adjust the penalty score settings to your needs
3. add long life entries for failing domains to the MXACache manually
(means - fake the MX and MXA)
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 18.04.2018 16:45
Betreff: Re: [Assp-test] Incorrect no A record
I'm sorry for my recent volume of email to this list. I feel like this
discussion has led to some significant ASSP improvements. Thank you for
continuing to entertain my ideas.
Summary:
This doesn't happen very often, because what legit senders don't use an MX
these days, but woot/amazon apparently does. My suggestion is to slightly
change assp as follows
1) score for missing MX record (existing functionality)
2) score if there IS an MX record, but there's no IP for that - or if the
mx record is an ip address itself, make sure there is a valid ptr if
doinvalidptr is enabled (change: only do this if there IS an mx record)
3) score if there's no MX record and there's no IP for the hostname of the
sender address (new functionality)
Please allow to explain my thinking:
Isn't it completely legal to send mail from bounces.woot.com even though
there's no MX record since there IS an A record for it? RFC5321 says
If an empty list of MXs is returned, the address is treated as if it
was associated with an implicit MX RR, with a preference of 0, pointing to
that host.
(if there's no MX, send to the A record)
Now granted, this is unusual, but it's legal and woot/Amazon appears to be
doing it. I've seen other legit senders only have an A address,
especially for the bounce.whatever.com domains. I don't know why they do
this, but they do.
I DO think these kind of senders should be penalized for not having an MX
record because that is kind of spammy, but to penalize a second time
because there's no A record associated with the non-existent MX record
seems too extreme, if there's a missing MX record there will of course
never be an A record for that MX, because there is no MX. I think this is
flawed. If there's a no MX score, MXA will also ALWAYS be added. The
only time MXA gets added without the MX score is when there's an mx record
but there's no a record/ptr. I'd think we would want this to be one or
the other score for these 2 and my 1-2-3 suggestion above accomplishes
that.
My #3 option comes into play when there's no MX record (which is legal)
but there's also no A record (which isn't legal if there's no MX record).
I always assumed (I guess incorrectly) that if there was no MX record,
ASSP checked for an IP Address for the hostname of the sending address.
That's what DoDomainCheck implies to me at least. Sometimes it's just one
word that can make the difference, here for me it's "or." My confusion
stems from my thought that the sender address is checked fora valid MX OR
for an A record like the description says.
DoDomainCheck
If activated, the sender address and each address found in the following
header lines (ReturnReceipt:, Return-Receipt-To:,
Disposition-Notification-To:, Return-Path:, Reply-To:, Sender:,
Errors-To:, List-...:) is checked for a valid MX or A record. Scoring is
done for non existing MX ( mxValencePB ) record and non existing A record
( mxaValencePB ) - a messages fails (block), if both records are not
found. If only an IP-address is found for a MX, the A record check fails,
if the IP has no valid PTR and DoInvalidPTR is enabled.
The sender address is checked for MX, but it is not checked for an A -
it's the MX record (which doesn't exist) that's being checked for the A.
With my option 3, the A check for a missing MX wouldn't be done, but an A
check for the hostname would. If neither exists we could score pretty
high.
What do you think?
On Wed, Apr 18, 2018 at 4:24 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
I can't find anything wrong.
There is no MX record - and for this reason, there can't be an A record
for the MX [MissingMXA] .
Remember - the A record check is done for the MX - not for anything else!
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 17.04.2018 22:24
Betreff: [Assp-test] Incorrect no A record
I've got a constant problem with emails from woot.com (an Amazon.com
company). This has been going on at least for a month and I'm baffled
(no surprise there :) )
I've not seen this with any other sender, but it could be happening
elsewhere and I just don't notice.
Their mail from: is longstr...@bounces.woot.com
This domain does not have a MX record set (surprising for Amazon), so it's
scored
This DOES have an A record though, but ASSP reports MissingMXA
(only significant log lines shown)
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com>
to: ouru...@ourcharity.org woot.com - MX 'amazon-smtp.amazon.com' - got IP
(207.171.188.180)
Apr-17-18 15:34:58 74882-14329 [MissingMX] 54.240.15.37 <
longstr...@bounces.woot.com> to: ouru...@ourcharity.org [[scoring]] MX
missing: bounces.woot.com (Mail From:)
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com>
to: ouru...@ourcharity.org Message-Score: added 10 (mxValencePB) for MX
missing: bounces.woot.com (Mail From:), total score for this message is
now 3
Apr-17-18 15:34:58 74882-14329 [MissingMXA] 54.240.15.37 <
longstr...@bounces.woot.com> to: ouru...@ourcharity.org [[scoring]] A
record missing: bounces.woot.com (Mail From:)
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com>
to: ouru...@ourcharity.org Message-Score: added 15 (mxaValencePB) for A
record missing: bounces.woot.com (Mail From:), total score for this
message is now 18
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com>
to: ouru...@ourcharity.org MX found: woot.com (From) ->
amazon-smtp.amazon.com
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com>
to: ouru...@ourcharity.org A record found: woot.com (From) ->
207.171.188.180
I thought it might be a caching thing, but PTRCacheInterval and
MXChacheInterval are both 0.
I did an nslookup using the dns servers that ASSP uses and I get the A
record for bounces.woot.com
Any idea how this could be happening?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
