I'm not sure if I'm missing it, or if not, I'd like to put in a feature
request, but when I run an email through the analyzer, I don't see where
the total score is displayed.
I ran an email that got rejected as spam, even though the IP address was
in my local WL DNS and I saw the following:
*Subject:*[SPAM] [MessageLimit] -FEMA Adds Rockland County for Federal
Assistance
*Feature Matching:*
*•DoNoFrom <https://ns1.mcf.com:55555/#DoNoFrom>*: OK - mode is scoring
*•ARC pass*The most recentAuthenticated-Received-Chain(ARC)-Signature
<http://arc-spec.org/>instance i=1, provided byuntrusted
<https://ns1.mcf.com:55555/#trustedAuthForwarders>host
mx.microsoft.com for domain microsoft.com is valid - details: spf=pass
smtp.mailfrom=fema.dhs.gov; dmarc=pass action=none
header.from=fema.dhs.gov; dkim=pass header.d=fema.dhs.gov; arc=none'
*•DKIM-check returned OK*verified-OK for identity'@fema.dhs.gov'
*•SPF-check returned OK*for67.231.147.98->maria.pad...@fema.dhs.gov,
mx0e-00376703.gpphosted.com
•SPF: pass (cache)
ip=67.231.147.98mailfrom=maria.pad...@fema.dhs.govhelo=mx0e-00376703.gpphosted.com
*•DMARC-check returned OK - results:*dmarc: pass , spf: pass , dkim: pass
*•URIBL check <https://ns1.mcf.com:55555/#ValidateURIBL>*: 'OK'
*•Valid Format of HELO
<https://ns1.mcf.com:55555/#DoValidFormatHelo>*:
'mx0e-00376703.gpphosted.com'
*•IP in Helo check <https://ns1.mcf.com:55555/#DoIPinHelo>*: 'OK'
*•AUTH would be disabled*
*•RBLCheck returned OK for67.231.147.98*: DNSBL:
failed,67.231.147.98listed in bl.mcf.com - message score: 60
•RBLScore: bl.mcf.com -> 127.0.0.8 -> 60
*•domain fema.dhs.gov (in Mail From: , From) has a valid MX record*:
mxb-00376703.gslb.gpphosted.com
*•domainMX mxb-00376703.gslb.gpphosted.com has a valid A
record*:67.231.147.98
*•67.231.147.98PTR record via DNS*: status=PTR OK -
mx0e-00376703.gpphosted.com
*•67.231.147.98is in RWLCache*: status=tusted
*•67.231.147.98SenderBase*: status=not classified, data=[CN=US,
ORG=TELECITYGROUP INTERNATIONAL LIMITED, DOM=proofpoint.com, BLS=,
HNM=Y, CIDR=21, HN=mx0e-00376703.gpphosted.com]
*Feature Matching Log:*
Sep-26-21 12:27:31 [Main_Thread] Info: analyze detected: IP:
'67.231.147.98' , HELO: 'mx0e-00376703.gpphosted.com' , assp-Host:
'assp.xmsi.net'
Sep-26-21 12:27:31 [Main_Thread] Info: forwarding host
'mx.microsoft.com' provided valid ARC-Authentication-Results: i=1;
spf=pass
smtp.mailfrom=fema.dhs.gov; dmarc=pass action=none
header.from=fema.dhs.gov;
dkim=pass header.d=fema.dhs.gov; arc=none
Sep-26-21 12:27:31 [Main_Thread] [scoring] DKIM signature verified-OK
- header-passed - identity is:@fema.dhs.gov- sender policy is: neutral
- author policy is: neutral
Sep-26-21 12:27:31 [Main_Thread] Info: domain fema.dhs.gov has
published a DMARC record
Sep-26-21 12:27:31 [Main_Thread] Info: analyzing MIME header in
incoming email for virus
Sep-26-21 12:27:31 [Main_Thread] Info: analyzing attachments in
incoming email
Sep-26-21 12:27:32 [Main_Thread] Info: word stemming engine detected
no language in mail
Sep-26-21 12:27:32 [Main_Thread] [scoring] DNSBL:
failed,67.231.147.98listed in (bl.mcf.com<-127.0.0.8)
It shows that the IP address is in the RWLCache, but the only score I
see if the 60 from the DNSBL.
Am I missing something?
Thanks.
--
Farokh
----------------------------------------------------------------------------
Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
