How to deal with this spam?
Gao
gao at pztop.com
Thu Jun 22 21:14:31 UTC 2017
On 2017-06-22 12:55 PM, Paul Scott wrote:
>
> I would like to up the score for whenever a DCC hit occurs. It is
> currently set to 1.10, as can be seen in MailWatch:
>
> ScoreMatching RuleDescription
>
> 1.10 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
>
> 1.27 RDNS_NONE Delivered to trusted network by a host with no rDNS
>
> -0.00SPF_HELO_PASSSPF: HELO matches SPF record
>
> -0.00SPF_PASSSPF: sender matches SPF record
>
> In which file is this value configured, for use by MailScanner?
>
/etc/MailScanner/spam.assassin.prefs.conf
> *From:* MailScanner
> [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info]
> *On Behalf Of *Shawn Iverson
> *Sent:* Monday, June 19, 2017 12:59 PM
> *To:* MailScanner Discussion <mailscanner at lists.mailscanner.info>
> *Subject:* Re: How to deal with this spam?
>
> The expletives in the email are a sure way to flag this one. A
> spamassassin rule to find these words would do the trick nicely.
>
> On Mon, Jun 19, 2017 at 1:44 PM, Gao <gao at pztop.com
> <mailto:gao at pztop.com>> wrote:
>
> Hi,
>
> This spam message get a low score so it delivered to the user. Is
> there a way to let spamassassin catch it?
>
> Here is the spam mail:
>
> Return-Path: <magnaflow at webmail.md <mailto:magnaflow at webmail.md>>
> X-Original-To: gjv at mydomain.com <mailto:gjv at mydomain.com>
> Delivered-To: gjv at mydomain.com <mailto:gjv at mydomain.com>
> Received: by zeta.mydomain.com <http://zeta.mydomain.com>
> (Postfix, from userid 5001)
> id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT)
> Received-SPF: none (webmail.md <http://webmail.md>: No applicable
> sender policy available) receiver=zeta.mydomain.com
> <http://zeta.mydomain.com>; identity=mailfrom;
> envelope-from="magnaflow at webmail.md <http://il.md>";
> helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43
> Received: from smtp-proxy002.phy.lolipop.jp
> <http://smtp-proxy002.phy.lolipop.jp>
> (smtp-proxy002.phy.lolipop.jp
> <http://smtp-proxy002.phy.lolipop.jp> [157.7.104.43])
> (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
> (256/256 bits))
> (No client certificate requested)
> by zeta.mydomain.com <http://zeta.mydomain.com> (Postfix)
> with ESMTPS id 094292061FFD4
> for <gjv at mydomain.com <mailto:gjv at mydomain.com>>; Sun, 18
> Jun 2017 19:03:00 -0700 (PDT)
> Received: from smtp-proxy002.phy.lolipop.lan (HELO
> smtp-proxy002.phy.lolipop.jp
> <http://smtp-proxy002.phy.lolipop.jp>) (172.19.44.43)
> (smtp-auth username infallible-man at ojikan-haishaku.net
> <mailto:infallible-man at ojikan-haishaku.net>, mechanism login)
> by smtp-proxy002.phy.lolipop.jp
> <http://smtp-proxy002.phy.lolipop.jp> (qpsmtpd/0.82) with ESMTPA;
> Mon, 19 Jun 2017 11:02:57 +0900
> Received: from 127.0.0.1 (127.0.0.1)
> by smtp-proxy002.phy.lolipop.jp
> <http://smtp-proxy002.phy.lolipop.jp> (LOLIPOP-Fsecure);
> Mon, 19 Jun 2017 11:02:39 +0900 (JST)
> X-Virus-Status: clean(LOLIPOP-Fsecure)
> Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md
> <mailto:9A6 at webmail.md>>
> From: "FUCK EXPRESS" <magnaflow at webmail.md
> <mailto:magnaflow at webmail.md>>
> To: <andrewv at pxxxxxxxxxxco.com <mailto:andrewv at pxxxxxxxxxxco.com>>,
> <kcmp at kxxxxxxxxxv.us <mailto:kcmp at kxxxxxxxxxv.us>>,
> <gjv at mydomain.com <mailto:gjv at mydomain.com>>,
> <entitlementservices at xxxxx.co
> <mailto:entitlementservices at xxxxx.co>m>,
> <speechsc at ixxxxxxxxorg>,
> <secretary at probxxxxxxxxxx.org
> <mailto:secretary at probxxxxxxxxxx.org>>,
> <sanne.gruter at txxxxxxxxxxxce.com.au
> <mailto:sanne.gruter at txxxxxxxxxxxce.com.au>>
> Subject: Easily find girlfriend for sex!
> Date: Mon, 19 Jun 2017 05:02:54 +0300
> MIME-Version: 1.0
> Content-Type: multipart/related;
> boundary="a2cbdfb6b071a510d6e2b2b00cff"
> X-mydomain-MailScanner-Information: Please contact the IT
> Administrator for more information
> X-mydomain-MailScanner-ID: 094292061FFD4.AE63B
> X-mydomain-MailScanner: Found to be clean
> X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> score=0.901, required 4, BAYES_40 -0.00,
> DKIM_ADSP_NXDOMAIN 0.90,
> HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00,
> RCVD_IN_DNSWL_NONE -0.00)
> X-mydomain-MailScanner-From: magnaflow at webmail.md
> <mailto:magnaflow at webmail.md>
> X-Spam-Status: No
>
> This is a multi-part message in MIME format.
>
> --a2cbdfb6b071a510d6e2b2b00cff
> Content-Type: multipart/alternative;
> boundary="1fbddb9e7f6b2eb9e29479934d6b"
>
>
> --1fbddb9e7f6b2eb9e29479934d6b
> Content-Type: text/plain; charset="windows-1251"
> Content-Transfer-Encoding: quoted-printable
>
> Fast f*ck with milfs- https://t.co/FqPPs0hQkH
>
> kx uij bcw g bea qqg
>
> ggxy wjg uyc tnseu y b
>
> arxp u gnv w uhqiq udooz
>
> aaazs i lwcfv gxfgd i lisd
>
> tatx gg old pe dyc byd
>
> sxpto rpq ggmwn j z rpora
>
> o tv ssib tr wsp ujlt
>
> ozec aa t sv ccxnn tr
>
> pqdz aqw yh wic xsza iwmg
>
> rqb fqrsg mx sk gawxi qe
>
> ckxbc yvbte xw ibpdd f os
>
> ph di grc c hid wgniy
>
> wru m w anvvs ipxq fvcxi
>
> k rlf xyyu s xqe l
>
> borvo cdke c k gmxu glmg
>
> pokm zbv nscf b x ufr
>
> hgx yig fnzg fdey sw d
>
> uh avrl nx u aheur aqvwk
>
> vrr rv i eac b zaoj
> xubkp snnyh qvq dwmln wmgjy g
>
> nld m hosy zd emvec jhn
>
> ik tdh z zp a hn
>
> dq ptzi mnt lzq kdsy
> mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
> oSd9j//Z
>
> --a2cbdfb6b071a510d6e2b2b00cff--
>
>
> xa l ti dxu jsli xmane
>
> h rlu guxa e rkj lhgwl
>
> cwkcw enz w bk c am
>
> iomc ucvu adgy wcw r xskr
>
> lm pjbsa rbn mtos x c
>
> lnt cfjpk wlp gy ui yfa
>
> tl rdnzq j yupgu tjwdj q
>
> f vm pmw rjc es st
>
> xxsw ds qyu wcyul cdoa peugp
>
> jiii f vjlbg eles nfag qxnp
>
> qkvno qm fw hx ggzc tpov
>
> ti fr wt li lnnfd x
>
> ctdp nt vty grgxq wxwdv wgdf
>
> oeb gmqay hvhyk elx tup d
>
> jxk dsvd wb x d m
>
> ss kl bt syx ab x
> ...
>
> cj ct wss k mjux neo
>
> cr wevkg brh duerg zrs gdus
>
> r l t nw w w
>
> k c fhznn leo g eb
>
> sdn tkfg yz lx fy f
>
> vudw wxecl ojysm kisy yaqin lngmc
>
> nhhnu rp tv a bzm gpzo
>
> --1fbddb9e7f6b2eb9e29479934d6b
> Content-Type: text/html; charset="windows-1251"
> Content-Transfer-Encoding: quoted-printable
>
> <HTML><HEAD>
> <META http-equiv=3D"Content-Type" content=3D"text/html;
> charset=3Dwindows=
> -1251">
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV align=3Dleft><FONT size=3D2 face=3DArial>Fast f*ck with
> milfs- <A=20
> href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH</A></FONT></DIV>
> <DIV align=3Dleft><A href=3D"https://t.co/FqPPs0hQkH"><IMG
> border=3D0 hsp=
> ace=3D0=20
> alt=3D""=20
> src=3D"cid:7C746E7653B2443F8259615B684B2515 at webmail.md
> <mailto:9615B684B2515 at webmail.md>"></A></DIV>
> <DIV align=3Dleft>
> <DIV align=3Dleft>
> <DIV align=3Dleft><FONT color=3D#dfecf7>kx=20
> uij bcw g=20
> bea qqg</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>ggxy=20
> wjg uyc tnseu=20
> y b</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>arxp=20
> u gnv w=20
> uhqiq udooz</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>aaazs=20
> i lwcfv gxfgd=20
> i lisd</FONT></DIV>
> <DIV align=3Dleft>
> <DIV align=3Dleft>
> <DIV align=3Dleft><FONT color=3D#dfecf7>tatx=20
> gg old pe=20
> dyc byd</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
> rpq ggmwn j=20
> z rpora</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
> rpq ggmwn j=20
> z rpora</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>o=20
> tv ssib tr=20
> wsp ujlt</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>ozec=20
> aa t sv=20
> ccxnn tr</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>pqdz=20
> aqw yh wic=20
> xsza iwmg</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>rqb=20
> fqrsg mx sk=20
> gawxi qe</FONT></DIV>
> <DIV align=3Dleft>
> <DIV align=3Dleft>
> <DIV align=3Dleft><FONT color=3D#dfecf7>ckxbc=20
> yvbte xw ibpdd=20
> f os</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>ph=20
> di grc c=20
> hid wgniy</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>wru=20
> m w anvvs=20
> ipxq fvcxi</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>k=20
> rlf xyyu s=20
> xqe l</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>borvo=20
> cdke c k=20
> gmxu glmg</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>pokm=20
> zbv nscf b=20
> x ufr</FONT></DIV>
> <DIV align=3Dleft>
> <DIV align=3Dleft>
> <DIV align=3Dleft><FONT
> color=3D#dfecf7>hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
> oSd9j//Z
>
> --a2cbdfb6b071a510d6e2b2b00cff--
>
> yig fnzg fdey=20
> sw d</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>uh=20
> avrl nx u=20
> aheur aqvwk</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>vrr=20
> rv i eac=20
> b zaoj</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>xubkp=20
> snnyh qvq dwmln=20
> wmgjy g</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
> wxecl ojysm kisy=20
> yaqin lngmc</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
> rp tv a=20
> bzm=20
> gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
> DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
> IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
> V></DIV></DIV></BODY></HTML>
>
> --1fbddb9e7f6b2eb9e29479934d6b--
>
> --a2cbdfb6b071a510d6e2b2b00cff
> Content-Type: image/jpeg; name="zawly.jpg"
> Content-Transfer-Encoding: base64
> Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md
> <mailto:515 at webmail.md>>
>
> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
> SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU
> GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
>
>
> <DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
> wxecl ojysm kisy=20
> yaqin lngmc</FONT></DIV>
> <DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
> rp tv a=20
> bzm=20
> gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></=
> DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
> IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DI=
> V></DIV></DIV></BODY></HTML>
>
> --1fbddb9e7f6b2eb9e29479934d6b--
>
> --a2cbdfb6b071a510d6e2b2b00cff
> Content-Type: image/jpeg; name="zawly.jpg"
> Content-Transfer-Encoding: base64
> Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md
> <mailto:515 at webmail.md>>
>
> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
> SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU
> GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
> ......
> 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/
> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+
> oSd9j//Z
>
> --a2cbdfb6b071a510d6e2b2b00cff--
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
> --
>
> Shawn Iverson, CETL
>
> Director of Technology
>
> Rush County Schools
>
> 765-932-3901 x271
>
> iversons at rushville.k12.in.us <mailto:iversons at rushville.k12.in.us>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170622/fe241383/attachment.html>
More information about the MailScanner
mailing list