"DKIM none" scoring - why assp thinks email should have dkim?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

"DKIM none" scoring - why assp thinks email should have dkim?

krzf83@gmail.com
I can't figure out why this email was cought by dkim test. It does not
have dkim signature so why assp thinks its absolutely supposed to have
one? (X-Assp-Message-Score: 100 (DKIM none)) ? Neither domain in
envelope from nor From header has dmarc policy other than none (gmail
has none). Mail analiser does not provide any info about dkim.

>From [hidden email] Mon Jul 11 20:36:09 2016
Received: from [127.0.0.1] (port=45991 helo=smtp.aa.eu)
by smtp.aa.eu with smtp (Exim 4.86_2)
(envelope-from <[hidden email]>)
id 1bMg3t-0003Nv-AY
for [hidden email]; Mon, 11 Jul 2016 20:36:09 +0200
Received: from mail-wm0-f44.google.com ([74.125.82.44]
helo=mail-wm0-f44.google.com)
by smtp.aa.eu with SMTPS(TLSv1_2 ECDHE-RSA-AES128-GCM-SHA256) (2.4.4);
11 Jul 2016 20:36:01 +0200
Received: by mail-wm0-f44.google.com with SMTP id f126so101352015wma.1
        for <[hidden email]>; Mon, 11 Jul 2016 11:36:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:to:subject:date:message-id:mime-version
         :thread-index:content-language;
        bh=ijmjd431SFINGuMPGLKFTshtJ7BgqcIzbPeB48sreBU=;
        b=ggOyW6d646aWsCOf0RJORx3+H18mgndPYfpczCjq0W502dslXAv/zgdI5VoUaVkJTl
         tl3duVo2gRxtwoCZMfHuDvyYgxR4g6Ll7PXVPKDpgOPfdAFlGeaVffxvbDEMGWeJCUvL
         biOXon0GrqzsfEYGx2iPN7YyFpnAsoi8CSfLvx21X8VHcrEP4wIpza0ntQi1osOcXI75
         T41w6F9dnYyTMw+utcfnArkEL2sjJ/kRxuU3z9aDYvp1NYQrKT0JOhCfWsjxJdirptFm
         0AnuoZ1xWLpZPEOxZzqTPy5ZfQsT6G2RgifCbh2aC8rFbwkQMXONRubsy08owX3fKDsF
         d/7g==
X-Gm-Message-State:
ALyK8tI6p8WgE+beNJigUlC64XXbpEK+VXiJdvuaKfYlen+8q2sblC2M5vTgTSxHltFiCw==
X-Received: by 10.28.128.207 with SMTP id b198mr16677425wmd.56.1468262161077;
        Mon, 11 Jul 2016 11:36:01 -0700 (PDT)
Received: from Dellicjusz ([13.15.176.19])
        by smtp.gmail.com with ESMTPSA id qp8sm1103199wjc.46.2016.07.11.11.35.54
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 11 Jul 2016 11:35:59 -0700 (PDT)
From: "aa aa, Grupa aa.pl" <[hidden email]>
To: <[hidden email]>
Subject: +SPAM+
=?iso-8859-2?Q?=22Biblia_e-biznesu_2=22_ju=BF_po_sk=B3adzie_-_pro=B6b?=
=?iso-8859-2?Q?a_o_przejrzenie_i_ostatnie_ewentualne_mikro-poprawki?=
Date: Mon, 11 Jul 2016 20:36:02 +0200
Message-ID: <010801d1dba3$16217a60$42646f20$@aa.pl>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0109_01D1DBB3.D9B4D1B0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdHbn4SDC+u7nsO+TESMWLCC7o+0LA==
Content-Language: pl
X-Assp-ID: smtp.aa.eu 62163-328823
X-Assp-Session: 7F9638EFEB58 (mail 1)
X-Assp-Detected-RIP: 13.15.176.19
X-Assp-Source-IP: 13.15.176.19
X-Assp-Version: 2.4.4(15106) on smtp.aa.eu
X-Assp-Client-TLS: yes
X-Assp-Delay: not delayed (74.125.82.44 in noDelay ); 11 Jul 2016
20:36:03 +0200
X-Assp-Message-Score: -10 (74.125.82.0 in griplist (0.09))
X-Assp-Message-Score: -5 (SPF pass)
X-Assp-IP-Score: -5 (SPF pass)
X-Original-Authentication-Results: smtp.aa.eu; spf=pass dkim=none
X-Assp-Message-Score: 100 (DKIM none)
X-Assp-IP-Score: 100 (DKIM none)
X-Assp-Tag: MessageLimit
X-Assp-allLoveBaysSpam: 1
X-Assp-allLoveMXASpam: 1
X-Assp-allLovePTRSpam: 1
X-Assp-allLoveRBLSpam: 1
X-Assp-allLoveSPFSpam: 1
X-Assp-allLoveSpam: 1
X-Assp-Spam: YES
X-Spam-Status:yes
X-Assp-Spam-Reason: MessageScore 85, limit 50
X-Assp-Message-Totalscore: 85
X-Assp-Intended-For: [hidden email]
X-Assp-Copy-Spam: Yes

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: "DKIM none" scoring - why assp thinks email should have dkim?

Peter Hinman
I can see that a X-Google-DKIM-Signature: header is included in the
message, but not a DKIM-Signature: header.  I expect that the
X-Google-DKIM-Signature: header like all X headers is an internal only
type of header.  Because the DKIM-Signature header is missing and google
publishes a DKIM key (in DNS), ASSP correctly flags the email as missing
an expected DKIM signature.

Peter

On 7/12/2016 12:10 PM, [hidden email] wrote:

> I can't figure out why this email was cought by dkim test. It does not
> have dkim signature so why assp thinks its absolutely supposed to have
> one? (X-Assp-Message-Score: 100 (DKIM none)) ? Neither domain in
> envelope from nor From header has dmarc policy other than none (gmail
> has none). Mail analiser does not provide any info about dkim.
>
> >From [hidden email] Mon Jul 11 20:36:09 2016
> Received: from [127.0.0.1] (port=45991 helo=smtp.aa.eu)
> by smtp.aa.eu with smtp (Exim 4.86_2)
> (envelope-from <[hidden email]>)
> id 1bMg3t-0003Nv-AY
> for [hidden email]; Mon, 11 Jul 2016 20:36:09 +0200
> Received: from mail-wm0-f44.google.com ([74.125.82.44]
> helo=mail-wm0-f44.google.com)
> by smtp.aa.eu with SMTPS(TLSv1_2 ECDHE-RSA-AES128-GCM-SHA256) (2.4.4);
> 11 Jul 2016 20:36:01 +0200
> Received: by mail-wm0-f44.google.com with SMTP id f126so101352015wma.1
>          for <[hidden email]>; Mon, 11 Jul 2016 11:36:03 -0700 (PDT)
> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>          d=1e100.net; s=20130820;
>          h=x-gm-message-state:from:to:subject:date:message-id:mime-version
>           :thread-index:content-language;
>          bh=ijmjd431SFINGuMPGLKFTshtJ7BgqcIzbPeB48sreBU=;
>          b=ggOyW6d646aWsCOf0RJORx3+H18mgndPYfpczCjq0W502dslXAv/zgdI5VoUaVkJTl
>           tl3duVo2gRxtwoCZMfHuDvyYgxR4g6Ll7PXVPKDpgOPfdAFlGeaVffxvbDEMGWeJCUvL
>           biOXon0GrqzsfEYGx2iPN7YyFpnAsoi8CSfLvx21X8VHcrEP4wIpza0ntQi1osOcXI75
>           T41w6F9dnYyTMw+utcfnArkEL2sjJ/kRxuU3z9aDYvp1NYQrKT0JOhCfWsjxJdirptFm
>           0AnuoZ1xWLpZPEOxZzqTPy5ZfQsT6G2RgifCbh2aC8rFbwkQMXONRubsy08owX3fKDsF
>           d/7g==
> X-Gm-Message-State:
> ALyK8tI6p8WgE+beNJigUlC64XXbpEK+VXiJdvuaKfYlen+8q2sblC2M5vTgTSxHltFiCw==
> X-Received: by 10.28.128.207 with SMTP id b198mr16677425wmd.56.1468262161077;
>          Mon, 11 Jul 2016 11:36:01 -0700 (PDT)
> Received: from Dellicjusz ([13.15.176.19])
>          by smtp.gmail.com with ESMTPSA id qp8sm1103199wjc.46.2016.07.11.11.35.54
>          (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>          Mon, 11 Jul 2016 11:35:59 -0700 (PDT)
> From: "aa aa, Grupa aa.pl" <[hidden email]>
> To: <[hidden email]>
> Subject: +SPAM+
> =?iso-8859-2?Q?=22Biblia_e-biznesu_2=22_ju=BF_po_sk=B3adzie_-_pro=B6b?=
> =?iso-8859-2?Q?a_o_przejrzenie_i_ostatnie_ewentualne_mikro-poprawki?=
> Date: Mon, 11 Jul 2016 20:36:02 +0200
> Message-ID: <010801d1dba3$16217a60$42646f20$@aa.pl>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----=_NextPart_000_0109_01D1DBB3.D9B4D1B0"
> X-Mailer: Microsoft Outlook 14.0
> Thread-Index: AdHbn4SDC+u7nsO+TESMWLCC7o+0LA==
> Content-Language: pl
> X-Assp-ID: smtp.aa.eu 62163-328823
> X-Assp-Session: 7F9638EFEB58 (mail 1)
> X-Assp-Detected-RIP: 13.15.176.19
> X-Assp-Source-IP: 13.15.176.19
> X-Assp-Version: 2.4.4(15106) on smtp.aa.eu
> X-Assp-Client-TLS: yes
> X-Assp-Delay: not delayed (74.125.82.44 in noDelay ); 11 Jul 2016
> 20:36:03 +0200
> X-Assp-Message-Score: -10 (74.125.82.0 in griplist (0.09))
> X-Assp-Message-Score: -5 (SPF pass)
> X-Assp-IP-Score: -5 (SPF pass)
> X-Original-Authentication-Results: smtp.aa.eu; spf=pass dkim=none
> X-Assp-Message-Score: 100 (DKIM none)
> X-Assp-IP-Score: 100 (DKIM none)
> X-Assp-Tag: MessageLimit
> X-Assp-allLoveBaysSpam: 1
> X-Assp-allLoveMXASpam: 1
> X-Assp-allLovePTRSpam: 1
> X-Assp-allLoveRBLSpam: 1
> X-Assp-allLoveSPFSpam: 1
> X-Assp-allLoveSpam: 1
> X-Assp-Spam: YES
> X-Spam-Status:yes
> X-Assp-Spam-Reason: MessageScore 85, limit 50
> X-Assp-Message-Totalscore: 85
> X-Assp-Intended-For: [hidden email]
> X-Assp-Copy-Spam: Yes
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user



------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: "DKIM none" scoring - why assp thinks email should have dkim?

Thomas Eckardt/eck
In reply to this post by krzf83@gmail.com
>X-Assp-Version: 2.4.4(15106) on smtp.aa.eu

?????????????????????????????????????????????????

Thomas



Von:    "[hidden email] " <[hidden email]>
An:     For Users of ASSP <[hidden email]>
Datum:  12.07.2016 20:13
Betreff:        [Assp-user] "DKIM none" scoring - why assp thinks email
should have     dkim?



I can't figure out why this email was cought by dkim test. It does not
have dkim signature so why assp thinks its absolutely supposed to have
one? (X-Assp-Message-Score: 100 (DKIM none)) ? Neither domain in
envelope from nor From header has dmarc policy other than none (gmail
has none). Mail analiser does not provide any info about dkim.

>From [hidden email] Mon Jul 11 20:36:09 2016
Received: from [127.0.0.1] (port=45991 helo=smtp.aa.eu)
by smtp.aa.eu with smtp (Exim 4.86_2)
(envelope-from <[hidden email]>)
id 1bMg3t-0003Nv-AY
for [hidden email]; Mon, 11 Jul 2016 20:36:09 +0200
Received: from mail-wm0-f44.google.com ([74.125.82.44]
helo=mail-wm0-f44.google.com)
by smtp.aa.eu with SMTPS(TLSv1_2 ECDHE-RSA-AES128-GCM-SHA256) (2.4.4);
11 Jul 2016 20:36:01 +0200
Received: by mail-wm0-f44.google.com with SMTP id f126so101352015wma.1
        for <[hidden email]>; Mon, 11 Jul 2016 11:36:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:to:subject:date:message-id:mime-version
         :thread-index:content-language;
        bh=ijmjd431SFINGuMPGLKFTshtJ7BgqcIzbPeB48sreBU=;
 b=ggOyW6d646aWsCOf0RJORx3+H18mgndPYfpczCjq0W502dslXAv/zgdI5VoUaVkJTl
 tl3duVo2gRxtwoCZMfHuDvyYgxR4g6Ll7PXVPKDpgOPfdAFlGeaVffxvbDEMGWeJCUvL
 biOXon0GrqzsfEYGx2iPN7YyFpnAsoi8CSfLvx21X8VHcrEP4wIpza0ntQi1osOcXI75
 T41w6F9dnYyTMw+utcfnArkEL2sjJ/kRxuU3z9aDYvp1NYQrKT0JOhCfWsjxJdirptFm
 0AnuoZ1xWLpZPEOxZzqTPy5ZfQsT6G2RgifCbh2aC8rFbwkQMXONRubsy08owX3fKDsF
         d/7g==
X-Gm-Message-State:
ALyK8tI6p8WgE+beNJigUlC64XXbpEK+VXiJdvuaKfYlen+8q2sblC2M5vTgTSxHltFiCw==
X-Received: by 10.28.128.207 with SMTP id
b198mr16677425wmd.56.1468262161077;
        Mon, 11 Jul 2016 11:36:01 -0700 (PDT)
Received: from Dellicjusz ([13.15.176.19])
        by smtp.gmail.com with ESMTPSA id
qp8sm1103199wjc.46.2016.07.11.11.35.54
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 11 Jul 2016 11:35:59 -0700 (PDT)
From: "aa aa, Grupa aa.pl" <[hidden email]>
To: <[hidden email]>
Subject: +SPAM+
=?iso-8859-2?Q?=22Biblia_e-biznesu_2=22_ju=BF_po_sk=B3adzie_-_pro=B6b?=
=?iso-8859-2?Q?a_o_przejrzenie_i_ostatnie_ewentualne_mikro-poprawki?=
Date: Mon, 11 Jul 2016 20:36:02 +0200
Message-ID: <010801d1dba3$16217a60$42646f20$@aa.pl>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0109_01D1DBB3.D9B4D1B0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdHbn4SDC+u7nsO+TESMWLCC7o+0LA==
Content-Language: pl
X-Assp-ID: smtp.aa.eu 62163-328823
X-Assp-Session: 7F9638EFEB58 (mail 1)
X-Assp-Detected-RIP: 13.15.176.19
X-Assp-Source-IP: 13.15.176.19
X-Assp-Version: 2.4.4(15106) on smtp.aa.eu
X-Assp-Client-TLS: yes
X-Assp-Delay: not delayed (74.125.82.44 in noDelay ); 11 Jul 2016
20:36:03 +0200
X-Assp-Message-Score: -10 (74.125.82.0 in griplist (0.09))
X-Assp-Message-Score: -5 (SPF pass)
X-Assp-IP-Score: -5 (SPF pass)
X-Original-Authentication-Results: smtp.aa.eu; spf=pass dkim=none
X-Assp-Message-Score: 100 (DKIM none)
X-Assp-IP-Score: 100 (DKIM none)
X-Assp-Tag: MessageLimit
X-Assp-allLoveBaysSpam: 1
X-Assp-allLoveMXASpam: 1
X-Assp-allLovePTRSpam: 1
X-Assp-allLoveRBLSpam: 1
X-Assp-allLoveSPFSpam: 1
X-Assp-allLoveSpam: 1
X-Assp-Spam: YES
X-Spam-Status:yes
X-Assp-Spam-Reason: MessageScore 85, limit 50
X-Assp-Message-Totalscore: 85
X-Assp-Intended-For: [hidden email]
X-Assp-Copy-Spam: Yes

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: "DKIM none" scoring - why assp thinks email should have dkim?

krzf83@gmail.com
2016-07-13 6:53 GMT+02:00 Thomas Eckardt <[hidden email]>:
>>X-Assp-Version: 2.4.4(15106) on smtp.aa.eu
>
> ?????????????????????????????????????????????????
>
> Thomas
>

Why all the ???? I'm too scared of upgrading assp due to so many new
bugs and backward incompatibile changes showing up every time I do
that :( I do backport some fixes manualy using csv repo.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user