Re: [Assp-test] Incorrect no A record

Thu, 19 Apr 2018 04:21:33 -0700 

1. a mail is only blocked if both MX and MXA failed
2. using the defaults for mxValencePB(10) and mxaValencePB(15) the 
resulting score is:
 - no MX : 25
 - no MXA : 10

This check follows not any RFC. It assumes, that a missing MX and a 
missing MXA are very good indicators for spam sources.

You have three options.

1. disable this check
2. adjust the penalty score settings to your needs
3. add long life entries for failing domains to the MXACache manually 
(means - fake the MX and MXA)

Thomas



Von:    "K Post" <nntp.p...@gmail.com>
An:     "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum:  18.04.2018 16:45
Betreff:        Re: [Assp-test] Incorrect no A record



I'm sorry for my recent volume of email to this list.  I feel like this 
discussion has led to some significant ASSP improvements.  Thank you for 
continuing to entertain my ideas.

Summary:
This doesn't happen very often, because what legit senders don't use an MX 
these days, but woot/amazon apparently does.  My suggestion is to slightly 
change assp as follows 
1) score for missing MX record  (existing functionality)
2) score if there IS an MX record, but there's no IP for that - or if the 
mx record is an ip address itself, make sure there is a valid ptr if 
doinvalidptr is enabled  (change: only do this if there IS an mx record)
3) score if there's no MX record and there's no IP for the hostname of the 
sender address (new functionality)

Please allow to explain my thinking:
Isn't it completely legal to send mail from bounces.woot.com even though 
there's no MX record since there IS an A record for it?  RFC5321 says
    If an empty list of MXs is returned, the address is treated as if it 
was associated with an implicit MX RR, with a preference of 0, pointing to 
that host.
(if there's no MX, send to the A record)

Now granted, this is unusual, but it's legal and woot/Amazon appears to be 
doing it.  I've seen other legit senders only have an A address, 
especially for the bounce.whatever.com domains.  I don't know why they do 
this, but they do.  

I DO think these kind of senders should be penalized for not having an MX 
record because that is kind of spammy, but to penalize a second time 
because there's no A record associated with the non-existent MX record 
seems too extreme, if there's a missing MX record there will of course 
never be an A record for that MX, because there is no MX.  I think this is 
flawed.   If there's a no MX score, MXA will also ALWAYS be added.  The 
only time MXA gets added without the MX score is when there's an mx record 
but there's no a record/ptr.  I'd think we would want this to be one or 
the other score for these 2 and my 1-2-3 suggestion above accomplishes 
that.


My #3 option comes into play when there's no MX record (which is legal) 
but there's also no A record (which isn't legal if there's no MX record). 
I always assumed (I guess incorrectly) that if there was no MX record, 
ASSP checked for an IP Address for the hostname of the sending address. 
That's what DoDomainCheck implies to me at least.  Sometimes it's just one 
word that can make the difference, here for me it's "or."  My confusion 
stems from my thought that the sender address is checked fora valid MX OR 
for an A record like the description says.

DoDomainCheck
If activated, the sender address and each address found in the following 
header lines (ReturnReceipt:, Return-Receipt-To:, 
Disposition-Notification-To:, Return-Path:, Reply-To:, Sender:, 
Errors-To:, List-...:) is checked for a valid MX or A record. Scoring is 
done for non existing MX ( mxValencePB ) record and non existing A record 
( mxaValencePB ) - a messages fails (block), if both records are not 
found. If only an IP-address is found for a MX, the A record check fails, 
if the IP has no valid PTR and DoInvalidPTR is enabled.

The sender address is checked for MX, but it is not checked for an A - 
it's the MX record (which doesn't exist) that's being checked for the A.  
With my option 3, the A check for a missing MX wouldn't be done, but an A 
check for the hostname would.  If neither exists we could score pretty 
high.

What do you think?






On Wed, Apr 18, 2018 at 4:24 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
I can't find anything wrong. 

There is no MX record - and for this reason, there can't be an A record 
for the MX [MissingMXA] .
Remember - the A record check is done for the MX - not for anything else! 

Thomas




Von:        "K Post" <nntp.p...@gmail.com> 
An:        "ASSP development mailing list" <
assp-test@lists.sourceforge.net> 
Datum:        17.04.2018 22:24 
Betreff:        [Assp-test] Incorrect no A record 




I've got a constant problem with emails from woot.com (an Amazon.com 
company).   This has been going on at least for a month and I'm baffled 
(no surprise there :)  ) 
I've not seen this with any other sender, but it could be happening 
elsewhere and I just don't notice. 

Their mail from: is longstr...@bounces.woot.com 
This domain does not have a MX record set (surprising for Amazon), so it's 
scored  
This DOES have an A record though, but ASSP reports MissingMXA 


(only significant log lines shown) 
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com> 
to: ouru...@ourcharity.org woot.com - MX 'amazon-smtp.amazon.com' - got IP 
(207.171.188.180) 
Apr-17-18 15:34:58 74882-14329 [MissingMX] 54.240.15.37 <
longstr...@bounces.woot.com> to: ouru...@ourcharity.org [[scoring]] MX 
missing: bounces.woot.com (Mail From:) 
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com> 
to: ouru...@ourcharity.org Message-Score: added 10 (mxValencePB) for MX 
missing: bounces.woot.com (Mail From:), total score for this message is 
now 3 
Apr-17-18 15:34:58 74882-14329 [MissingMXA] 54.240.15.37 <
longstr...@bounces.woot.com> to: ouru...@ourcharity.org [[scoring]] A 
record missing: bounces.woot.com (Mail From:) 
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com> 
to: ouru...@ourcharity.org Message-Score: added 15 (mxaValencePB) for A 
record missing: bounces.woot.com (Mail From:), total score for this 
message is now 18 
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com> 
to: ouru...@ourcharity.org MX found: woot.com (From) -> 
amazon-smtp.amazon.com 
Apr-17-18 15:34:58 74882-14329 54.240.15.37 <longstr...@bounces.woot.com> 
to: ouru...@ourcharity.org A record found: woot.com (From) -> 
207.171.188.180 

I thought it might be a caching thing, but PTRCacheInterval and 
MXChacheInterval are both 0. 
I did an nslookup using the dns servers that ASSP uses and I get the A 
record for bounces.woot.com 

Any idea how this could be happening? 







------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot 
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test





DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test





DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to