Ken, there is something wrong on your system.
>May-18-15 11:01:01 Info: whoisip_lookup '198.245.83.134' on 'ARIN' => ''
This line shows, that assp has no hostname for 'ARIN' lookups - "on 'ARIN'
=> ''" - it should be
May-18-15 11:01:01 Info: whoisip_lookup '198.245.83.134' on 'ARIN' => '
whois.arin.net'
This is NOT possible - the hostname for every IP_whois_registrar is
hardcoded, never changed and read in one single line.
our %whois_servers = (
'RIPE'=>'whois.ripe.net',
'APNIC'=>'whois.apnic.net',
'KRNIC'=>'whois.krnic.net',
'LACNIC'=>'whois.lacnic.net',
'ARIN'=>'whois.arin.net',
'AFRINIC'=>'whois.afrinic.net',
);
.......
my $lookup_host = $whois_servers{$registrar};
Don't ask - I don't know what happens.
Two thing you can do (try).
1. disable the ASSPSelfLoader module - simply rename it
2. disable DNSReuseSocket in the config
Thomas
Von: K Post <[email protected]>
An: ASSP development mailing list <[email protected]>
Datum: 19.05.2015 17:13
Betreff: Re: [Assp-test] More MX and A record lookup issues
Thanks Collin.
I've turned on debugSPF. The problem is that I only see this every once
in
a while. Will debugSPF cause huge logs or does that go to a separate
debug
file?
Any suggestion on how to debug DNS on WIndows? I don't think I can get
access to the servers themselves, but I can do whatever we need on this
Windows 2012 box.
Here's what I see in the log for this message with my notes in bold.
May-18-15 11:01:00 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] DKIM-Signature found
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] info: SenderBase - query using SenderBase
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] info: SenderBase - query using Whois
May-18-15 11:01:01 Info: whoisip_lookup '198.245.83.134' on 'ARIN' => ''
*nothing??*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] SenderBase -- used -- country: orgname: host:
mta6.e.hautelook.com *nothing??*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] [Scoring] SenderBase -- No CountryCode/Organization
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] checking MX/A for bounce.e.hautelook.com ,
e.nordstromrack.com
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] bounce.e.hautelook.com - no MX record found - () *no
mx??*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] e.nordstromrack.com - MX 'bounce-mx.exacttarget.com' -
got IP (66.231.91.54)
May-18-15 11:01:01 msg61260-00904 [MissingMX] 198.245.83.134 <
[email protected]> to:
[email protected] [[scoring]] MX missing: bounce.e.hautelook.com (Mail
From:)
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] Message-Score: added 10 (mxValencePB) for MX missing:
bounce.e.hautelook.com (Mail From:), total score for this message is now
10
May-18-15 11:01:01 msg61260-00904 [MissingMXA] 198.245.83.134 <
[email protected]> to:
[email protected] [[scoring]] A record missing: bounce.e.hautelook.com
(Mail From:) *NO A record??*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] deleting spamming safelisted tuplet: (198.245.83.0,
bounce.e.hautelook.com) age: 1s
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] Message-Score: added 15 (mxaValencePB) for A record
missing: bounce.e.hautelook.com (Mail From:), total score for this message
is now 25
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] MX found: e.nordstromrack.com (From , Reply-To) ->
bounce-mx.exacttarget.com *but it does find the MX record for the mail
from*
May-18-15 11:01:01 msg61260-00904 198.245.83.134 <
[email protected]> to:
[email protected] A record found: e.nordstromrack.com (From , Reply-To)
-> 66.231.91.54 and the *A record*
*Could this be a function of the mail-from differing from the from causing
a problem?*
On Tue, May 19, 2015 at 10:20 AM, Colin Waring <[email protected]>
wrote:
> You need debug logs and set something up to monitor your DNS traffic.
You
> need to be certain whether the issue is with ASSP handling DNS or your
DNS
> setup. This information is the only thing that will really let you track
> your issue down.
>
> All the best,
> Colin Waring.
>
> -----Original Message-----
> From: K Post [mailto:[email protected]]
> Sent: 19 May 2015 14:57
> To: ASSP development mailing list
> Subject: [Assp-test] More MX and A record lookup issues
>
> Running 15135 on a Windows 2012 box.
>
> I've got a message that was ultimately erroneously rejected due to total
> score. Contributing to this score is ASSP being (for some reason)
unable
> to find A or MX records for the sending IP. This isn't the first time
I've
> seen this. My last suggestion of potentially having ASSP retry dns
lookups
> if neither A or MX returns anything was dismissed as crazy. I don't
know
> what else to suggest. Here's what I'm seeing:
>
> In analyze everything looks great:
> • domain bounce.e.hautelook.com (in Mail From:) has a valid MX record:
> bounce-mx.exacttarget.com
> • domainMX bounce-mx.exacttarget.com has a valid A record: 66.231.91.54
•
> domain e.nordstromrack.com (in From , Reply-To) has a valid MX record:
> reply-mx.s6.exacttarget.com
> • domainMX reply-mx.s6.exacttarget.com has a valid A record:
> 198.245.82.46 • 198.245.83.134 SenderBase: status=white SenderBase,
> data=[CN=US, ORG=EXACTTARGET, DOM=hautelook.com, BLS=, HNM=Y, CIDR=20,
> HN= mta6.e.hautelook.com] Senderbase should have given a bonus, the A
and
> MX record is there, so it shouldn't have counted against the message.
>
> But in the message in the corpus, I see:
> X-ASSP-Message-Score: 10 (MX missing: bounce.e.hautelook.com (Mail
From:))
> X-ASSP-IP-Score: 10 (MX missing: bounce.e.hautelook.com (Mail From:))
> X-ASSP-Message-Score: 15 (A record missing: bounce.e.hautelook.com (Mail
> From:))
> X-ASSP-IP-Score: 15 (A record missing: bounce.e.hautelook.com (Mail
> From:)) Senderbase doesn't seem to have run either
>
> I see nothing else to indicate that the machine is having DNS problems
of
> any kind. It's looking to a set of internal DNS servers that are fast
and
> reliable - they're used for all of our servers and none of them have any
> dns issues.
>
> It's not light exacttarget, a major mailing company used by big
companies,
> temporarily removed the A and MX records for this hostname.
>
> Any idea of what could be going on and how to correct it? Could it be
> that this is happening to others but I'm the only one going through
almost
> every questionally blocked message by hand (hate this part)??
>
>
> Thanks
>
>
------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
Performance
> metrics, stats and reports that give you Actionable Insights Deep dive
> visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
