How to deal with this spam?
Paul Scott
sales at edenusa.com
Thu Jun 22 18:08:30 UTC 2017
Hello Shawn,
Could you please write an example of how to write your own spamassassin rule and where it goes?
Thank you very much!
Sincerely,
Paul Scott, Engineer
Eden USA, Incorporated
Event Production Services Since 1995
Los Angeles-Las Vegas-New York
sales at edenusa.com<mailto:sales at edenusa.com> OR edenusasales at gmail.com<mailto:edenusasales at gmail.com>
Telephone(s): 866.501.3336 OR 951.505.6967
Fax: 866.502.3336
WEBSITE: https://www.edenusa.com
FACEBOOK: http://www.facebook.com/edenusainc
From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Monday, June 19, 2017 12:59 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: How to deal with this spam?
The expletives in the email are a sure way to flag this one. A spamassassin rule to find these words would do the trick nicely.
On Mon, Jun 19, 2017 at 1:44 PM, Gao <gao at pztop.com<mailto:gao at pztop.com>> wrote:
Hi,
This spam message get a low score so it delivered to the user. Is there a way to let spamassassin catch it?
Here is the spam mail:
Return-Path: <magnaflow at webmail.md<mailto:magnaflow at webmail.md>>
X-Original-To: gjv at mydomain.com<mailto:gjv at mydomain.com>
Delivered-To: gjv at mydomain.com<mailto:gjv at mydomain.com>
Received: by zeta.mydomain.com<http://zeta.mydomain.com> (Postfix, from userid 5001)
id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT)
Received-SPF: none (webmail.md<http://webmail.md>: No applicable sender policy available) receiver=zeta.mydomain.com<http://zeta.mydomain.com>; identity=mailfrom; envelope-from="magnaflow at webmail.md<http://il.md>"; helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43
Received: from smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp> (smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp> [157.7.104.43])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by zeta.mydomain.com<http://zeta.mydomain.com> (Postfix) with ESMTPS id 094292061FFD4
for <gjv at mydomain.com<mailto:gjv at mydomain.com>>; Sun, 18 Jun 2017 19:03:00 -0700 (PDT)
Received: from smtp-proxy002.phy.lolipop.lan (HELO smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp>) (172.19.44.43)
(smtp-auth username infallible-man at ojikan-haishaku.net<mailto:infallible-man at ojikan-haishaku.net>, mechanism login)
by smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp> (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun 2017 11:02:57 +0900
Received: from 127.0.0.1 (127.0.0.1)
by smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp> (LOLIPOP-Fsecure);
Mon, 19 Jun 2017 11:02:39 +0900 (JST)
X-Virus-Status: clean(LOLIPOP-Fsecure)
Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md<mailto:9A6 at webmail.md>>
From: "FUCK EXPRESS" <magnaflow at webmail.md<mailto:magnaflow at webmail.md>>
To: <andrewv at pxxxxxxxxxxco.com<mailto:andrewv at pxxxxxxxxxxco.com>>,
<kcmp at kxxxxxxxxxv.us<mailto:kcmp at kxxxxxxxxxv.us>>,
<gjv at mydomain.com<mailto:gjv at mydomain.com>>,
<entitlementservices at xxxxx.co<mailto:entitlementservices at xxxxx.co>m>,
<speechsc at ixxxxxxxxorg>,
<secretary at probxxxxxxxxxx.org<mailto:secretary at probxxxxxxxxxx.org>>,
<sanne.gruter at txxxxxxxxxxxce.com.au<mailto:sanne.gruter at txxxxxxxxxxxce.com.au>>
Subject: Easily find girlfriend for sex!
Date: Mon, 19 Jun 2017 05:02:54 +0300
MIME-Version: 1.0
Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff"
X-mydomain-MailScanner-Information: Please contact the IT Administrator for more information
X-mydomain-MailScanner-ID: 094292061FFD4.AE63B
X-mydomain-MailScanner: Found to be clean
X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90,
HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00)
X-mydomain-MailScanner-From: magnaflow at webmail.md<mailto:magnaflow at webmail.md>
X-Spam-Status: No
This is a multi-part message in MIME format.
--a2cbdfb6b071a510d6e2b2b00cff
Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e29479934d6b"
--1fbddb9e7f6b2eb9e29479934d6b
Content-Type: text/plain; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable
Fast f*ck with milfs- https://t.co/FqPPs0hQkH
kx uij bcw g bea qqg
ggxy wjg uyc tnseu y b
arxp u gnv w uhqiq udooz
aaazs i lwcfv gxfgd i lisd
tatx gg old pe dyc byd
sxpto rpq ggmwn j z rpora
o tv ssib tr wsp ujlt
ozec aa t sv ccxnn tr
pqdz aqw yh wic xsza iwmg
rqb fqrsg mx sk gawxi qe
ckxbc yvbte xw ibpdd f os
ph di grc c hid wgniy
wru m w anvvs ipxq fvcxi
k rlf xyyu s xqe l
borvo cdke c k gmxu glmg
pokm zbv nscf b x ufr
hgx yig fnzg fdey sw d
uh avrl nx u aheur aqvwk
vrr rv i eac b zaoj
xubkp snnyh qvq dwmln wmgjy g
nld m hosy zd emvec jhn
ik tdh z zp a hn
dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
oSd9j//Z
--a2cbdfb6b071a510d6e2b2b00cff--
xa l ti dxu jsli xmane
h rlu guxa e rkj lhgwl
cwkcw enz w bk c am
iomc ucvu adgy wcw r xskr
lm pjbsa rbn mtos x c
lnt cfjpk wlp gy ui yfa
tl rdnzq j yupgu tjwdj q
f vm pmw rjc es st
xxsw ds qyu wcyul cdoa peugp
jiii f vjlbg eles nfag qxnp
qkvno qm fw hx ggzc tpov
ti fr wt li lnnfd x
ctdp nt vty grgxq wxwdv wgdf
oeb gmqay hvhyk elx tup d
jxk dsvd wb x d m
ss kl bt syx ab x
...
cj ct wss k mjux neo
cr wevkg brh duerg zrs gdus
r l t nw w w
k c fhznn leo g eb
sdn tkfg yz lx fy f
vudw wxecl ojysm kisy yaqin lngmc
nhhnu rp tv a bzm gpzo
--1fbddb9e7f6b2eb9e29479934d6b
Content-Type: text/html; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD>
<META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows=
-1251">
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV align=3Dleft><FONT size=3D2 face=3DArial>Fast f*ck with milfs- <A=20
href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH</A></FONT></DIV>
<DIV align=3Dleft><A href=3D"https://t.co/FqPPs0hQkH"><IMG border=3D0 hsp=
ace=3D0=20
alt=3D""=20
src=3D"cid:7C746E7653B2443F8259615B684B2515 at webmail.md<mailto:9615B684B2515 at webmail.md>"></A></DIV>
<DIV align=3Dleft>
<DIV align=3Dleft>
<DIV align=3Dleft><FONT color=3D#dfecf7>kx=20
uij bcw g=20
bea qqg</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>ggxy=20
wjg uyc tnseu=20
y b</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>arxp=20
u gnv w=20
uhqiq udooz</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>aaazs=20
i lwcfv gxfgd=20
i lisd</FONT></DIV>
<DIV align=3Dleft>
<DIV align=3Dleft>
<DIV align=3Dleft><FONT color=3D#dfecf7>tatx=20
gg old pe=20
dyc byd</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
rpq ggmwn j=20
z rpora</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
rpq ggmwn j=20
z rpora</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>o=20
tv ssib tr=20
wsp ujlt</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>ozec=20
aa t sv=20
ccxnn tr</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>pqdz=20
aqw yh wic=20
xsza iwmg</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>rqb=20
fqrsg mx sk=20
gawxi qe</FONT></DIV>
<DIV align=3Dleft>
<DIV align=3Dleft>
<DIV align=3Dleft><FONT color=3D#dfecf7>ckxbc=20
yvbte xw ibpdd=20
f os</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>ph=20
di grc c=20
hid wgniy</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>wru=20
m w anvvs=20
ipxq fvcxi</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>k=20
rlf xyyu s=20
xqe l</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>borvo=20
cdke c k=20
gmxu glmg</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>pokm=20
zbv nscf b=20
x ufr</FONT></DIV>
<DIV align=3Dleft>
<DIV align=3Dleft>
<DIV align=3Dleft><FONT color=3D#dfecf7>hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
oSd9j//Z
--a2cbdfb6b071a510d6e2b2b00cff--
yig fnzg fdey=20
sw d</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>uh=20
avrl nx u=20
aheur aqvwk</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>vrr=20
rv i eac=20
b zaoj</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>xubkp=20
snnyh qvq dwmln=20
wmgjy g</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
wxecl ojysm kisy=20
yaqin lngmc</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
rp tv a=20
bzm=20
gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
V></DIV></DIV></BODY></HTML>
--1fbddb9e7f6b2eb9e29479934d6b--
--a2cbdfb6b071a510d6e2b2b00cff
Content-Type: image/jpeg; name="zawly.jpg"
Content-Transfer-Encoding: base64
Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md<mailto:515 at webmail.md>>
/9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU
GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
<DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
wxecl ojysm kisy=20
yaqin lngmc</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
rp tv a=20
bzm=20
gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
V></DIV></DIV></BODY></HTML>
--1fbddb9e7f6b2eb9e29479934d6b--
--a2cbdfb6b071a510d6e2b2b00cff
Content-Type: image/jpeg; name="zawly.jpg"
Content-Transfer-Encoding: base64
Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md<mailto:515 at webmail.md>>
/9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU
GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
......
5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
oSd9j//Z
--a2cbdfb6b071a510d6e2b2b00cff--
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x271
iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>
[https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170622/75a67331/attachment.html>
More information about the MailScanner
mailing list