How to deal with this spam?
Shawn Iverson
iversons at rushville.k12.in.us
Mon Jun 19 19:59:26 UTC 2017
The expletives in the email are a sure way to flag this one. A
spamassassin rule to find these words would do the trick nicely.
On Mon, Jun 19, 2017 at 1:44 PM, Gao <gao at pztop.com> wrote:
> Hi,
>
> This spam message get a low score so it delivered to the user. Is there a
> way to let spamassassin catch it?
>
> Here is the spam mail:
>
> Return-Path: <magnaflow at webmail.md>
> X-Original-To: gjv at mydomain.com
> Delivered-To: gjv at mydomain.com
> Received: by zeta.mydomain.com (Postfix, from userid 5001)
> id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT)
> Received-SPF: none (webmail.md: No applicable sender policy available)
> receiver=zeta.mydomain.com; identity=mailfrom;
> envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp;
> client-ip=157.7.104.43
> Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp
> [157.7.104.43])
> (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
> bits))
> (No client certificate requested)
> by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4
> for <gjv at mydomain.com>; Sun, 18 Jun 2017 19:03:00 -0700 (PDT)
> Received: from smtp-proxy002.phy.lolipop.lan (HELO
> smtp-proxy002.phy.lolipop.jp) (172.19.44.43)
> (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism login)
> by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun
> 2017 11:02:57 +0900
> Received: from 127.0.0.1 (127.0.0.1)
> by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure);
> Mon, 19 Jun 2017 11:02:39 +0900 (JST)
> X-Virus-Status: clean(LOLIPOP-Fsecure)
> Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md>
> From: "FUCK EXPRESS" <magnaflow at webmail.md>
> To: <andrewv at pxxxxxxxxxxco.com>,
> <kcmp at kxxxxxxxxxv.us>,
> <gjv at mydomain.com>,
> <entitlementservices at xxxxx.com>,
> <speechsc at ixxxxxxxxorg>,
> <secretary at probxxxxxxxxxx.org>,
> <sanne.gruter at txxxxxxxxxxxce.com.au>
> Subject: Easily find girlfriend for sex!
> Date: Mon, 19 Jun 2017 05:02:54 +0300
> MIME-Version: 1.0
> Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff"
> X-mydomain-MailScanner-Information: Please contact the IT Administrator
> for more information
> X-mydomain-MailScanner-ID: 094292061FFD4.AE63B
> X-mydomain-MailScanner: Found to be clean
> X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90,
> HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00)
> X-mydomain-MailScanner-From: magnaflow at webmail.md
> X-Spam-Status: No
>
> This is a multi-part message in MIME format.
>
> --a2cbdfb6b071a510d6e2b2b00cff
> Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e294
> 79934d6b"
>
>
> --1fbddb9e7f6b2eb9e29479934d6b
> Content-Type: text/plain; charset="windows-1251"
> Content-Transfer-Encoding: quoted-printable
>
> Fast f*ck with milfs- https://t.co/FqPPs0hQkH
>
> kx uij bcw g bea qqg
>
> ggxy wjg uyc tnseu y b
>
> arxp u gnv w uhqiq udooz
>
> aaazs i lwcfv gxfgd i lisd
>
> tatx gg old pe dyc byd
>
> sxpto rpq ggmwn j z rpora
>
> o tv ssib tr wsp ujlt
>
> ozec aa t sv ccxnn tr
>
> pqdz aqw yh wic xsza iwmg
>
> rqb fqrsg mx sk gawxi qe
>
> ckxbc yvbte xw ibpdd f os
>
> ph di grc c hid wgniy
>
> wru m w anvvs ipxq fvcxi
>
> k rlf xyyu s xqe l
>
> borvo cdke c k gmxu glmg
>
> pokm zbv nscf b x ufr
>
> hgx yig fnzg fdey sw d
>
> uh avrl nx u aheur aqvwk
>
> vrr rv i eac b zaoj
> xubkp snnyh qvq dwmln wmgjy g
>
> nld m hosy zd emvec jhn
>
> ik tdh z zp a hn
>
> dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GD
> SP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/
> fAo/syx/wCfSD/vgUe/
> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/
> 6iGOP/AHVAqenGLV2+
> oSd9j//Z
>
> --a2cbdfb6b071a510d6e2b2b00cff--
>
>
> xa l ti dxu jsli xmane
>
> h rlu guxa e rkj lhgwl
>
> cwkcw enz w bk c am
>
> iomc ucvu adgy wcw r xskr
>
> lm pjbsa rbn mtos x c
>
> lnt cfjpk wlp gy ui yfa
>
> tl rdnzq j yupgu tjwdj q
>
> f vm pmw rjc es st
>
> xxsw ds qyu wcyul cdoa peugp
>
> jiii f vjlbg eles nfag qxnp
>
> qkvno qm fw hx ggzc tpov
>
> ti fr wt li lnnfd x
>
> ctdp nt vty grgxq wxwdv wgdf
>
> oeb gmqay hvhyk elx tup d
>
> jxk dsvd wb x d m
>
> ss kl bt syx ab x
> ...
>
> cj ct wss k mjux neo
>
> cr wevkg brh duerg zrs gdus
>
> r l t nw w w
>
> k c fhznn leo g eb
>
> sdn tkfg yz lx fy f
>
> vudw wxecl ojysm kisy yaqin lngmc
>
> nhhnu rp tv a bzm gpzo
>
> --1fbddb9e7f6b2eb9e29479934d6b
> Content-Type: text/html; charset="windows-1251"
> Content-Transfer-Encoding: quoted-printable
>
> <HTML><HEAD>
> <META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows=
> -1251">
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV align=3Dleft><FONT size=3D2 face=3DArial>Fast f*ck with milfs- <A=20
> href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH</A></FONT></DIV>
> <DIV align=3Dleft><A href=3D"https://t.co/FqPPs0hQkH"><IMG border=3D0 hsp=
> ace=3D0=20
> alt=3D""=20
> src=3D"cid:7C746E7653B2443F8259615B684B2515 at webmail.md"></A></DIV>
> <DIV align=3Dleft>
> <DIV align=3Dleft>
> <DIV align=3Dleft><FONT color=3D#dfecf7>kx=20
> uij bcw g=20
> bea qqg</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>ggxy=20
> wjg uyc tnseu=20
> y b</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>arxp=20
> u gnv w=20
> uhqiq udooz</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>aaazs=20
> i lwcfv gxfgd=20
> i lisd</FONT></DIV>
> <DIV align=3Dleft>
> <DIV align=3Dleft>
> <DIV align=3Dleft><FONT color=3D#dfecf7>tatx=20
> gg old pe=20
> dyc byd</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
> rpq ggmwn j=20
> z rpora</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
> rpq ggmwn j=20
> z rpora</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>o=20
> tv ssib tr=20
> wsp ujlt</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>ozec=20
> aa t sv=20
> ccxnn tr</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>pqdz=20
> aqw yh wic=20
> xsza iwmg</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>rqb=20
> fqrsg mx sk=20
> gawxi qe</FONT></DIV>
> <DIV align=3Dleft>
> <DIV align=3Dleft>
> <DIV align=3Dleft><FONT color=3D#dfecf7>ckxbc=20
> yvbte xw ibpdd=20
> f os</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>ph=20
> di grc c=20
> hid wgniy</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>wru=20
> m w anvvs=20
> ipxq fvcxi</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>k=20
> rlf xyyu s=20
> xqe l</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>borvo=20
> cdke c k=20
> gmxu glmg</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>pokm=20
> zbv nscf b=20
> x ufr</FONT></DIV>
> <DIV align=3Dleft>
> <DIV align=3Dleft>
> <DIV align=3Dleft><FONT color=3D#dfecf7>hgx=205/0MGkf+
> Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/
> fAo/syx/wCfSD/vgUe/
> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/
> 6iGOP/AHVAqenGLV2+
> oSd9j//Z
>
> --a2cbdfb6b071a510d6e2b2b00cff--
>
> yig fnzg fdey=20
> sw d</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>uh=20
> avrl nx u=20
> aheur aqvwk</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>vrr=20
> rv i eac=20
> b zaoj</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>xubkp=20
> snnyh qvq dwmln=20
> wmgjy g</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
> wxecl ojysm kisy=20
> yaqin lngmc</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
> rp tv a=20
> bzm=20
> gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
> DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
> IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
> V></DIV></DIV></BODY></HTML>
>
> --1fbddb9e7f6b2eb9e29479934d6b--
>
> --a2cbdfb6b071a510d6e2b2b00cff
> Content-Type: image/jpeg; name="zawly.jpg"
> Content-Transfer-Encoding: base64
> Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md>
>
> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4w
> ICh1c2luZyBJSkcg
> SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQ
> CgoJCQoUDg8MEBcU
> GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcK
> CAoTCgoTKBoWGigo
>
>
> <DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
> wxecl ojysm kisy=20
> yaqin lngmc</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
> rp tv a=20
> bzm=20
> gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
> DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
> IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
> V></DIV></DIV></BODY></HTML>
>
> --1fbddb9e7f6b2eb9e29479934d6b--
>
> --a2cbdfb6b071a510d6e2b2b00cff
> Content-Type: image/jpeg; name="zawly.jpg"
> Content-Transfer-Encoding: base64
> Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md>
>
> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4w
> ICh1c2luZyBJSkcg
> SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQ
> CgoJCQoUDg8MEBcU
> GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcK
> CAoTCgoTKBoWGigo
> ......
> 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59
> IP8AvgUe/wCQe55l
> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/
> fAo/syx/wCfSD/vgUe/
> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/
> 6iGOP/AHVAqenGLV2+
> oSd9j//Z
>
> --a2cbdfb6b071a510d6e2b2b00cff--
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x271
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170619/9c4bee2f/attachment.html>
More information about the MailScanner
mailing list