How to deal with this spam?

Paul Scott sales at edenusa.com
Thu Jun 22 18:06:49 UTC 2017 

As of late, there has been a massive increase in the amount of spam coming in.  I’ve tightened down the Spamassassin required hits from 6 to 3, and the load has not lighted up.

I also cleared the SpamAssassin DB using the sa-learn –clear command.

Also added zen.spamhaus.org to a small list of RBLs I use (the other two are CBL-Abuseat and Spamcop).

Any suggestions on what I might do, or check into to help reduce the huge amount of spam coming in?

Sincerely,

Paul Scott, Engineer
Eden USA, Incorporated
Event Production Services Since 1995
Los Angeles-Las Vegas-New York
sales at edenusa.com<mailto:sales at edenusa.com> OR edenusasales at gmail.com<mailto:edenusasales at gmail.com>
Telephone(s): 866.501.3336 OR 951.505.6967
Fax: 866.502.3336

WEBSITE: https://www.edenusa.com
FACEBOOK: http://www.facebook.com/edenusainc

From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Monday, June 19, 2017 12:59 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: How to deal with this spam?

The expletives in the email are a sure way to flag this one.  A spamassassin rule to find these words would do the trick nicely.



On Mon, Jun 19, 2017 at 1:44 PM, Gao <gao at pztop.com<mailto:gao at pztop.com>> wrote:
Hi,

This spam message get a low score so it delivered to the user. Is there a way to let spamassassin catch it?

Here is the spam mail:

Return-Path: <magnaflow at webmail.md<mailto:magnaflow at webmail.md>>
X-Original-To: gjv at mydomain.com<mailto:gjv at mydomain.com>
Delivered-To: gjv at mydomain.com<mailto:gjv at mydomain.com>
Received: by zeta.mydomain.com<http://zeta.mydomain.com> (Postfix, from userid 5001)
        id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT)
Received-SPF: none (webmail.md<http://webmail.md>: No applicable sender policy available) receiver=zeta.mydomain.com<http://zeta.mydomain.com>; identity=mailfrom; envelope-from="magnaflow at webmail.md<http://il.md>"; helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43
Received: from smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp> (smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp> [157.7.104.43])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by zeta.mydomain.com<http://zeta.mydomain.com> (Postfix) with ESMTPS id 094292061FFD4
        for <gjv at mydomain.com<mailto:gjv at mydomain.com>>; Sun, 18 Jun 2017 19:03:00 -0700 (PDT)
Received: from smtp-proxy002.phy.lolipop.lan (HELO smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp>) (172.19.44.43)
  (smtp-auth username infallible-man at ojikan-haishaku.net<mailto:infallible-man at ojikan-haishaku.net>, mechanism login)
  by smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp> (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun 2017 11:02:57 +0900
Received: from 127.0.0.1 (127.0.0.1)
 by smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp> (LOLIPOP-Fsecure);
 Mon, 19 Jun 2017 11:02:39 +0900 (JST)
X-Virus-Status: clean(LOLIPOP-Fsecure)
Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md<mailto:9A6 at webmail.md>>
From: "FUCK EXPRESS" <magnaflow at webmail.md<mailto:magnaflow at webmail.md>>
To: <andrewv at pxxxxxxxxxxco.com<mailto:andrewv at pxxxxxxxxxxco.com>>,
         <kcmp at kxxxxxxxxxv.us<mailto:kcmp at kxxxxxxxxxv.us>>,
         <gjv at mydomain.com<mailto:gjv at mydomain.com>>,
         <entitlementservices at xxxxx.co<mailto:entitlementservices at xxxxx.co>m>,
         <speechsc at ixxxxxxxxorg>,
         <secretary at probxxxxxxxxxx.org<mailto:secretary at probxxxxxxxxxx.org>>,
         <sanne.gruter at txxxxxxxxxxxce.com.au<mailto:sanne.gruter at txxxxxxxxxxxce.com.au>>
Subject: Easily find girlfriend for sex!
Date: Mon, 19 Jun 2017 05:02:54 +0300
MIME-Version: 1.0
Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff"
X-mydomain-MailScanner-Information: Please contact the IT Administrator for more information
X-mydomain-MailScanner-ID: 094292061FFD4.AE63B
X-mydomain-MailScanner: Found to be clean
X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
        score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90,
        HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00)
X-mydomain-MailScanner-From: magnaflow at webmail.md<mailto:magnaflow at webmail.md>
X-Spam-Status: No

This is a multi-part message in MIME format.

--a2cbdfb6b071a510d6e2b2b00cff
Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e29479934d6b"


--1fbddb9e7f6b2eb9e29479934d6b
Content-Type: text/plain; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

Fast f*ck with milfs- https://t.co/FqPPs0hQkH

kx uij bcw g bea qqg

ggxy wjg uyc tnseu y b

arxp u gnv w uhqiq udooz

aaazs i lwcfv gxfgd i lisd

tatx gg old pe dyc byd

sxpto rpq ggmwn j z rpora

o tv ssib tr wsp ujlt

ozec aa t sv ccxnn tr

pqdz aqw yh wic xsza iwmg

rqb fqrsg mx sk gawxi qe

ckxbc yvbte xw ibpdd f os

ph di grc c hid wgniy

wru m w anvvs ipxq fvcxi

k rlf xyyu s xqe l

borvo cdke c k gmxu glmg

pokm zbv nscf b x ufr

hgx yig fnzg fdey sw d

uh avrl nx u aheur aqvwk

vrr rv i eac b zaoj
xubkp snnyh qvq dwmln wmgjy g

nld m hosy zd emvec jhn

ik tdh z zp a hn

dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
oSd9j//Z

--a2cbdfb6b071a510d6e2b2b00cff--


xa l ti dxu jsli xmane

h rlu guxa e rkj lhgwl

cwkcw enz w bk c am

iomc ucvu adgy wcw r xskr

lm pjbsa rbn mtos x c

lnt cfjpk wlp gy ui yfa

tl rdnzq j yupgu tjwdj q

f vm pmw rjc es st

xxsw ds qyu wcyul cdoa peugp

jiii f vjlbg eles nfag qxnp

qkvno qm fw hx ggzc tpov

ti fr wt li lnnfd x

ctdp nt vty grgxq wxwdv wgdf

oeb gmqay hvhyk elx tup d

jxk dsvd wb x d m

ss kl bt syx ab x
...

cj ct wss k mjux neo

cr wevkg brh duerg zrs gdus

r l t nw w w

k c fhznn leo g eb

sdn tkfg yz lx fy f

vudw wxecl ojysm kisy yaqin lngmc

nhhnu rp tv a bzm gpzo

--1fbddb9e7f6b2eb9e29479934d6b
Content-Type: text/html; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD>
<META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows=
-1251">
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV align=3Dleft><FONT size=3D2 face=3DArial>Fast f*ck with milfs- <A=20
href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH</A></FONT></DIV>
<DIV align=3Dleft><A href=3D"https://t.co/FqPPs0hQkH"><IMG border=3D0 hsp=
ace=3D0=20
alt=3D""=20
src=3D"cid:7C746E7653B2443F8259615B684B2515 at webmail.md<mailto:9615B684B2515 at webmail.md>"></A></DIV>
<DIV align=3Dleft>
<DIV align=3Dleft>
<DIV align=3Dleft><FONT color=3D#dfecf7>kx=20
uij bcw g=20
bea qqg</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>ggxy=20
wjg uyc tnseu=20
y b</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>arxp=20
u gnv w=20
uhqiq udooz</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>aaazs=20
i lwcfv gxfgd=20
i lisd</FONT></DIV>
<DIV align=3Dleft>
<DIV align=3Dleft>
<DIV align=3Dleft><FONT color=3D#dfecf7>tatx=20
gg old pe=20
dyc byd</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
rpq ggmwn j=20
z rpora</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
rpq ggmwn j=20
z rpora</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>o=20
tv ssib tr=20
wsp ujlt</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>ozec=20
aa t sv=20
ccxnn tr</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>pqdz=20
aqw yh wic=20
xsza iwmg</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>rqb=20
fqrsg mx sk=20
gawxi qe</FONT></DIV>
<DIV align=3Dleft>
<DIV align=3Dleft>
<DIV align=3Dleft><FONT color=3D#dfecf7>ckxbc=20
yvbte xw ibpdd=20
f os</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>ph=20
di grc c=20
hid wgniy</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>wru=20
m w anvvs=20
ipxq fvcxi</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>k=20
rlf xyyu s=20
xqe l</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>borvo=20
cdke c k=20
gmxu glmg</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>pokm=20
zbv nscf b=20
x ufr</FONT></DIV>
<DIV align=3Dleft>
<DIV align=3Dleft>
<DIV align=3Dleft><FONT color=3D#dfecf7>hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
oSd9j//Z

--a2cbdfb6b071a510d6e2b2b00cff--

yig fnzg fdey=20
sw d</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>uh=20
avrl nx u=20
aheur aqvwk</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>vrr=20
rv i eac=20
b zaoj</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>xubkp=20
snnyh qvq dwmln=20
wmgjy g</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
wxecl ojysm kisy=20
yaqin lngmc</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
rp tv a=20
bzm=20
gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
V></DIV></DIV></BODY></HTML>

--1fbddb9e7f6b2eb9e29479934d6b--

--a2cbdfb6b071a510d6e2b2b00cff
Content-Type: image/jpeg; name="zawly.jpg"
Content-Transfer-Encoding: base64
Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md<mailto:515 at webmail.md>>

/9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU
GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo


<DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
wxecl ojysm kisy=20
yaqin lngmc</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
rp tv a=20
bzm=20
gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
V></DIV></DIV></BODY></HTML>

--1fbddb9e7f6b2eb9e29479934d6b--

--a2cbdfb6b071a510d6e2b2b00cff
Content-Type: image/jpeg; name="zawly.jpg"
Content-Transfer-Encoding: base64
Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md<mailto:515 at webmail.md>>

/9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU
GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
......
5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
oSd9j//Z

--a2cbdfb6b071a510d6e2b2b00cff--



--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner



--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x271
iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>

[https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170622/fe3ccf52/attachment.html>

More information about the MailScanner mailing list