[sanesecurity] Re: Need help with external Spammer
- From: Steffen Ille <steffen@xxxxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Thu, 17 Mar 2011 13:52:28 +0100
Hi Steve.
They've changed something, the Signature doesn't catch it anymore.
230 Mails in 2 Minutes :-(
Attached you'll find such a Mail as example.
Cheers, Steffen
Am 17.03.2011 13:49, schrieb Steffen Ille:
> Hi Steve.
>
> The Signature Sanesecurity.Junk.39242.UNOFFICIAL
> sucessfully catched it. I'va added a line to amavis to score it as Virus
> not Spam. Besides: My postfix tells me, bogusmx.rfc-ignorant.org
> also lists those senders now.
>
> Cheers, Steffen
>
>
> Am 17.03.2011 12:35, schrieb Steve Basford:
>>
>>>
>>> How can I get rid of this? It rapidly fills my boxes.
>>>
>> Hi Steffen,
>>
>> Thanks for the sample... just put out an update on the mirrors, hopefully
>> that should help.
>>
>> Cheers,
>>
>> Steve
>> Sanesecurity
>>
>>
>
Return-Path: <yqnky@xxxxxx>
Delivered-To: steffen@xxxxxxxxxxxxxxx
Received: from localhost (localhost.localdomain [127.0.0.1])
by h1762181.stratoserver.net (Postfix on Debian Sid) with ESMTP id
93514225812E
for <steffen@xxxxxxxxxxxxxxx>; Thu, 17 Mar 2011 13:50:18 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at h1762181.stratoserver.net
X-Spam-Flag: YES
X-Spam-Score: 13.097
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.097 required=5 tests=[BAYES_99=3.5,
RATWARE_MS_HASH=2.148, RATWARE_OUTLOOK_NONAME=2.95,
RCVD_IN_DNSWL_NONE=-0.0001, URIBL_AB_SURBL=4.499] autolearn=no
X-Spam-Report:
* 3.5 BAYES_99 BODY: Spamwahrscheinlichkeit nach Bayes-Test: 99-100%
* [score: 0.9992]
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, low
* trust
* [217.72.192.234 listed in list.dnswl.org]
* 4.5 URIBL_AB_SURBL Enth\344lt URL in AB-Liste (www.surbl.org)
* [URIs: jejavascript.net]
* 3.0 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name)
* found
* 2.1 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found
Received: from h1762181.stratoserver.net ([127.0.0.1])
by localhost (h1762181.stratoserver.net [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id BcFHNiP5q5uQ for <steffen@xxxxxxxxxxxxxxx>;
Thu, 17 Mar 2011 13:50:15 +0100 (CET)
Received: from fmmailgate03.web.de (fmmailgate03.web.de [217.72.192.234])
by h1762181.stratoserver.net (Postfix on Debian Sid) with ESMTP id
D2AD2225811F
for <steffen@xxxxxxxxxxxxxxx>; Thu, 17 Mar 2011 13:50:15 +0100 (CET)
Received: from mx38.web.de ( [172.20.2.145])
by fmmailgate03.web.de (Postfix) with ESMTP id DC5A1189E7099
for <steffen@xxxxxxxxxxxxxxx>; Thu, 17 Mar 2011 13:50:14 +0100 (CET)
Received: from [174.138.198.233] (helo=174-138-198-233.cpe.distributel.net)
by mx38.web.de with esmtp (WEB.DE 4.110 #2)
id 1Q0Cec-00074p-00
for steffenille@xxxxxx; Thu, 17 Mar 2011 13:50:14 +0100
Date: Thu, 17 Mar 2011 08:50:12 -0500
Message-ID: <000a01cbe4a1$dab34380$00424bf8@vgkjxvukveny>
From: "Best Gaming" <yqnky@xxxxxx>
To: <steffenille@xxxxxx>
Subject: ***SPAM*** The best online gaming is here
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-WEBDE-FORWARD: steffenille@xxxxxx -> steffen@xxxxxxxxxxxxxxx
Hi
Please vesit our site to get info about online gaming
http://www.jejavascript.net/
Other related posts:
