How to deal with this spam?
Shawn Iverson
iversons at rushville.k12.in.us
Sat Jun 24 20:09:35 UTC 2017
Thanks Dave!
(btw, are you the Dave Jones I know :? )
On Fri, Jun 23, 2017 at 8:38 PM, Dave Jones <dave at jonesol.com> wrote:
> FYI I have reverted the SA 72_scores.cf to mid March to fix the low
> scoring issue. If you have changed your default score down to 3, you may
> want to put it back to 6 and run sa-update.
>
> Background: The SA infrastructure servers were recently rebuild and there
> is a bug in the nightly masscheck scripts that built an incomplete
> 72_scores.cf. This got past our testing so I have manually built and
> update today that we will stay on until the build issue is resolved.
>
> Dave
>
> On Thu, Jun 22, 2017 at 1:06 PM, Paul Scott <sales at edenusa.com> wrote:
>
>> As of late, there has been a massive increase in the amount of spam
>> coming in. I’ve tightened down the Spamassassin required hits from 6 to 3,
>> and the load has not lighted up.
>>
>>
>>
>> I also cleared the SpamAssassin DB using the sa-learn –clear command.
>>
>>
>>
>> Also added zen.spamhaus.org to a small list of RBLs I use (the other two
>> are CBL-Abuseat and Spamcop).
>>
>>
>>
>> Any suggestions on what I might do, or check into to help reduce the huge
>> amount of spam coming in?
>>
>>
>>
>> Sincerely,
>>
>>
>>
>> Paul Scott, Engineer
>>
>> Eden USA, Incorporated
>> Event Production Services Since 1995
>> Los Angeles-Las Vegas-New York
>> sales at edenusa.com OR edenusasales at gmail.com
>> Telephone(s): 866.501.3336 <(866)%20501-3336> OR 951.505.6967
>> <(951)%20505-6967>
>> Fax: 866.502.3336 <(866)%20502-3336>
>>
>>
>>
>> WEBSITE: https://www.edenusa.com
>>
>> FACEBOOK: http://www.facebook.com/edenusainc
>>
>>
>>
>> *From:* MailScanner [mailto:mailscanner-bounces+sales=
>> edenusa.com at lists.mailscanner.info] *On Behalf Of *Shawn Iverson
>> *Sent:* Monday, June 19, 2017 12:59 PM
>> *To:* MailScanner Discussion <mailscanner at lists.mailscanner.info>
>> *Subject:* Re: How to deal with this spam?
>>
>>
>>
>> The expletives in the email are a sure way to flag this one. A
>> spamassassin rule to find these words would do the trick nicely.
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Jun 19, 2017 at 1:44 PM, Gao <gao at pztop.com> wrote:
>>
>> Hi,
>>
>> This spam message get a low score so it delivered to the user. Is there a
>> way to let spamassassin catch it?
>>
>> Here is the spam mail:
>>
>> Return-Path: <magnaflow at webmail.md>
>> X-Original-To: gjv at mydomain.com
>> Delivered-To: gjv at mydomain.com
>> Received: by zeta.mydomain.com (Postfix, from userid 5001)
>> id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT)
>> Received-SPF: none (webmail.md: No applicable sender policy available)
>> receiver=zeta.mydomain.com; identity=mailfrom;
>> envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp;
>> client-ip=157.7.104.43
>> Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp
>> [157.7.104.43])
>> (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
>> bits))
>> (No client certificate requested)
>> by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4
>> for <gjv at mydomain.com>; Sun, 18 Jun 2017 19:03:00 -0700 (PDT)
>> Received: from smtp-proxy002.phy.lolipop.lan (HELO
>> smtp-proxy002.phy.lolipop.jp) (172.19.44.43)
>> (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism
>> login)
>> by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19
>> Jun 2017 11:02:57 +0900
>> Received: from 127.0.0.1 (127.0.0.1)
>> by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure);
>> Mon, 19 Jun 2017 11:02:39 +0900 (JST)
>> X-Virus-Status: clean(LOLIPOP-Fsecure)
>> Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md>
>> From: "FUCK EXPRESS" <magnaflow at webmail.md>
>> To: <andrewv at pxxxxxxxxxxco.com>,
>> <kcmp at kxxxxxxxxxv.us>,
>> <gjv at mydomain.com>,
>> <entitlementservices at xxxxx.com>,
>> <speechsc at ixxxxxxxxorg>,
>> <secretary at probxxxxxxxxxx.org>,
>> <sanne.gruter at txxxxxxxxxxxce.com.au>
>> Subject: Easily find girlfriend for sex!
>> Date: Mon, 19 Jun 2017 05:02:54 +0300
>> MIME-Version: 1.0
>> Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff"
>> X-mydomain-MailScanner-Information: Please contact the IT Administrator
>> for more information
>> X-mydomain-MailScanner-ID: 094292061FFD4.AE63B
>> X-mydomain-MailScanner: Found to be clean
>> X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
>> score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90,
>> HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00)
>> X-mydomain-MailScanner-From: magnaflow at webmail.md
>> X-Spam-Status: No
>>
>> This is a multi-part message in MIME format.
>>
>> --a2cbdfb6b071a510d6e2b2b00cff
>> Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e294
>> 79934d6b"
>>
>>
>> --1fbddb9e7f6b2eb9e29479934d6b
>> Content-Type: text/plain; charset="windows-1251"
>> Content-Transfer-Encoding: quoted-printable
>>
>> Fast f*ck with milfs- https://t.co/FqPPs0hQkH
>>
>> kx uij bcw g bea qqg
>>
>> ggxy wjg uyc tnseu y b
>>
>> arxp u gnv w uhqiq udooz
>>
>> aaazs i lwcfv gxfgd i lisd
>>
>> tatx gg old pe dyc byd
>>
>> sxpto rpq ggmwn j z rpora
>>
>> o tv ssib tr wsp ujlt
>>
>> ozec aa t sv ccxnn tr
>>
>> pqdz aqw yh wic xsza iwmg
>>
>> rqb fqrsg mx sk gawxi qe
>>
>> ckxbc yvbte xw ibpdd f os
>>
>> ph di grc c hid wgniy
>>
>> wru m w anvvs ipxq fvcxi
>>
>> k rlf xyyu s xqe l
>>
>> borvo cdke c k gmxu glmg
>>
>> pokm zbv nscf b x ufr
>>
>> hgx yig fnzg fdey sw d
>>
>> uh avrl nx u aheur aqvwk
>>
>> vrr rv i eac b zaoj
>> xubkp snnyh qvq dwmln wmgjy g
>>
>> nld m hosy zd emvec jhn
>>
>> ik tdh z zp a hn
>>
>> dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GD
>> SP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
>> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/
>> fAo/syx/wCfSD/vgUe/
>> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/
>> 6iGOP/AHVAqenGLV2+
>> oSd9j//Z
>>
>> --a2cbdfb6b071a510d6e2b2b00cff--
>>
>>
>> xa l ti dxu jsli xmane
>>
>> h rlu guxa e rkj lhgwl
>>
>> cwkcw enz w bk c am
>>
>> iomc ucvu adgy wcw r xskr
>>
>> lm pjbsa rbn mtos x c
>>
>> lnt cfjpk wlp gy ui yfa
>>
>> tl rdnzq j yupgu tjwdj q
>>
>> f vm pmw rjc es st
>>
>> xxsw ds qyu wcyul cdoa peugp
>>
>> jiii f vjlbg eles nfag qxnp
>>
>> qkvno qm fw hx ggzc tpov
>>
>> ti fr wt li lnnfd x
>>
>> ctdp nt vty grgxq wxwdv wgdf
>>
>> oeb gmqay hvhyk elx tup d
>>
>> jxk dsvd wb x d m
>>
>> ss kl bt syx ab x
>> ...
>>
>> cj ct wss k mjux neo
>>
>> cr wevkg brh duerg zrs gdus
>>
>> r l t nw w w
>>
>> k c fhznn leo g eb
>>
>> sdn tkfg yz lx fy f
>>
>> vudw wxecl ojysm kisy yaqin lngmc
>>
>> nhhnu rp tv a bzm gpzo
>>
>> --1fbddb9e7f6b2eb9e29479934d6b
>> Content-Type: text/html; charset="windows-1251"
>> Content-Transfer-Encoding: quoted-printable
>>
>> <HTML><HEAD>
>> <META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows=
>> -1251">
>> </HEAD>
>> <BODY bgColor=3D#ffffff>
>> <DIV align=3Dleft><FONT size=3D2 face=3DArial>Fast f*ck with milfs- <A=20
>> href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH</A></FONT></DIV>
>> <DIV align=3Dleft><A href=3D"https://t.co/FqPPs0hQkH"><IMG border=3D0
>> hsp=
>> ace=3D0=20
>> alt=3D""=20
>> src=3D"cid:7C746E7653B2443F8259615B684B2515 at webmail.md"></A></DIV>
>> <DIV align=3Dleft>
>> <DIV align=3Dleft>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>kx=20
>> uij bcw g=20
>> bea qqg</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>ggxy=20
>> wjg uyc tnseu=20
>> y b</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>arxp=20
>> u gnv w=20
>> uhqiq udooz</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>aaazs=20
>> i lwcfv gxfgd=20
>> i lisd</FONT></DIV>
>> <DIV align=3Dleft>
>> <DIV align=3Dleft>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>tatx=20
>> gg old pe=20
>> dyc byd</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
>> rpq ggmwn j=20
>> z rpora</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>sxpto=20
>> rpq ggmwn j=20
>> z rpora</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>o=20
>> tv ssib tr=20
>> wsp ujlt</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>ozec=20
>> aa t sv=20
>> ccxnn tr</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>pqdz=20
>> aqw yh wic=20
>> xsza iwmg</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>rqb=20
>> fqrsg mx sk=20
>> gawxi qe</FONT></DIV>
>> <DIV align=3Dleft>
>> <DIV align=3Dleft>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>ckxbc=20
>> yvbte xw ibpdd=20
>> f os</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>ph=20
>> di grc c=20
>> hid wgniy</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>wru=20
>> m w anvvs=20
>> ipxq fvcxi</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>k=20
>> rlf xyyu s=20
>> xqe l</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>borvo=20
>> cdke c k=20
>> gmxu glmg</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>pokm=20
>> zbv nscf b=20
>> x ufr</FONT></DIV>
>> <DIV align=3Dleft>
>> <DIV align=3Dleft>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>hgx=205/0MGkf+
>> Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l
>> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/
>> fAo/syx/wCfSD/vgUe/
>> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/
>> 6iGOP/AHVAqenGLV2+
>> oSd9j//Z
>>
>> --a2cbdfb6b071a510d6e2b2b00cff--
>>
>> yig fnzg fdey=20
>> sw d</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>uh=20
>> avrl nx u=20
>> aheur aqvwk</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>vrr=20
>> rv i eac=20
>> b zaoj</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>xubkp=20
>> snnyh qvq dwmln=20
>> wmgjy g</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
>> wxecl ojysm kisy=20
>> yaqin lngmc</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
>> rp tv a=20
>> bzm=20
>> gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV><
>> /DIV></DIV></=
>> DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></
>> DIV></DIV></D=
>> IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D
>> IV></DIV></DI=
>> V></DIV></DIV></BODY></HTML>
>>
>> --1fbddb9e7f6b2eb9e29479934d6b--
>>
>> --a2cbdfb6b071a510d6e2b2b00cff
>> Content-Type: image/jpeg; name="zawly.jpg"
>> Content-Transfer-Encoding: base64
>> Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md>
>>
>> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4w
>> ICh1c2luZyBJSkcg
>> SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQ
>> CgoJCQoUDg8MEBcU
>> GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcK
>> CAoTCgoTKBoWGigo
>>
>>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>vudw=20
>> wxecl ojysm kisy=20
>> yaqin lngmc</FONT></DIV>
>> <DIV align=3Dleft><FONT color=3D#dfecf7>nhhnu=20
>> rp tv a=20
>> bzm=20
>> gpzo</FONT></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV><
>> /DIV></DIV></=
>> DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></
>> DIV></DIV></D=
>> IV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D
>> IV></DIV></DI=
>> V></DIV></DIV></BODY></HTML>
>>
>> --1fbddb9e7f6b2eb9e29479934d6b--
>>
>> --a2cbdfb6b071a510d6e2b2b00cff
>> Content-Type: image/jpeg; name="zawly.jpg"
>> Content-Transfer-Encoding: base64
>> Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md>
>>
>> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4w
>> ICh1c2luZyBJSkcg
>> SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQ
>> CgoJCQoUDg8MEBcU
>> GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcK
>> CAoTCgoTKBoWGigo
>> ......
>> 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59
>> IP8AvgUe/wCQe55l
>> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/
>> fAo/syx/wCfSD/vgUe/
>> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/
>> 6iGOP/AHVAqenGLV2+
>> oSd9j//Z
>>
>> --a2cbdfb6b071a510d6e2b2b00cff--
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>>
>>
>>
>> --
>>
>> Shawn Iverson, CETL
>>
>> Director of Technology
>>
>> Rush County Schools
>>
>> 765-932-3901 x271 <(765)%20932-3901>
>>
>> iversons at rushville.k12.in.us
>>
>>
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x271
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170624/f2c4eb8a/attachment.html>
More information about the MailScanner
mailing list