How to deal with this spam?
David While
dwhile at while.org.uk
Thu Jun 22 19:10:35 UTC 2017
Hi Paul
I use milter-greylist with some loose settings which knocks out a lot of spam. Compromised PCs get caught by this as they invariably will not try to resend. It took me a few days to tweak the settings but so far I have not had any problems.
There are plenty of discussions out there on the merits of greylisting but it works for me.
David
Sent from BlueMail
On 22 Jun 2017, 19:07, at 19:07, Paul Scott <sales at edenusa.com> wrote:
>As of late, there has been a massive increase in the amount of spam
>coming in. I’ve tightened down the Spamassassin required hits from 6
>to 3, and the load has not lighted up.
>
>I also cleared the SpamAssassin DB using the sa-learn –clear command.
>
>Also added zen.spamhaus.org to a small list of RBLs I use (the other
>two are CBL-Abuseat and Spamcop).
>
>Any suggestions on what I might do, or check into to help reduce the
>huge amount of spam coming in?
>
>Sincerely,
>
>Paul Scott, Engineer
>Eden USA, Incorporated
>Event Production Services Since 1995
>Los Angeles-Las Vegas-New York
>sales at edenusa.com<mailto:sales at edenusa.com> OR
>edenusasales at gmail.com<mailto:edenusasales at gmail.com>
>Telephone(s): 866.501.3336 OR 951.505.6967
>Fax: 866.502.3336
>
>WEBSITE: https://www.edenusa.com
>FACEBOOK: http://www.facebook.com/edenusainc
>
>From: MailScanner
>[mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info]
>On Behalf Of Shawn Iverson
>Sent: Monday, June 19, 2017 12:59 PM
>To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
>Subject: Re: How to deal with this spam?
>
>The expletives in the email are a sure way to flag this one. A
>spamassassin rule to find these words would do the trick nicely.
>
>
>
>On Mon, Jun 19, 2017 at 1:44 PM, Gao
><gao at pztop.com<mailto:gao at pztop.com>> wrote:
>Hi,
>
>This spam message get a low score so it delivered to the user. Is there
>a way to let spamassassin catch it?
>
>Here is the spam mail:
>
>Return-Path: <magnaflow at webmail.md<mailto:magnaflow at webmail.md>>
>X-Original-To: gjv at mydomain.com<mailto:gjv at mydomain.com>
>Delivered-To: gjv at mydomain.com<mailto:gjv at mydomain.com>
>Received: by zeta.mydomain.com<http://zeta.mydomain.com> (Postfix, from
>userid 5001)
> id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT)
>Received-SPF: none (webmail.md<http://webmail.md>: No applicable sender
>policy available) receiver=zeta.mydomain.com<http://zeta.mydomain.com>;
>identity=mailfrom; envelope-from="magnaflow at webmail.md<http://il.md>";
>helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43
>Received: from
>smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp>
>(smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp>
>[157.7.104.43])
> (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
> (No client certificate requested)
>by zeta.mydomain.com<http://zeta.mydomain.com> (Postfix) with ESMTPS id
>094292061FFD4
>for <gjv at mydomain.com<mailto:gjv at mydomain.com>>; Sun, 18 Jun 2017
>19:03:00 -0700 (PDT)
>Received: from smtp-proxy002.phy.lolipop.lan (HELO
>smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp>)
>(172.19.44.43)
>(smtp-auth username
>infallible-man at ojikan-haishaku.net<mailto:infallible-man at ojikan-haishaku.net>,
>mechanism login)
>by smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp>
>(qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun 2017 11:02:57 +0900
>Received: from 127.0.0.1 (127.0.0.1)
>by smtp-proxy002.phy.lolipop.jp<http://smtp-proxy002.phy.lolipop.jp>
>(LOLIPOP-Fsecure);
> Mon, 19 Jun 2017 11:02:39 +0900 (JST)
>X-Virus-Status: clean(LOLIPOP-Fsecure)
>Message-ID:
><2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md<mailto:9A6 at webmail.md>>
>From: "FUCK EXPRESS"
><magnaflow at webmail.md<mailto:magnaflow at webmail.md>>
>To: <andrewv at pxxxxxxxxxxco.com<mailto:andrewv at pxxxxxxxxxxco.com>>,
> <kcmp at kxxxxxxxxxv.us<mailto:kcmp at kxxxxxxxxxv.us>>,
> <gjv at mydomain.com<mailto:gjv at mydomain.com>>,
> <entitlementservices at xxxxx.co<mailto:entitlementservices at xxxxx.co>m>,
> <speechsc at ixxxxxxxxorg>,
> <secretary at probxxxxxxxxxx.org<mailto:secretary at probxxxxxxxxxx.org>>,
><sanne.gruter at txxxxxxxxxxxce.com.au<mailto:sanne.gruter at txxxxxxxxxxxce.com.au>>
>Subject: Easily find girlfriend for sex!
>Date: Mon, 19 Jun 2017 05:02:54 +0300
>MIME-Version: 1.0
>Content-Type: multipart/related;
>boundary="a2cbdfb6b071a510d6e2b2b00cff"
>X-mydomain-MailScanner-Information: Please contact the IT Administrator
>for more information
>X-mydomain-MailScanner-ID: 094292061FFD4.AE63B
>X-mydomain-MailScanner: Found to be clean
>X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90,
> HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00)
>X-mydomain-MailScanner-From:
>magnaflow at webmail.md<mailto:magnaflow at webmail.md>
>X-Spam-Status: No
>
>This is a multi-part message in MIME format.
>
>--a2cbdfb6b071a510d6e2b2b00cff
>Content-Type: multipart/alternative;
>boundary="1fbddb9e7f6b2eb9e29479934d6b"
>
>
>--1fbddb9e7f6b2eb9e29479934d6b
>Content-Type: text/plain; charset="windows-1251"
>Content-Transfer-Encoding: quoted-printable
>
>Fast f*ck with milfs- https://t.co/FqPPs0hQkH
>
>kx uij bcw g bea qqg
>
>ggxy wjg uyc tnseu y b
>
>arxp u gnv w uhqiq udooz
>
>aaazs i lwcfv gxfgd i lisd
>
>tatx gg old pe dyc byd
>
>sxpto rpq ggmwn j z rpora
>
>o tv ssib tr wsp ujlt
>
>ozec aa t sv ccxnn tr
>
>pqdz aqw yh wic xsza iwmg
>
>rqb fqrsg mx sk gawxi qe
>
>ckxbc yvbte xw ibpdd f os
>
>ph di grc c hid wgniy
>
>wru m w anvvs ipxq fvcxi
>
>k rlf xyyu s xqe l
>
>borvo cdke c k gmxu glmg
>
>pokm zbv nscf b x ufr
>
>hgx yig fnzg fdey sw d
>
>uh avrl nx u aheur aqvwk
>
>vrr rv i eac b zaoj
>xubkp snnyh qvq dwmln wmgjy g
>
>nld m hosy zd emvec jhn
>
>ik tdh z zp a hn
>
>dq ptzi mnt lzq kdsy
>mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
>D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
>5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
>oSd9j//Z
>
>--a2cbdfb6b071a510d6e2b2b00cff--
>
>
>xa l ti dxu jsli xmane
>
>h rlu guxa e rkj lhgwl
>
>cwkcw enz w bk c am
>
>iomc ucvu adgy wcw r xskr
>
>lm pjbsa rbn mtos x c
>
>lnt cfjpk wlp gy ui yfa
>
>tl rdnzq j yupgu tjwdj q
>
>f vm pmw rjc es st
>
>xxsw ds qyu wcyul cdoa peugp
>
>jiii f vjlbg eles nfag qxnp
>
>qkvno qm fw hx ggzc tpov
>
>ti fr wt li lnnfd x
>
>ctdp nt vty grgxq wxwdv wgdf
>
>oeb gmqay hvhyk elx tup d
>
>jxk dsvd wb x d m
>
>ss kl bt syx ab x
>...
>
>cj ct wss k mjux neo
>
>cr wevkg brh duerg zrs gdus
>
>r l t nw w w
>
>k c fhznn leo g eb
>
>sdn tkfg yz lx fy f
>
>vudw wxecl ojysm kisy yaqin lngmc
>
>nhhnu rp tv a bzm gpzo
>
>--1fbddb9e7f6b2eb9e29479934d6b
>Content-Type: text/html; charset="windows-1251"
>Content-Transfer-Encoding: quoted-printable
>
><HTML><HEAD>
><META http-equiv=3D"Content-Type" content=3D"text/html;
>charset=3Dwindows=
>-1251">
></HEAD>
><BODY bgColor=3D#ffffff>
><DIV align=3Dleft><FONT size=3D2 face=3DArial>Fast f*ck with milfs-
><A=20
>href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH</A></FONT></DIV>
><DIV align=3Dleft><A href=3D"https://t.co/FqPPs0hQkH"><IMG border=3D0
>hsp=
>ace=3D0=20
>alt=3D""=20
>src=3D"cid:7C746E7653B2443F8259615B684B2515 at webmail.md<mailto:9615B684B2515 at webmail.md>"></A></DIV>
><DIV align=3Dleft>
><DIV align=3Dleft>
><DIV align=3Dleft><FONT color=3D#dfecf7>kx=20
>uij bcw g=20
>bea qqg</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>ggxy=20
>wjg uyc tnseu=20
>y b</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>arxp=20
>u gnv w=20
>uhqiq udooz</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>aaazs=20
>i lwcfv gxfgd=20
>i lisd</FONT></DIV>
><DIV align=3Dleft>
><DIV align=3Dleft>
><DIV align=3Dleft><FONT color=3D#dfecf7>tatx=20
>gg old pe=20
>dyc byd</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
>rpq ggmwn j=20
>z rpora</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
>rpq ggmwn j=20
>z rpora</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>o=20
>tv ssib tr=20
>wsp ujlt</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>ozec=20
>aa t sv=20
>ccxnn tr</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>pqdz=20
>aqw yh wic=20
>xsza iwmg</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>rqb=20
>fqrsg mx sk=20
>gawxi qe</FONT></DIV>
><DIV align=3Dleft>
><DIV align=3Dleft>
><DIV align=3Dleft><FONT color=3D#dfecf7>ckxbc=20
>yvbte xw ibpdd=20
>f os</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>ph=20
>di grc c=20
>hid wgniy</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>wru=20
>m w anvvs=20
>ipxq fvcxi</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>k=20
>rlf xyyu s=20
>xqe l</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>borvo=20
>cdke c k=20
>gmxu glmg</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>pokm=20
>zbv nscf b=20
>x ufr</FONT></DIV>
><DIV align=3Dleft>
><DIV align=3Dleft>
><DIV align=3Dleft><FONT
>color=3D#dfecf7>hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
>D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
>5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
>oSd9j//Z
>
>--a2cbdfb6b071a510d6e2b2b00cff--
>
>yig fnzg fdey=20
>sw d</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>uh=20
>avrl nx u=20
>aheur aqvwk</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>vrr=20
>rv i eac=20
>b zaoj</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>xubkp=20
>snnyh qvq dwmln=20
>wmgjy g</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
>wxecl ojysm kisy=20
>yaqin lngmc</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
>rp tv a=20
>bzm=20
>gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
>DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
>IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
>V></DIV></DIV></BODY></HTML>
>
>--1fbddb9e7f6b2eb9e29479934d6b--
>
>--a2cbdfb6b071a510d6e2b2b00cff
>Content-Type: image/jpeg; name="zawly.jpg"
>Content-Transfer-Encoding: base64
>Content-ID:
><7C746E7653B2443F8259615B684B2515 at webmail.md<mailto:515 at webmail.md>>
>
>/9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
>SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU
>GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
>
>
><DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
>wxecl ojysm kisy=20
>yaqin lngmc</FONT></DIV>
><DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
>rp tv a=20
>bzm=20
>gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
>DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
>IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
>V></DIV></DIV></BODY></HTML>
>
>--1fbddb9e7f6b2eb9e29479934d6b--
>
>--a2cbdfb6b071a510d6e2b2b00cff
>Content-Type: image/jpeg; name="zawly.jpg"
>Content-Transfer-Encoding: base64
>Content-ID:
><7C746E7653B2443F8259615B684B2515 at webmail.md<mailto:515 at webmail.md>>
>
>/9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
>SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU
>GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
>......
>5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
>D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
>5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
>oSd9j//Z
>
>--a2cbdfb6b071a510d6e2b2b00cff--
>
>
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
>--
>Shawn Iverson, CETL
>Director of Technology
>Rush County Schools
>765-932-3901 x271
>iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>
>
>[https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ]
>
>
>------------------------------------------------------------------------
>
>
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170622/59ad8e10/attachment-0001.html>
More information about the MailScanner
mailing list