Here's another:
195.129.79.64.query.senderbase.org text =
"0-0=1|1=SWITCH COMMUNICATIONS GROUP
LLC|2=6.1|3=6.1|6=0|7=17|8=102080|9=828|20=smtp6.boydgaming.net|21=switchna
p.com|22=Y|23=6.1|24=6.1|25=1204898656|40=4.8|41=4.4|43=4.6|44=7.8|45=N|46=21|48=24|50=Las
Vegas|51=NV|52=89101|53=US|54
=-115.137|55=36.175"
I've got boydgaming\.net in white org, but analyze doesn't show a hit.
On Fri, May 8, 2015 at 12:02 PM, K Post <nntp.p...@gmail.com> wrote:
> Thanks for sticking with this! I'm sorry, but I don't quite follow.
>
> 153.69.214.203 shows a hostname when I query Senderbase
> 0-0=1|1=NCR CORPORATION|2=6.2|3=6.2|6=0|7=2|8=3410716|9=4530|20=
> csmail03.ncrwebhost.com|22=Y|40=4.6|41=4.5|43=4
>
> .4|44=12.2|45=N|46=11|48=24|50=Duluth|51=GA|52=30096|53=US|54=-84.1494|55=33.9791
>
>
> However, in the analyze GUI, it shows:
> 153.69.214.203 SenderBase: status=not classified, data=US, NCR
> CORPORATION, , , Y, 11
>
> I don't understand why the gui wouldn't show the hostname.
>
>
> On Fri, May 8, 2015 at 11:58 AM, Thomas Eckardt <
> thomas.ecka...@thockar.com> wrote:
>
>> It shows the same that stored in the cache - more is not used by assp.
>>
>>
>>
>>
>>
>> Von: K Post <nntp.p...@gmail.com>
>> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
>> Datum: 08.05.2015 17:52
>> Betreff: Re: [Assp-test] Senderbase not always matching domain
>>
>>
>>
>> I hear ya...
>>
>> What about the senderbase result as it appears in the analyze gui? Why
>> isn't this showing the hostname?
>>
>>
>> On Fri, May 8, 2015 at 11:46 AM, Thomas Eckardt
>> <thomas.ecka...@thockar.com>
>> wrote:
>>
>> > >1) Is there a way to have Senderbase return the DOMAIN that it's
>> > guessing?
>> >
>> > ASSP has to take what it gets - DNS is used - retun values are the same
>> > like in nslookup or other DNS tools.
>> >
>> > 2) Is there a way to specify in the White Org file that ASSP uses to
>> only
>> >
>> > the 'White Org file' (regex) is checked against the SB-org and the domai
>> -
>> > no other way.
>> >
>> > Thomas
>> >
>> >
>> >
>> >
>> > Von: K Post <nntp.p...@gmail.com>
>> > An: ASSP development mailing list <assp-test@lists.sourceforge.net>
>> > Datum: 08.05.2015 16:31
>> > Betreff: Re: [Assp-test] Senderbase not always matching domain
>> >
>> >
>> >
>> > Thank you both for sticking with this.
>> >
>> > Greyhat, my name's Ken :) Seriously though, the Force has taught me
>> that
>> > you need to reverse the IP, which makes much more sense. Thanks.
>> >
>> > Thomas, I know ASSP uses DNS, I just didn't know if it was querying
>> > differently than I was testing - and it is, the RIGHT way - reversing
>> the
>> > IP.
>> >
>> > I now see the hostname being returned, and I can match on that through a
>> > regex. Doesn't that open up vulnerability though if a spammer has their
>> > SMTP server's IP address reverse to mtaxxx.e.delta.com? Likely,
>> probably
>> > not, but it's what I would do if I were trying to send spam appearing to
>> > be
>> > from Delta - or worse, one of the banks.
>> >
>> > My language was also incorrect in my original post. I talked about
>> > hostname, but what I'd really like to do is match on the "guess" DOMAIN
>> > name that the senderbase website shows, in this case e.delta.com. So:
>> > 1) Is there a way to have Senderbase return the DOMAIN that it's
>> guessing?
>> > 2) Is there a way to specify in the White Org file that ASSP uses to
>> only
>> > match against network name, hostname, or domain name?
>> >
>> >
>> >
>> >
>> > On Fri, May 8, 2015 at 2:55 AM, Thomas Eckardt
>> > <thomas.ecka...@thockar.com>
>> > wrote:
>> >
>> > > ASSP uses DNS queries for Senderbase.
>> > >
>> > > Thomas
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > Von: K Post <nntp.p...@gmail.com>
>> > > An: ASSP development mailing list
>> <assp-test@lists.sourceforge.net>
>> > > Datum: 07.05.2015 20:36
>> > > Betreff: Re: [Assp-test] Senderbase not always matching domain
>> > >
>> > >
>> > >
>> > > It doesn't seem like the domain is being returned, just the network
>> > name,
>> > > so a lot domains that should result in a white org score, aren't
>> > hitting.
>> > > This doesn't appear to be an ASSP problem
>> > >
>> > > I just did a lookup for the ip 38.100.169.66
>> > > At the senderbase website, it shows a domain of e.delta.com, which I
>> > have
>> > > whitelisted (Delta Airlines)
>> > >
>> > > However, a nslookup for the txt record only shows
>> > > 38.100.169.66.query.senderbase.org text =
>> > >
>> > > "0-0=1|1=CHARTER
>> > >
>> > >
>> >
>> >
>>
>> COMMUNICATIONS|2=7.2|3=7.3|4=62870|6=0|7=47|8=9404927|9=157351|45=N|46=16|48=24|50=Fort
>> > > Worth|5
>> > > 1=TX|52=76114|53=US|54=-97.3972|55=32.7807"
>> > >
>> > > Nowhere to I see e.delta.com which explains why ASSP isn't matching.
>> Is
>> > > this the same way that ASSP queries senderbase? Is there a way to
>> have
>> > > ASSP ask senderbase to return the best guess domain name just like
>> > > SenderBase does on its website? That would solve the problem where
>> the
>> > > netblock is a major carrier, that carrier can't be whitelisted, but
>> the
>> > > domain that's returned (or hostname) is whitelisted.
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > On Tue, May 5, 2015 at 5:34 PM, K Post <nntp.p...@gmail.com> wrote:
>> > >
>> > > > SenderBaseLog was set to standard before. Set it to diagnostic.
>> > > >
>> > > > On Tue, May 5, 2015 at 12:25 PM, Thomas Eckardt <
>> > > > thomas.ecka...@thockar.com> wrote:
>> > > >
>> > > >> > > but where's the senderbase line in the log?
>> > > >>
>> > > >> check SenderBaseLog
>> > > >>
>> > > >> Thomas
>> > > >>
>> > > >>
>> > > >>
>> > > >>
>> > > >> Von: K Post <nntp.p...@gmail.com>
>> > > >> An: ASSP development mailing list
>> > <assp-test@lists.sourceforge.net>
>> > > >> Datum: 05.05.2015 18:21
>> > > >> Betreff: Re: [Assp-test] Senderbase not always matching
>> domain
>> > > >>
>> > > >>
>> > > >>
>> > > >> >good point but I've no answer, sounds like you found a bug
>> > > >> Hopefully Thomas will have some time to look into this.
>> > > >>
>> > > >> Thanks again.
>> > > >>
>> > > >> On Tue, May 5, 2015 at 11:42 AM, Grayhat <gray...@gmx.net> wrote:
>> > > >>
>> > > >> > :: On Tue, 5 May 2015 11:22:07 -0400
>> > > >> > ::
>> > > <CALhpkAnP1_EObYXMgfduF7smppj82gPx1=tbtp+vpsq0xlj...@mail.gmail.com>
>> > > >> > :: K Post <nntp.p...@gmail.com> wrote:
>> > > >> >
>> > > >> > > > Sorry Greyhat, you lost me. What does this show different
>> from
>> > > >> > > > what I was
>> > > >> > > saying? Maybe I wasn't clear.
>> > > >> > > When I pull up the analyze interface in assp it shows only
>> > Cogent,
>> > > >> > > doesn't show e.delta.com, do it's not a match to my regex, and
>> > > >> > > thereby doesn't get the whitesenderorg bonus.
>> > > >> >
>> > > >> > yeah, you're right, it's a strange behavior; I wonder if ASSP is
>> > > using
>> > > >> > the /24 instead of the IP (didn't check the code) ...
>> > > >> >
>> > > >> > > And here's another issue I'm seeing with Senderbase:
>> > > >> > >
>> > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > >> u...@ourcharity.org
>> > > >> > > DKIM-Signature found
>> > > >> >
>> > > >> > and here ASSP says that the message contains a DKIM signature
>> > > >> >
>> > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > >> u...@ourcharity.org
>> > > >> > > info: domain emails.snapfish.com has published a DMARC record
>> > > >> >
>> > > >> > and that the sending MTA domain (emails...) publishes a DMARC
>> > record
>> > > >> >
>> > > >> > http://www.senderbase.org/lookup/?search_string=12.130.137.89
>> > > >> >
>> > > >> > > [MissingMX] 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > >> > > u...@ourcharity.org [scoring] MX missing: emails.snapfish.com
>> > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > >> u...@ourcharity.org
>> > > >> > > Message-Score: added 10 (mxValencePB) for MX missing:
>> > > >> > > emails.snapfish.com, total score for this message is now 10
>> > > >> >
>> > > >> > wrong, the domain has two MX records, that is
>> > > >> >
>> > > >> > MX 10 imh.rsys2.net.
>> > > >> > MX 20 imh2.rsys2.net.
>> > > >> >
>> > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > >> > > u...@ourcharity.org HMM Check [scoring] - Prob: 1.00000 =>
>> spam
>> > > >> > > 12.130.137.89 <snapfish.4...@envfrm.rsys2.com> to:
>> > > >> u...@ourcharity.org
>> > > >> > > Message-Score: added 49 for HMM Probability: 1.0000, total
>> score
>> > > for
>> > > >> > > this message is now 59
>> > > >> >
>> > > >> > ok sounds like HMM isn't properly trained, let's skip this one
>> for
>> > > the
>> > > >> > moment ...
>> > > >> >
>> > > >> > > The from IP in the Responsys network, and I've got that network
>> > > >> > > whitelisted in my senderbasewhite org config. I've got
>> > senderbase
>> > > >> > > set to score. Senderbase logging is set to normal.
>> > > >> >
>> > > >> > here's what senderbase replies when queried (over DNS) for that
>> IP
>> > > >> >
>> > > >> > IP address : 12.130.137.89
>> > > >> > version : 1
>> > > >> > org_name : RESPONSYS
>> > > >> > org_daily_magnitude : 7.3
>> > > >> > org_monthly_magnitude : 7.2
>> > > >> > org_first_message : 0
>> > > >> > org_domains_count : 3
>> > > >> > org_ip_controlled_count : 5640
>> > > >> > org_ip_used_count : 2889
>> > > >> > hostname : omp.emails.snapfish.com
>> > > >> > hostname_matches_ip : Y
>> > > >> > ip_daily_magnitude : 4.1
>> > > >> > ip_monthly_magnitude : 4.7
>> > > >> > ip_average_magnitude : 4.8
>> > > >> > ip_30_day_volume_percent : 7.8
>> > > >> > ip_in_bonded_sender : N
>> > > >> > ip_cidr_range : 12.130.136.0/22
>> > > >> > undocumented #48 : 24
>> > > >> > ip_country : US
>> > > >> > ip_longitude : -97.0
>> > > >> > ip_latitude : 38.0
>> > > >> >
>> > > >> > so, yes, the ASSP org check should match that "RESPONSYS" if you
>> > > placed
>> > > >> > it in whiteorg
>> > > >> >
>> > > >> >
>> > > >> > > In the ASSP analyze interface, it shows a WHITE match as it
>> > > should)
>> > > >> > > 12.130.137.89 SenderBase: status=white SenderBase,
>> > > >> > > data=US, RESPONSYS, , , Y, 22
>> > > >> > > but where's the senderbase line in the log?
>> > > >> >
>> > > >> > good point but I've no answer, sounds like you found a bug
>> > > >> >
>> > > >> >
>> > > >> >
>> > > >> >
>> > > >>
>> > > >>
>> > >
>> > >
>> >
>> >
>>
>> ------------------------------------------------------------------------------
>> > > >> > One dashboard for servers and applications across
>> > > Physical-Virtual-Cloud
>> > > >> > Widest out-of-the-box monitoring support with 50+ applications
>> > > >> > Performance metrics, stats and reports that give you Actionable
>> > > Insights
>> > > >> > Deep dive visibility with transaction tracing using APM Insight.
>> > > >> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> > > >> > _______________________________________________
>> > > >> > Assp-test mailing list
>> > > >> > Assp-test@lists.sourceforge.net
>> > > >> > https://lists.sourceforge.net/lists/listinfo/assp-test
>> > > >> >
>> > > >>
>> > > >>
>> > >
>> > >
>> >
>> >
>>
>> ------------------------------------------------------------------------------
>> > > >> One dashboard for servers and applications across
>> > > Physical-Virtual-Cloud
>> > > >> Widest out-of-the-box monitoring support with 50+ applications
>> > > >> Performance metrics, stats and reports that give you Actionable
>> > > Insights
>> > > >> Deep dive visibility with transaction tracing using APM Insight.
>> > > >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> > > >> _______________________________________________
>> > > >> Assp-test mailing list
>> > > >> Assp-test@lists.sourceforge.net
>> > > >> https://lists.sourceforge.net/lists/listinfo/assp-test
>> > > >>
>> > > >>
>> > > >>
>> > > >>
>> > > >>
>> > > >>
>> > > >> DISCLAIMER:
>> > > >> *******************************************************
>> > > >> This email and any files transmitted with it may be confidential,
>> > > legally
>> > > >> privileged and protected in law and are intended solely for the use
>> > of
>> > > the
>> > > >>
>> > > >> individual to whom it is addressed.
>> > > >> This email was multiple times scanned for viruses. There should be
>> no
>> > > >> known virus in this email!
>> > > >> *******************************************************
>> > > >>
>> > > >>
>> > > >>
>> > >
>> > >
>> >
>> >
>>
>> ------------------------------------------------------------------------------
>> > > >> One dashboard for servers and applications across
>> > > Physical-Virtual-Cloud
>> > > >> Widest out-of-the-box monitoring support with 50+ applications
>> > > >> Performance metrics, stats and reports that give you Actionable
>> > > Insights
>> > > >> Deep dive visibility with transaction tracing using APM Insight.
>> > > >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> > > >> _______________________________________________
>> > > >> Assp-test mailing list
>> > > >> Assp-test@lists.sourceforge.net
>> > > >> https://lists.sourceforge.net/lists/listinfo/assp-test
>> > > >>
>> > > >
>> > > >
>> > >
>> > >
>> >
>> >
>>
>> ------------------------------------------------------------------------------
>> > > One dashboard for servers and applications across
>> Physical-Virtual-Cloud
>> > > Widest out-of-the-box monitoring support with 50+ applications
>> > > Performance metrics, stats and reports that give you Actionable
>> Insights
>> > > Deep dive visibility with transaction tracing using APM Insight.
>> > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> > > _______________________________________________
>> > > Assp-test mailing list
>> > > Assp-test@lists.sourceforge.net
>> > > https://lists.sourceforge.net/lists/listinfo/assp-test
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > DISCLAIMER:
>> > > *******************************************************
>> > > This email and any files transmitted with it may be confidential,
>> > legally
>> > > privileged and protected in law and are intended solely for the use of
>> > the
>> > >
>> > > individual to whom it is addressed.
>> > > This email was multiple times scanned for viruses. There should be no
>> > > known virus in this email!
>> > > *******************************************************
>> > >
>> > >
>> > >
>> >
>> >
>>
>> ------------------------------------------------------------------------------
>> > > One dashboard for servers and applications across
>> Physical-Virtual-Cloud
>> > > Widest out-of-the-box monitoring support with 50+ applications
>> > > Performance metrics, stats and reports that give you Actionable
>> Insights
>> > > Deep dive visibility with transaction tracing using APM Insight.
>> > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> > > _______________________________________________
>> > > Assp-test mailing list
>> > > Assp-test@lists.sourceforge.net
>> > > https://lists.sourceforge.net/lists/listinfo/assp-test
>> > >
>> >
>> >
>>
>> ------------------------------------------------------------------------------
>> > One dashboard for servers and applications across Physical-Virtual-Cloud
>> > Widest out-of-the-box monitoring support with 50+ applications
>> > Performance metrics, stats and reports that give you Actionable Insights
>> > Deep dive visibility with transaction tracing using APM Insight.
>> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> > _______________________________________________
>> > Assp-test mailing list
>> > Assp-test@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/assp-test
>> >
>> >
>> >
>> >
>> >
>> >
>> > DISCLAIMER:
>> > *******************************************************
>> > This email and any files transmitted with it may be confidential,
>> legally
>> > privileged and protected in law and are intended solely for the use of
>> the
>> >
>> > individual to whom it is addressed.
>> > This email was multiple times scanned for viruses. There should be no
>> > known virus in this email!
>> > *******************************************************
>> >
>> >
>> >
>>
>> ------------------------------------------------------------------------------
>> > One dashboard for servers and applications across Physical-Virtual-Cloud
>> > Widest out-of-the-box monitoring support with 50+ applications
>> > Performance metrics, stats and reports that give you Actionable Insights
>> > Deep dive visibility with transaction tracing using APM Insight.
>> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> > _______________________________________________
>> > Assp-test mailing list
>> > Assp-test@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/assp-test
>> >
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential, legally
>> privileged and protected in law and are intended solely for the use of the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
