Spammer with attachment that bypasses spamassassin
George Papamichelakis
gpapamichelakis at gmail.com
Fri Mar 29 11:29:19 UTC 2019
Sure , Here they are, I just tweaked the ips and names , I noticed
this in my postfix log file:
MailScanner[29247]: Message BC40B48E89.AA059 from XXX.XXX.XXX.XXX
(business-education+bncbcgz73fdtyhrblo767sakgqeq2agr3q at googlegroups.com)
to xxxx.xxx is too big for spam checks (2655956 > 200000 bytes)
The headers are :
Return-Path: <business-education+bncbcgz73fdtyhrblo767sakgqeq2agr3q at googlegroups.com>
Received: from xxx.xxxx.xxxx
by xxx.xxxx.xxxx
(Dovecot) with LMTP id sbwwFzzwnVyRAgAAyyBr5g
; Fri, 29 Mar 2019 12:15:24 +0200
Received: by xxx.xxxx.xxxx
(Postfix)
id 0FAC948E16; Fri, 29 Mar 2019 12:15:24 +0200 (EET)
Delivered-To: xx at xxxx.xx
Received: from mail-wr1-f57.google.com (mail-wr1-f57.google.com [209.85.221.57])
by xxx.xxxx.xxxx
(Postfix) with ESMTPS id BC40B48E89
for <xxx at xxxx.xxx>; Fri, 29 Mar 2019 12:13:06 +0200 (EET)
Received: by mail-wr1-f57.google.com with SMTP id e14sf1337667wrt.18
for <xxxxx at xxxx.xxx>; Fri, 29 Mar 2019 03:13:06 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1553854386; cv=pass;
d=google.com; s=arc-20160816;
b=bDj3MoszOIe10YUpXat4fWayZVSj+yX/GmZoXvbzayZem079c+fa/0VjHMWnOGNVVv
GSy6RosiKQb7I7tol7BK6anz+YUuAahwsWx3lTvF+Z7dZxXWXlqQQpY/aYDxqX4Tcpfp
7T4jRX3Qj8erZiZyRvwZcwMUoWmlqSfzoJnW0NFRv3/sGRPXMoJsAf/e2ruroiv+JfBH
aVYACrXqE+dKLcQ37jc6mTZ+MKbrjF8P7T5F/GMHMcUP8MdfT30nrpva7YCjAnGHRdFY
eaQlTUps/y8WrDf8/3sKk5iEsYeUbVzZRZqG67mWcE0ibJolsRyE61pRd/6jiTEe/8pV
Dg5g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-archive:list-help:list-post:list-id
:mailing-list:precedence:reply-to:to:subject:message-id:date:from
:in-reply-to:references:mime-version:sender:dkim-signature;
bh=DBS0pCCxQKHrs8JD5K0bx+wdmtXC5ACr4zeYr1o30+0=;
b=mwjvFhzXcRvrSjDWhAnzJej7aZq9m06V16MDIhceydPwo2hOxECQwHzDVHFM6Bi+UO
moUnvEYFOroVCWKrwTGIaDz7sE871ZfvJ147JIVzXs+XiMuasFXYlTVe3+yO5BHX2Jnj
oX0k83tzybV4eyBCFLnD60ZDAKdSVHFL9tVltefRgTBf5z9WEo2XBwhxxd8YzKfgGfvL
2MoiAD+LOWPYZAfabNKGAWaqVBTPeQzGIYjN1MbzEniyO2JSqly0hrXVDmJCUIMxLskp
3U9NqMyNZwhH7QyKwzHTpfRvuMp6e8N4r0gSGdqIkyC6YspAJ8t8Hno5tw5Geoe31li+
XV+w==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
spf=pass (google.com: domain of xxx at xxxxx.xxx designates XX.XXX.XX.XX as permitted sender) smtp.mailfrom=xxxx at xxxxxxx.xxx
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20161025;
h=sender:mime-version:references:in-reply-to:from:date:message-id
:subject:to:x-original-sender:x-original-authentication-results
:reply-to:precedence:mailing-list:list-id:list-post:list-help
:list-archive:list-unsubscribe;
bh=DBS0pCCxQKHrs8JD5K0bx+wdmtXC5ACr4zeYr1o30+0=;
b=eZ9WUgiIsuUxH7BE4jjvsdfywpvlVI26SsyX5Hk0knrCGt9TLeok/9C4Or2nabBn24
63eyeYX7W58BOVQwO5IR5ZnpKb+Zbab6CIkzaFK9lQX9kbDdXcKSGylI0P+++Mdcna1U
4BPwHpCYNC8qXf6UNcBtT709eZ0Q5jsbQMnv5lZchvSWqc3rEqvt1w3yDyaMGV4Rp6U4
7fROjJPTr2FazJd4KHOBDrYu+4nram1vJEFpuNtZOkomSTFaOzQ8KsNefQabfpLTd6/L
5w/+KpPCFK+flpZX3UlltQZmq2Ixr9Riz2EOek+FC5veXdTuLXWC1dQPXIxGQXZb2A3y
IsEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=sender:x-gm-message-state:mime-version:references:in-reply-to:from
:date:message-id:subject:to:x-original-sender
:x-original-authentication-results:reply-to:precedence:mailing-list
:list-id:x-spam-checked-in-group:list-post:list-help:list-archive
:list-unsubscribe;
bh=DBS0pCCxQKHrs8JD5K0bx+wdmtXC5ACr4zeYr1o30+0=;
b=bBifMmPz8ja6VAfzvMblxLJYpeeN7MAr7CRvM21URzrJqgKt+wO0A7wspMGIiPflcQ
0H+9McmWSGYxe9OPzzG3PfLYEsti8AZokMe0JEfeGTOecdz+nw/soB5p2shg+cE9eQ7y
f7N2eRed9g5hbUzIVr30C7N274FW4eemUpCQbnHTZOcoA1b5PHYA2DtUa39GjCzoSzQE
lXTy7og3ph+4fwAZpF6DDWRdi4VnqsuQgF/gDZXQRnV7/zeRBpgVHFwQojvEubWnU8My
fH3J59R7OU7mhHaBI8FDBYV4Fw9OEWsDTazHlMgp/Mf8trc1ypyHXjkPNQ1wCvAPeykK
clBQ==
Sender: business-education at googlegroups.com
X-Gm-Message-State: APjAAAVBRH41sEGircSxa9aCNJ3+Gdoqi3VgJziDALz6lNRtMiIgExdF
bsKc5TOvc09p4IItxZTro7A=
X-Google-Smtp-Source: APXvYqzBH7+DrvOsVWtQ5ngRAm9523F7UnycoTigNImCbDoQsHOZ0qJiR4B4VvykasuyECpJ1eOX7w==
X-Received: by 2002:a5d:6b0d:: with SMTP id v13mr6769541wrw.284.1553854385485;
Fri, 29 Mar 2019 03:13:05 -0700 (PDT)
X-BeenThere: business-education at googlegroups.com
Received: by 2002:adf:f8c6:: with SMTP id f6ls113789wrq.11.gmail; Fri, 29 Mar
2019 03:13:00 -0700 (PDT)
X-Received: by 2002:adf:de84:: with SMTP id w4mr1246311wrl.13.1553854380443;
Fri, 29 Mar 2019 03:13:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553854380; cv=none;
d=google.com; s=arc-20160816;
b=xQxxAGbN12GnmeQEd7IEF6uy7+LGBRZo+VAa2c7356vtwtz4zsIhwBKpR4oN71gWHR
B/Qiy8szZvSCHkWZe242aJIqcwUmaxh7MS0dRlb3zKCiKd2mGkH7bzxjrOOH7iUagRQJ
Ikw6z1OJY+vslqv70A5ACJwrNyu5L9qhpQJ1EIv1umR4GzIXjWJyzKS4w+ysyy0WJ0HE
lLR2JTwghOnV4tBUNZYSuPyhgjgX3bTobTN+zGbcL3fptIE6xYG7FbWo6zOe9gymmopX
yiR0Zbm7k0qh6r9j8uctE/1T3ULtirFpaGB2I+RWRe4U1Q6tlM+lQQ3/4Z6GR36thS6X
9nIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version;
bh=cH+xK7PaOEPF19A/Hsv+6kzx+bqBeZZESuscUNhVNKc=;
b=gvkuJ5kbSe5L4BxQLFnPirRSXUW7PDhMkOz4keTxL7biWAhdBPWQA5If1ShPdKQYfi
to+kA2cddc1vAfSqI52ZnJU+//1DgoR/tw80F7enOnvS8kFkYQCoglrGpvjeAZSEozLR
WIdEdLGHcrGWdDnAg5kK0P11YALOtl7dXQA25UPwbdZzWfXRsRpDmePVz8gWXNsFQk2U
3eKzK/y1r1iYJAVTC2pOF4ZIFPG8SfrsRRBFsWjnechjmI3a+4K1nsqVafgHR7+/z6fJ
LrN2JcAbNvJL4EqI0oZcK0aHzkQGXM1ZZH5S6VXcLvfL2xCNpdxGWkEYNp13U8n760o3
ZssA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
spf=pass (google.com: domain of xxx at xxxxx.xxx designates XX.XX.XX.XX as permitted sender) smtp.mailfrom=xxx at xxxx.xxx
Received: from xxxxx.xxxx.xxxx (XXx.xxxxxx.xxx. [XX.XX.XX.XX])
by gmr-mx.google.com with ESMTPS id n65si73301wma.1.2019.03.29.03.12.59
for <business-education at googlegroups.com>
(version=TLS1 cipher=AES128-SHA bits=128/128);
Fri, 29 Mar 2019 03:13:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of xxx at xxxxxx.xxx designates XX.XX.XX.XX as permitted sender) client-ip=XX.XX.XX.XX;
Received: from mail-vs1-f52.google.com (mail-vs1-f52.google.com [209.85.217.52])
(Authenticated sender: xxx at xxxxxx.xxx)
by xxxxx.xxx.xxx (ESMTP) with ESMTPSA
for <business-education at googlegroups.com>; Fri, 29 Mar 2019 12:12:52 +0200 (EET)
Received: by mail-vs1-f52.google.com with SMTP id j184so943199vsd.11
for <business-education at googlegroups.com>; Fri, 29 Mar 2019 03:12:52 -0700 (PDT)
X-Received: by 2002:a67:e28d:: with SMTP id g13mr29911012vsf.121.1553854370951;
Fri, 29 Mar 2019 03:12:50 -0700 (PDT)
MIME-Version: 1.0
References: <CANRqB_k2U-5PD3GKpfN=BGBbc7Rkj50aBt1jm0i7zs1PV4EAfQ at mail.gmail.com>
<CANRqB_=kJgxPrh-KM2iSseqgZ0mh9R1W-nVv=RN=PjF6pJdOAA at mail.gmail.com>
<CANRqB_nAbwsN-UJrbvqTFhS9imbvvxeTm_xnT7gAMyRJ68=GgQ at mail.gmail.com>
<CANRqB_mkywZVo5t6sa3Qo48RKhb_Yqzp9vR0LrqZfmKHecB7fg at mail.gmail.com>
<CANRqB_mT7aJP8Uhgn4ejqLpsH5Gwc3uQXAJ82rZf--6x1Sdi6A at mail.gmail.com>
<CANRqB_kN2LnaqGNzZ1Ym8u0OOVVo5c=NnZynNq=uHJz2p0VvgA at mail.gmail.com>
<CANRqB_k-M2MLUDnZep3XXg4xwbx_qmoJ6n+r43k4GYmCqGmZug at mail.gmail.com>
<CANRqB_kU8HapxUfNjOK6WbYEz9T6XLrRs9LnmRgcSOceMpF9zQ at mail.gmail.com>
<CANRqB_=+0XBEVY+SizVb+gK11Jv+=LVDN4BKgWcbA5TfWtkJjQ at mail.gmail.com>
<CANRqB_ncQnLz9LRSygBY2PRm7TJ3KFdKmssfbFd=TWcWqg=1Hg at mail.gmail.com>
<CANRqB_knDxy6qi=ojcxM96uJGaAPp-jZBgDE5bT0qXK+7Rca+Q at mail.gmail.com>
<CANRqB_nZNOHhtrrQS_Ki723qfhFOJtVC=ek7h+VW_OJgnK2VEw at mail.gmail.com>
<CANRqB_n83NYjSszj8SASF62OEdeYf8SeF6nCdfMWVwBiW0Tx6w at mail.gmail.com>
<CANRqB_kHSNLe6nAjaBER5O2GmAnUNE0d6+yayuy0sPf2N8kn0Q at mail.gmail.com>
<CANRqB_m59+x1mBEwkgpyLwpcURoTkcWjrtkyX5wYmXLuWx4JMA at mail.gmail.com>
<CANRqB_ms7AFhT-y0nwxCOi4B6WL5uh+s_7-vVZq0OEXYfVy_LA at mail.gmail.com>
<CANRqB_=9E7D2e=Zyuj5mwTXaOAezA8nFhuVdnVsTc9hCVuKr_w at mail.gmail.com>
<CANRqB_=H-AcrnNFApWECjqwn8a2sBjK8aXoPAy1_SoB=XO89rA at mail.gmail.com>
<CANRqB_kvL_aJcOUZ4pu5+T85S0Weqvch+iU5A1c2HQuOnjnWsg at mail.gmail.com>
<CANRqB_mQ5oZHGfZ=uia6nHF=D0tGW1ajC60hzbUbeFSthFfX7w at mail.gmail.com>
<CANRqB_mBMiogbDzukxPbq5ibA8G03fTpVTMvMDCBnWEH0vdy5g at mail.gmail.com>
<CANRqB_ksDtpUgj80yc9Rcm+jLV4G=22k41zrbzWeNsREVPOgoQ at mail.gmail.com>
<CANRqB_mXAzK9111A_0KCfozyLAWV=PQKLj=depFrLNkMu=SDrw at mail.gmail.com>
<CANRqB_k=GjNRDAgwr8sd2k+t0K0Kv8S5AhjXwO41Qiiib5EXiA at mail.gmail.com>
<CANRqB_kO54X=ARk1ZTMVQOTYS2R6cqFeMo4s6zCpfTxQT9SP+w at mail.gmail.com>
<CANRqB_ms2reFNa8-LONHnes6HDmisZTEC0v+xMZsUG6G0gpyOA at mail.gmail.com>
<CANRqB_mpPmRV3BE4r+sR83Mkcv_GOv6tsL9B54oYse3dZrZoMg at mail.gmail.com>
<CANRqB_k1cz4Bj9D9g11u1CLQ+eKX3kYeNPtT61i9KHGOsaf8yg at mail.gmail.com>
<CANRqB_n7D1wzpsYixJLxWuRiYj5JKHkyYktqMu4-ymNANmZ+dA at mail.gmail.com>
<CANRqB_=dOfKyZH4f2zxiZH-h-amP9EV2vCE4EVXWqL20MaAAGw at mail.gmail.com>
<CANRqB_mmsbtWsGJm+adKutdox52Vimw-yi7oJVC8Aixw4A8+gw at mail.gmail.com>
<CANRqB_mEqvvOW4c+BxLFsHv1hjfwvtYhp42iaNh9ZOuqx9Y21w at mail.gmail.com>
<CANRqB_=yGFDpYZmSqUB2bivu=aG8kEAPpRWd7XbhHe7j2V+s1Q at mail.gmail.com>
<CANRqB_nXBy1KgPh6GqomXFG=iwskdf06h2ZB11DSKkcBvPdTKQ at mail.gmail.com>
<CANRqB_mwLqXSrxzX3HpTBjNSjo=OXSYdnXNo9qAETTXPzD-Mhg at mail.gmail.com>
<CANRqB_ny_kxuhkF7NpLHV6EWuV8-nTYU1BT+gYbiheJUW8aQ=Q at mail.gmail.com>
<CANRqB_kVFXOdLoqVanySpdQGjar-iLT-Mvg7rJU24napwF5aKw at mail.gmail.com> <CANRqB_=eMeWsNSvFsUC8ToiyDVPe9KHTrDweDJkHzKyx+rzsBQ at mail.gmail.com>
In-Reply-To: <CANRqB_=eMeWsNSvFsUC8ToiyDVPe9KHTrDweDJkHzKyx+rzsBQ at mail.gmail.com>
From: "Business Education" <xxx at xxxxxxx.xxx>
Date: Fri, 29 Mar 2019 12:12:36 +0200
X-Gmail-Original-Message-ID: <CANRqB_kYjsK-UGt_YnRqcDgPE0=3ex9w0SVC-bucpn21kTffCg at mail.gmail.com>
Message-ID: <CANRqB_kYjsK-UGt_YnRqcDgPE0=3ex9w0SVC-bucpn21kTffCg at mail.gmail.com>
Subject: =?UTF-8?B?zpXOmc6UzpnOms6XIM6gzqHOn86jzqbOn86hzpEgzpPOmc6RIM6kzpEgMTIwIEFEVkFOQw==?=
=?UTF-8?B?RUQgQ09VUlNFUyDOpM6fzqUgU0JF?=
To: business-education at googlegroups.com
Content-Type: multipart/mixed; boundary="000000000000d0be6e058538e96d"
X-Original-Sender: xxx at xxxxxx.xxx
X-Original-Authentication-Results: gmr-mx.google.com; spf=pass
(google.com: domain of xxx at xxxxx.xxx designates XX.XX.XX.XX as permitted
sender) smtp.mailfrom=xxx at xxxxx.xxx
Reply-To: xxx at xxxxx.xxx
Precedence: list
Mailing-list: list business-education at googlegroups.com; contact business-education+owners at googlegroups.com
List-ID: <business-education.googlegroups.com>
X-Spam-Checked-In-Group: business-education at googlegroups.com
X-Google-Group-Id: 646963186979
List-Post: <https://groups.google.com/group/business-education/post>,
<mailto:business-education at googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:business-education+help at googlegroups.com>
List-Archive: <https://groups.google.com/group/business-education
List-Unsubscribe: <mailto:googlegroups-manage+646963186979+unsubscribe at googlegroups.com>,
<https://groups.google.com/group/business-education/subscribe>
X-XXX-MailScanner-Information: Please contact the ISP for more information
X-XXX-MailScanner-ID: BC40B48E89.AA059
X-XXX-MailScanner: Found to be clean
X-XXX-MailScanner-From: business-education+bncbcgz73fdtyhrblo767sakgqeq2agr3q at googlegroups.com
X-Spam-Status: No
GP
On 3/29/19 1:08 PM, L.P.H. van Belle via MailScanner wrote:
> Can you send me the header info?
>
>
>> -----Oorspronkelijk bericht-----
>> Van: MailScanner
>> [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner.
> info] Namens George Papamichelakis
>> Verzonden: vrijdag 29 maart 2019 12:08
>> Aan: mailscanner at lists.mailscanner.info
>> Onderwerp: Spammer with attachment that bypasses spamassassin
>>
>> Hi all
>>
>>
>> I Have issue with one spammer that due to fact that he includes some
>> pdf file in his email
>>
>> bypasses the blacklist and his email gets delivered to all addresses
>> that he has from the domain.
>>
>> Can I somehow force mailscanner to not bypass this particular sender
>> due to message size ?
>>
>> I use mailscanner 5.0.2 with postfix on a debian machine and
>> mailwatch
>> 1.2.10 web interface.
>>
>>
>> thanks in advance
>>
>> GP
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190329/d7215181/attachment.html>
More information about the MailScanner
mailing list