Good point Thomas.
Here's an example of the log and the analyze output. If you have a second,
could you take a peek?
This is a from a message that shows a NP DKIM match in analyze but is still
rejected as spam. It's an ad for flowers and reads a whole lot like the
myriad of spam messages that we actually do want to reject (so I'm not
surprised by the HMM hit). This message is from a legitimate source
though, and they always DKIM sign, so I just wanted to put it to okmail
using DKIMNpAddresses.
I can't figure out why ASSP wouldn't be doing DKIMNPAddress for this one.
FYI, the other examples I saw of this were all when I had .domainname.com
(leading dot) in DKIMNPAddress, but in this example the identity is the
root domain and I have @domain.com in the list.
Apr-07-18 11:01:36 Connected: session:116EC328 140.X.Y.Z:26515 >
A.B.C.10:25 > A.B.C.11:25
Apr-07-18 11:01:37 140.X.Y.Z info: injected STARTTLS request to A.B.C.11
Apr-07-18 11:01:38 08637-54105 140.X.Y.Z <
[email protected]> to: [email protected]
*DKIM-Signature
found*
Apr-07-18 11:01:38 Info: enhanced Originated IP detection ignored IP's:
140.X.Y.Z
Apr-07-18 11:01:38 08637-54105 140.X.Y.Z <
[email protected]> to: [email protected]
Received-RWL: from (list.dnswl.org->127.0.15.0,trust=0-[none]
(category=Email Marketing Providers);) - high trust is 0-[none] -
client-ip=140.X.Y.Z
Apr-07-18 11:01:41 08637-54105 140.X.Y.Z <
[email protected]> to: [email protected] *HMM
Check [scoring] *- Prob: 0.99997 - Confidence: 0.00894 => confident.spam -
answer/query relation: 23% of 30
Apr-07-18 11:01:41 08637-54105 140.X.Y.Z <
[email protected]> to: [email protected]
Message-Score: *added 50 for HMM Probability: 0.99997, total score for this
message is now 50*
Apr-07-18 11:01:41 08637-54105 140.X.Y.Z <
[email protected]> to: [email protected]
deleting spamming safelisted tuplet: (142.0.81.0,bounce.domain.com) age: 4s
Apr-07-18 11:01:41 08637-54105 [MessageLimit] 140.X.Y.Z <
[email protected]> to: [email protected] *[spam
found] (MessageScore 50, limit 50) [*Flowers Today] ->
messages/spam/Flowers-Today--2128465.txt;
Apr-07-18 11:01:41 08637-54105 140.X.Y.Z <
[email protected]> to: [email protected] [SMTP
Error] 554 5.7.1 Error: Rejected email - unsolicited [08637-54105 116EC328]
Apr-07-18 11:01:41 08637-54105 140.X.Y.Z <
[email protected]> to: [email protected]
finished message - received DATA size: 51.49 kByte - sent DATA size: 0 Byte
Apr-07-18 11:01:41 08637-54105 140.X.Y.Z <
[email protected]> to: [email protected]
disconnected: session:116EC328 140.X.Y.Z - processing time 5 seconds
associated analyze
Feature Matching:
• DKIM-check returned OK verified-OK for identity '[email protected]'
• DKIM-identity match (@domain.com) in DKIMNPAddresses -> noprocessing
• SPF-check returned OK for 140.X.Y.Z ->
[email protected], smtp.some-listserv.net
• Received-SPF: pass (bounce.domain.com: Sender is authorized to use '
[email protected]' in 'mfrom' identity (mechanism
'include:senderdomain.com' matched)) receiver=assp.ourcharity.org;
identity=mailfrom; envelope-from="[email protected]";
helo=smtp.some-listserv.net; client-ip=140.X.Y.Z
• URIBL check: 'OK'
• Known Good HELO: 'smtp.some-listserv.net'
• Valid Format of HELO: 'smtp.some-listserv.net'
• IP in Helo check: 'OK'
• AUTH would be disabled
• RBLCacheCheck returned OK for 140.X.Y.Z: inserted as ok at 2018-04-08
10:31:00
• domain domain.com (in From) has a valid MX record:
domain-com.mail.protection.outlook.com
• domainMX domain-com.mail.protection.outlook.com has a valid A record:
216.32.x.y
• domain bounce.domain.com (in Mail From: , Errors-To , List-Unsubscribe)
has a valid MX record: bounce.some-listserv.net
• domainMX bounce.some-listserv.net has a valid A record: 145.x.y.z•
• 140.X.Y.Z PTR record via DNS: status=PTR OK - smtp.some-listserv.net
• 140.X.Y.Z is in RWLCache: status=not listed
• 140.X.Y.Z SenderBase: status=not classified, data=[CN=US, ORG=Some
Listerv]
Feature Matching Log:
Apr-08-18 11:51:38 Info: analyze detected: IP: '140.X.Y.Z' , HELO: '
smtp.some-listserv.net' , assp-Host: 'assp.ourcharity.org'
Apr-08-18 11:51:38 Info: enhanced Originated IP detection ignored IP's:
140.X.Y.Z
Apr-08-18 11:51:39 Info: found DKIM signature identity '[email protected]'
Apr-08-18 11:51:39 [email protected] [email protected],[email protected]
matches @domain.com in DKIMNPAddresses
Apr-08-18 11:51:39 [scoring] DKIM signature verified-OK - pass - identity
is: [email protected] - sender policy is: accept - author policy is: accept
- state changed to: noprocessing
Apr-08-18 11:51:42 Info: analyzing attachments in incoming email
On Sun, Apr 8, 2018 at 3:21 AM, Thomas Eckardt <[email protected]>
wrote:
> >Analyze shows:
>
> analyzer shows every feature match - but at runtime the DKIM check may be
> skipped for several reasons. The maillog.txt for the mail should show what
> happens.
>
> Thomas
>
>
>
>
>
> Von: "K Post" <[email protected]>
> An: "ASSP development mailing list" <[email protected].
> net>
> Datum: 07.04.2018 20:14
> Betreff: [Assp-test] Analyze shows DKIMNPAddress match as
> expected, but some messages still processed as spam?
> ------------------------------
>
>
>
>
> I have several listings in DKIMNPAddresses like:
> .*domain.org* <http://domain.org/> (with the leading dot)
> to allow a DKIM identity @<wildcard>.*domain.org* <http://domain.org/> to
> be tagged as no processing, but not just @*domain.org*
> <http://domain.org/>
>
> However, I've seen several examples where the mail is still flagged as
> spam (due hitting a limit, often no MX, no A and somewhat spammy content)
> even though the DKIM signature verifies. Analyze shows:
>
> • DKIM-check returned OK verified-OK for identity '@*reply.domain.org*
> <http://reply.domain.org/>'
> • DKIM-identity match (.*domain.org* <http://domain.org/>) in
> DKIMNPAddresses -> noprocessing
>
> Shouldn't this no processing flag just let the mail through? Maybe I'm
> not understanding?
>
> Overall DKIMNPAddresses is working beautifully and is a wonderful addition.
>
> Thanks.
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
