(no subject)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

(no subject)

Andy Knuts
The following spam mail passed ASSP:


Jul-18-16 13:30:01 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91 <[hidden email]> info: found message size announcement: 13.15 kByte
Jul-18-16 13:30:01 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91 <[hidden email]> Message-Score: added -10 (tlsValencePB) for SSL-TLS-connection-OK, total score for this message is now -10
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91 <[hidden email]> to: sales@<snip> DKIM-Signature found
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91 <[hidden email]> to: sales@<snip> Message-Score: added -2 for 65.54.61.0 in griplist (0.17), total score for this message is now -12
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91 <[hidden email]> to: sales@<snip> [scoring] (DKIM signature invalid) - public key: not available
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91 <[hidden email]> to: sales@<snip> info: domain hotmail.com has published a DMARC record
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91 <[hidden email]> to: sales@<snip> strictspf Regex: strictSPFRe '@hotmail.com'
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91 <[hidden email]> to: sales@<snip> [scoring] SPF: temperror ip=65.54.61.91 mailfrom=[hidden email] helo=SNT004-OMC2S40.hotmail.com
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91 <[hidden email]> to: sales@<snip> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now -7
Jul-18-16 13:30:05 m1-41401-04606 [Worker_4] [TLS-in] [MessageOK] 65.54.61.91 <[hidden email]> to: sales@<snip> message ok [Cost Efficient Plan for SEO]

As you can see it says "DKIM signature invalid" but it didn't add a score while dkimValencePB is set to 15 and DoDKIM is set to "score".
What setting am I missing in order to make it add the score?

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: (no subject)

Thomas Eckardt/eck
to score or block the DKIM-signature state must be 'failed' - here it is
only 'invalid', because the public key can't be read
for hotmail.com, this sounds like a DNS problem

Thomas





Von:    "Andy Knuts" <[hidden email]>
An:     [hidden email]
Datum:  18.07.2016 13:53
Betreff:        [Assp-user] (no subject)



The following spam mail passed ASSP:


Jul-18-16 13:30:01 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
<[hidden email]> info: found message size announcement: 13.15
kByte
Jul-18-16 13:30:01 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
<[hidden email]> Message-Score: added -10 (tlsValencePB) for
SSL-TLS-connection-OK, total score for this message is now -10
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
<[hidden email]> to: sales@<snip> DKIM-Signature found
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
<[hidden email]> to: sales@<snip> Message-Score: added -2 for
65.54.61.0 in griplist (0.17), total score for this message is now -12
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
<[hidden email]> to: sales@<snip> [scoring] (DKIM signature
invalid) - public key: not available
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
<[hidden email]> to: sales@<snip> info: domain hotmail.com has
published a DMARC record
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
<[hidden email]> to: sales@<snip> strictspf Regex: strictSPFRe
'@hotmail.com'
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
<[hidden email]> to: sales@<snip> [scoring] SPF: temperror
ip=65.54.61.91 mailfrom=[hidden email]
helo=SNT004-OMC2S40.hotmail.com
Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
<[hidden email]> to: sales@<snip> Message-Score: added 5
(spfeValencePB) for SPF temperror, total score for this message is now -7
Jul-18-16 13:30:05 m1-41401-04606 [Worker_4] [TLS-in] [MessageOK]
65.54.61.91 <[hidden email]> to: sales@<snip> message ok [Cost
Efficient Plan for SEO]

As you can see it says "DKIM signature invalid" but it didn't add a score
while dkimValencePB is set to 15 and DoDKIM is set to "score".
What setting am I missing in order to make it add the score?

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: (no subject)

Andy Knuts
In reply to this post by Andy Knuts
Yes, it looks like ASSP is having DNS issues. No idea why.
I'm using two local DNS servers and they seem to work fine for every request I sent..

Just noticed this:

Jul-18-16 15:12:42 m1-47562-09834 [Worker_1] [TLS-in] 157.55.1.150 <[hidden email]> to: snip [scoring] SPF: temperror ip=157.55.1.150 mailfrom=[hidden email] helo=DUB004-OMC2S11.hotmail.com

So it was unable to get SPF records for hotmail.com while they are there if I check manually.


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 14:33:19
+0100
Subject: Re: [Assp-user] (no subject)


> to score or block the DKIM-signature state must be 'failed' - here it is
> only 'invalid', because the public key can't be read
> for hotmail.com, this sounds like a DNS problem
>
> Thomas
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     [hidden email]
> Datum:  18.07.2016 13:53
> Betreff:        [Assp-user] (no subject)
>
>
>
> The following spam mail passed ASSP:
>
>
> Jul-18-16 13:30:01 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
> <[hidden email]> info: found message size announcement: 13.15
> kByte
> Jul-18-16 13:30:01 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
> <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> SSL-TLS-connection-OK, total score for this message is now -10
> Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
> <[hidden email]> to: sales@<snip> DKIM-Signature found
> Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
> <[hidden email]> to: sales@<snip> Message-Score: added -2 for
> 65.54.61.0 in griplist (0.17), total score for this message is now -12
> Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
> <[hidden email]> to: sales@<snip> [scoring] (DKIM signature
> invalid) - public key: not available
> Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
> <[hidden email]> to: sales@<snip> info: domain hotmail.com has
> published a DMARC record
> Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
> <[hidden email]> to: sales@<snip> strictspf Regex: strictSPFRe
> '@hotmail.com'
> Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
> <[hidden email]> to: sales@<snip> [scoring] SPF: temperror
> ip=65.54.61.91 mailfrom=[hidden email]
> helo=SNT004-OMC2S40.hotmail.com
> Jul-18-16 13:30:02 m1-41401-04606 [Worker_4] [TLS-in] 65.54.61.91
> <[hidden email]> to: sales@<snip> Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now -7
> Jul-18-16 13:30:05 m1-41401-04606 [Worker_4] [TLS-in] [MessageOK]
> 65.54.61.91 <[hidden email]> to: sales@<snip> message ok [Cost
> Efficient Plan for SEO]
>
> As you can see it says "DKIM signature invalid" but it didn't add a score
> while dkimValencePB is set to 15 and DoDKIM is set to "score".
> What setting am I missing in order to make it add the score?
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user