We've have SPAM emails which appear to be sent via sendgrid.net but have the 
FROM: domain of one of our domains we host. The ASSP filter does not appear to 
be catching these in something that should be detected as a relay. Any 
suggestions? 

Thanks, Brian S 

- Running: 2.6.4 build 20224 



Below is from the Mail Analyzer: 



analyze is restricted to a maximum length of 8069 bytes attachments will be 
fully scanned for viruses text processing uses unicode normalization regular 
expression matches and results are truncated to 32 (RegExLength) characters 

ASSP-ID: assp.epiinc.inet m1-56277-01738 

ASSP-Session: 7F3401180A68 (mail 1) 

removed all local X-ASSP- header lines for analysis Connecting IP: ' [ 
callto:149.72.31.47 | 149.72.31.47 ] ' 

ASN-info: ASN: 11377 , RIP/Mask: 149.72.24.0/21 Connecting HELO: 
wrqvkfnf.outbound-mail.sendgrid.net 



sender and reply addresses: 

MAIL FROM: [ mailto:bounces+14132192-d80c-info=delanoservice....@sendgrid.net | 
bounces+14132192-d80c-info=delanoservice....@sendgrid.net ] 

Return-Path: [ mailto:bounces+14132192-d80c-info=delanoservice....@sendgrid.net 
| bounces+14132192-d80c-info=delanoservice....@sendgrid.net ] 

From: [ mailto:do_not_re...@delanoservice.com | do_not_re...@delanoservice.com 
] 



recipient addresses: 

RCPT TO: [ mailto:i...@delanoservice.com | i...@delanoservice.com ] 

To: [ mailto:i...@delanoservice.com | i...@delanoservice.com ] 



Subject: Ownership Email Setup 

Feature Matching: 



. DoNoFrom: OK - mode is scoring 

. [ callto:149.72.31.47 | 149.72.31.47 ] is in SPFCache: status=pass with 
helo=wrqvkfnf.outbound-mail.sendgrid.net 

. DKIM-check returned OK verified-OK for identity '@sendgrid.net' 

. SPF-check returned OK for [ callto:149.72.31.47 | 149.72.31.47 ] -> 

[ mailto:bounces+14132192-d80c-info=delanoservice....@sendgrid.net | 
bounces+14132192-d80c-info=delanoservice....@sendgrid.net ] , 

wrqvkfnf.outbound-mail.sendgrid.net 

. SPF: pass (cache) ip= [ callto:149.72.31.47 | 149.72.31.47 ] 

[ mailto:mailfrom=bounces+14132192-d80c-info=delanoservice....@sendgrid.net | 
mailfrom=bounces+14132192-d80c-info=delanoservice....@sendgrid.net ] 

helo=wrqvkfnf.outbound-mail.sendgrid.net 

. URIBL check: 'OK' 

. URIBL result: 'URIBL: neutral, u14132192.ct.sendgrid.net listed in 
multi.surbl.org' 

URIBL listed by: multi.surbl.org<-127.0.0.8; . Valid Format of HELO: 
'wrqvkfnf.outbound-mail.sendgrid.net' 

. IP in Helo check: 'OK' 

. AUTH would be disabled 

. RBLCacheCheck returned OK for [ callto:149.72.31.47 | 149.72.31.47 ] : 
inserted as ok at 2020-08-18 

08:32:16 

. domain sendgrid.net (in Mail From: , Return-Path) has a valid MX record: 

mx.sendgrid.net 

. domainMX mx.sendgrid.net has a valid A record: [ callto:167.89.123.50 . 
149.72 | 167.89.123.50 . 149.72 ] .31.47 is in PTRCache: status=PTR OK - 
wrqvkfnf.outbound-mail.sendgrid.net 

. [ callto:149.72.31.47 | 149.72.31.47 ] is in RWLCache: status=not listed . [ 
callto:149.72.31.47 | 149.72.31.47 ] SenderBase: status=not classified, 
data=[CN=US, ORG=STEADFAST, DOM=sendgrid.net, BLS=, HNM=Y, CIDR=20, 
HN=wrqvkfnf.outbound-mail] 



Feature Matching Log: 



Aug-19-20 10:37:28 [Main_Thread] Info: analyze detected: IP: 

' [ callto:149.72.31.47 | 149.72.31.47 ] ' , HELO: 
'wrqvkfnf.outbound-mail.sendgrid.net' , assp-Host: 

'assp.epiinc.inet' 

Aug-19-20 10:37:29 [Main_Thread] [scoring] DKIM signature verified-OK - pass - 
identity is: @sendgrid.net - sender policy is: accept - author policy is: 
accept 

Aug-19-20 10:37:29 [Main_Thread] Info: analyzing MIME header in incoming email 
for virus 

Aug-19-20 10:37:29 [Main_Thread] Info: analyzing attachments in incoming email 
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to