Hi Farokh, Right or wrong, if an analyzer doesn't show me what's needed, I generally will look in the full log. I search by message-ID.
On Tue, Sep 28, 2021 at 9:02 AM Farokh - Best Tech Service, LLC < far...@besttechsvc.com> wrote: > OK, got it. > > My question then is how do I determine why a particular email was blocked > when I don't think it should have been. > > In the example below, the IP address was in my local DNS WL, but because > the IP fell into a range that was in my local BL as well, then message was > rejected. > > Thanks. > > Farokh > ---------------------------------------------------------------------------- > Best Tech Service, LLC - When only the Best Tech will do... > For all your technology needs including hosting solutions. > Office: 845-735-0210 > Cell: 914-262-1594 > Like us on Facebook: https://www.facebook.com/besttechsvc > > On 9/27/21 03:42, Thomas Eckardt wrote: > > all analyzer feature matching results are 'STATELESS' - read the bottom of > the analyzer web page > > Thomas > > > > > > Von: "Farokh - Best Tech Service, LLC" <far...@besttechsvc.com> > <far...@besttechsvc.com> > An: "For Users of ASSP" <assp-user@lists.sourceforge.net> > <assp-user@lists.sourceforge.net> > Datum: 26.09.2021 18:52 > Betreff: [Assp-user] Mail analyzer question > ------------------------------ > > > > I'm not sure if I'm missing it, or if not, I'd like to put in a feature > request, but when I run an email through the analyzer, I don't see where > the total score is displayed. > I ran an email that got rejected as spam, even though the IP address was > in my local WL DNS and I saw the following: > *Subject: *[SPAM] [MessageLimit] -FEMA Adds Rockland County for Federal > Assistance > * Feature Matching:* > > * •* *DoNoFrom* <https://ns1.mcf.com:55555/#DoNoFrom>: OK - mode is > scoring > * •** ARC pass* The most recent > *Authenticated-Received-Chain(ARC)-Signature* <http://arc-spec.org/> instance > i=1, provided by *untrusted* > <https://ns1.mcf.com:55555/#trustedAuthForwarders> host mx.microsoft.com > for domain microsoft.com is valid - details: spf=pass smtp.mailfrom= > fema.dhs.gov; dmarc=pass action=none header.from=fema.dhs.gov; dkim=pass > header.d=fema.dhs.gov; arc=none' > * •** DKIM-check returned OK* verified-OK for identity '@fema.dhs.gov' > * •** SPF-check returned OK* for 67.231.147.98 -> > maria.pad...@fema.dhs.gov, mx0e-00376703.gpphosted.com > • SPF: pass (cache) ip=67.231.147.98 mailfrom=maria.pad...@fema.dhs.gov > helo=mx0e-00376703.gpphosted.com > * •** DMARC-check returned OK - results:* dmarc: pass , spf: pass , dkim: > pass > * •* *URIBL check* <https://ns1.mcf.com:55555/#ValidateURIBL>: 'OK' > * •* *Valid Format of HELO* <https://ns1.mcf.com:55555/#DoValidFormatHelo>: > 'mx0e-00376703.gpphosted.com' > * •* *IP in Helo check* <https://ns1.mcf.com:55555/#DoIPinHelo>: 'OK' > * •** AUTH would be disabled* > * •** RBLCheck returned OK for 67.231.147.98*: DNSBL: failed, > 67.231.147.98 listed in bl.mcf.com - message score: 60 > • RBLScore: bl.mcf.com -> 127.0.0.8 -> 60 > * •** domain fema.dhs.gov <http://fema.dhs.gov> (in Mail From: , From) > has a valid MX record*: mxb-00376703.gslb.gpphosted.com > * •** domainMX mxb-00376703.gslb.gpphosted.com > <http://mxb-00376703.gslb.gpphosted.com> has a valid A record*: > 67.231.147.98 > * •** 67.231.147.98 PTR record via DNS*: status=PTR OK - > mx0e-00376703.gpphosted.com > * •** 67.231.147.98 is in RWLCache*: status=tusted > * •** 67.231.147.98 SenderBase*: status=not classified, data=[CN=US, > ORG=TELECITYGROUP INTERNATIONAL LIMITED, DOM=proofpoint.com, BLS=, HNM=Y, > CIDR=21, HN=mx0e-00376703.gpphosted.com] > > * Feature Matching Log:* > > Sep-26-21 12:27:31 [Main_Thread] Info: analyze detected: IP: ' > 67.231.147.98' , HELO: 'mx0e-00376703.gpphosted.com' , assp-Host: ' > assp.xmsi.net' > Sep-26-21 12:27:31 [Main_Thread] Info: forwarding host 'mx.microsoft.com' > provided valid ARC-Authentication-Results: i=1; spf=pass > smtp.mailfrom=fema.dhs.gov; dmarc=pass action=none header.from= > fema.dhs.gov; > dkim=pass header.d=fema.dhs.gov; arc=none > Sep-26-21 12:27:31 [Main_Thread] [scoring] DKIM signature verified-OK - > header-passed - identity is: @fema.dhs.gov - sender policy is: neutral - > author policy is: neutral > Sep-26-21 12:27:31 [Main_Thread] Info: domain fema.dhs.gov has published > a DMARC record > Sep-26-21 12:27:31 [Main_Thread] Info: analyzing MIME header in incoming > email for virus > Sep-26-21 12:27:31 [Main_Thread] Info: analyzing attachments in incoming > email > Sep-26-21 12:27:32 [Main_Thread] Info: word stemming engine detected no > language in mail > Sep-26-21 12:27:32 [Main_Thread] [scoring] DNSBL: failed, 67.231.147.98 listed > in (bl.mcf.com<-127.0.0.8) > It shows that the IP address is in the RWLCache, but the only score I see > if the 60 from the DNSBL. > Am I missing something? > Thanks. > -- > > Farokh > > ---------------------------------------------------------------------------- > Best Tech Service, LLC - When only the Best Tech will do... > For all your technology needs including hosting solutions. > Office: 845-735-0210 > Cell: 914-262-1594 > Like us on Facebook: *https://www.facebook.com/besttechsvc* > <https://www.facebook.com/besttechsvc> > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > > _______________________________________________ > Assp-user mailing > listAssp-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/assp-user > > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user >
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user