:: On Tue, 5 May 2015 11:22:07 -0400 :: <CALhpkAnP1_EObYXMgfduF7smppj82gPx1=tbtp+vpsq0xlj...@mail.gmail.com> :: K Post <nntp.p...@gmail.com> wrote:
> > Sorry Greyhat, you lost me. What does this show different from > > what I was > saying? Maybe I wasn't clear. > When I pull up the analyze interface in assp it shows only Cogent, > doesn't show e.delta.com, do it's not a match to my regex, and > thereby doesn't get the whitesenderorg bonus. yeah, you're right, it's a strange behavior; I wonder if ASSP is using the /24 instead of the IP (didn't check the code) ... > And here's another issue I'm seeing with Senderbase: > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: u...@ourcharity.org > DKIM-Signature found and here ASSP says that the message contains a DKIM signature > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: u...@ourcharity.org > info: domain emails.snapfish.com has published a DMARC record and that the sending MTA domain (emails...) publishes a DMARC record http://www.senderbase.org/lookup/?search_string=12.130.137.89 > [MissingMX] 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: > u...@ourcharity.org [scoring] MX missing: emails.snapfish.com > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: u...@ourcharity.org > Message-Score: added 10 (mxValencePB) for MX missing: > emails.snapfish.com, total score for this message is now 10 wrong, the domain has two MX records, that is MX 10 imh.rsys2.net. MX 20 imh2.rsys2.net. > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: > u...@ourcharity.org HMM Check [scoring] - Prob: 1.00000 => spam > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to: u...@ourcharity.org > Message-Score: added 49 for HMM Probability: 1.0000, total score for > this message is now 59 ok sounds like HMM isn't properly trained, let's skip this one for the moment ... > The from IP in the Responsys network, and I've got that network > whitelisted in my senderbasewhite org config. I've got senderbase > set to score. Senderbase logging is set to normal. here's what senderbase replies when queried (over DNS) for that IP IP address : 12.130.137.89 version : 1 org_name : RESPONSYS org_daily_magnitude : 7.3 org_monthly_magnitude : 7.2 org_first_message : 0 org_domains_count : 3 org_ip_controlled_count : 5640 org_ip_used_count : 2889 hostname : omp.emails.snapfish.com hostname_matches_ip : Y ip_daily_magnitude : 4.1 ip_monthly_magnitude : 4.7 ip_average_magnitude : 4.8 ip_30_day_volume_percent : 7.8 ip_in_bonded_sender : N ip_cidr_range : 12.130.136.0/22 undocumented #48 : 24 ip_country : US ip_longitude : -97.0 ip_latitude : 38.0 so, yes, the ASSP org check should match that "RESPONSYS" if you placed it in whiteorg > In the ASSP analyze interface, it shows a WHITE match as it should) > 12.130.137.89 SenderBase: status=white SenderBase, > data=US, RESPONSYS, , , Y, 22 > but where's the senderbase line in the log? good point but I've no answer, sounds like you found a bug ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
