Discussion:
spam-emails
Ejaz
2013-11-04 13:07:43 UTC
Permalink
How can I block spam messages, below is the header of one of the spam
message. So many such emails I am receiving and I wanted to control it.



My setups are redhat/mailscanner/postfix/clamav/spamassassin.



Any help would be highly appreciated.








Received: from mail9.atl51.rsgsv.net (mail9.atl51.rsgsv.net [205.201.135.9])
by mailgate5.cyberia.net.sa (Postfix) with ESMTP id 2F353A48C42
for <imad at cyberia.net.sa>; Mon, 4 Nov 2013 15:47:21 +0300 (AST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1;
d=mail9.atl51.rsgsv.net;
h=Subject:From:Reply-To:To:Date:Message-ID:List-Unsubscribe:Sender:Content-T
ype:MIME-Version; i=e.mar=3Dksa-courses.com at mail9.atl51.rsgsv.net;
bh=5HHALciK6EJmpLR92xc+LiuVads=;
b=eOxxPdNKA1rrRjKNOvYp6lT1p2VkSnBqwdmJ+sZCLROasZpQiL3E7XPlVfvfjBEwSi0BH4wryD
rp
ZUUHy38sV/AfyZWZd6uZbnSaHRG9xSMRzymqr6z6MtHWeOYva92QZeal06+qdKE6aYkkMmUF64er
CcuENRoqgeC2jMNbAEw=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1;
d=mail9.atl51.rsgsv.net;
b=Ylftdm7BoX2FUEStpAbT9ovOEikSGMSDiMpFi4Jzt2MljFiDe3RbD1WrNdbaWfPPJ8rjYGzo3U
m2
rt3oCsok7K33L0wEOAYf7ER9ep67R4oWWqIJzS3fuf20Ofn9j/2Y9cOHuXmFtxVuNdkerxUlONfr
54v8oQ1DYTFir7rcCKs=;
Received: from (127.0.0.1) by mail9.atl51.rsgsv.net id heuc0c1mr1ok for
<imad at cyberia.net.sa>; Mon, 4 Nov 2013 12:50:04 +0000 (envelope-from
<bounce-mc.us5_12541283.364189-imad=cyberia.net.sa at mail9.atl51.rsgsv.net>)
Subject: =?utf-8?Q?Development=20managerial=20and=20supervisory=20skill?=
From: =?utf-8?Q?Integrated=20for=20Training?= <e.mar at ksa-courses.com>
Reply-To: =?utf-8?Q?Integrated=20for=20Training?= <e.mar at ksa-courses.com>
To: =?utf-8?Q??= <imad at cyberia.net.sa>
Date: Mon, 4 Nov 2013 12:50:04 +0000
Message-ID:
<8766c1f2ecb17c88da70599b73dc3f41543.20131104124906 at mail9.atl51.rsgsv.net>
X-Mailer: MailChimp Mailer - **CIDd31b95ad2d3dc3f41543**
X-Campaign: mailchimp8766c1f2ecb17c88da70599b7.d31b95ad2d
X-campaignid: mailchimp8766c1f2ecb17c88da70599b7.d31b95ad2d
X-Report-Abuse: Please report abuse for this campaign here:
http://www.mailchimp.com/abuse/abuse.phtml?u=8766c1f2ecb17c88da70599b7&id=d3
1b95ad2d&e=3dc3f41543
X-MC-User: 8766c1f2ecb17c88da70599b7
x-accounttype: pd
List-Unsubscribe:
<mailto:unsubscribe-8766c1f2ecb17c88da70599b7-d31b95ad2d-3dc3f41543 at mailin1.
us2.mcsv.net?subject=unsubscribe>,
<http://itc.us5.list-manage.com/unsubscribe?u=8766c1f2ecb17c88da70599b7&id=f
8000d1db1&e=3dc3f41543&c=d31b95ad2d>
Sender: "Integrated for Training"
<e.mar=ksa-courses.com at mail9.atl51.rsgsv.net>
x-mcda: FALSE
Content-Type: multipart/alternative;
boundary="_----------=_MCPart_950342113"
MIME-Version: 1.0





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20131104/b34e50fb/attachment.html
Steve Freegard
2013-11-04 13:43:13 UTC
Permalink
Post by Ejaz
How can I block spam messages, below is the header of one of the spam
message. So many such emails I am receiving and I wanted to control it.
Received: from mail9.atl51.rsgsv.net (mail9.atl51.rsgsv.net [205.201.135.9])
by mailgate5.cyberia.net.sa (Postfix) with ESMTP id 2F353A48C42
for <imad at cyberia.net.sa>; Mon, 4 Nov 2013 15:47:21 +0300 (AST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1;
d=mail9.atl51.rsgsv.net;
h=Subject:From:Reply-To:To:Date:Message-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version;
i=e.mar=3Dksa-courses.com at mail9.atl51.rsgsv.net;
bh=5HHALciK6EJmpLR92xc+LiuVads=;
b=eOxxPdNKA1rrRjKNOvYp6lT1p2VkSnBqwdmJ+sZCLROasZpQiL3E7XPlVfvfjBEwSi0BH4wryDrp
ZUUHy38sV/AfyZWZd6uZbnSaHRG9xSMRzymqr6z6MtHWeOYva92QZeal06+qdKE6aYkkMmUF64er
CcuENRoqgeC2jMNbAEw=
<mailto:unsubscribe-8766c1f2ecb17c88da70599b7-d31b95ad2d-3dc3f41543 at mailin1.us2.mcsv.net?subject=unsubscribe>,
<http://itc.us5.list-manage.com/unsubscribe?u=8766c1f2ecb17c88da70599b7&id=f8000d1db1&e=3dc3f41543&c=d31b95ad2d>
Sender: "Integrated for Training"
<e.mar=ksa-courses.com at mail9.atl51.rsgsv.net>
This message is a genuine e-mail from MailChimp (one of the better ESPs).

I suggest you use the unsubscribe mechanism rather than trying to write
rules to block this.

http://itc.us5.list-manage.com/unsubscribe?u=8766c1f2ecb17c88da70599b7&id=f8000d1db1&e=3dc3f41543&c=d31b95ad2d

Regards,
Steve.
mejaz
2013-11-04 15:26:48 UTC
Permalink
Thanks for your help. here is another one it should have blocked it by
mailscanner/spamassasin but it accepted. and send to user inbox with spam
tag only

here is the header.

eturn-Path: <preferringinference at creativecommons.org>
Received: from mailgate5.cyberia.net.sa ([212.119.64.173] verified)
by fmbx02.cyberia.net.sa (CommuniGate Pro SMTP 6.0.5)
? with ESMTP id 6486307 for imad at cyberia.net.sa; Mon, 04 Nov 2013 15:05:57
+0300
Received: from _SharXan_ (unknown [109.254.184.24])
by mailgate5.cyberia.net.sa (Postfix) with SMTP id 4A78BA40364
for <imad at cyberia.net.sa>; Mon, ?4 Nov 2013 15:05:12 +0300 (AST)
Received: (qmail 2739 by uid 199); Mon, 4 Nov 2013 12:08:06 -0300
From: "Free trial sample enlargement"
<preferringinference at creativecommons.org>
To: <imad at cyberia.net.sa>
Subject: {Spam?} New genetical engineering breakthrough published
Date: Mon, 4 Nov 2013 11:37:13 -0300
Message-ID: <000301ced96f$a9989730$fcc9c590$@com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0066_01CED96F.A9989730"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcjmY7DS5mKb/xHlZVm6OhpABGdjSw==
Content-Language: en-us
X--MailScanner-Information: Please contact the ISP for more information
X--MailScanner-ID: 4A78BA40364.A3D8C
X--MailScanner: Found to be clean
X--MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=7.385,
required 6, BAYES_60 1.50, FSL_HELO_NON_FQDN_1 0.00,
HTML_MESSAGE 0.00, RCVD_IN_BRBL_LASTEXT 1.45, RDNS_NONE 0.79,
SPF_SOFTFAIL 0.67, TVD_SPACE_RATIO 0.00, URIBL_BLACK 1.73,
URIBL_JP_SURBL 1.25)
X--MailScanner-SpamScore: sssssss
X--MailScanner-From: preferringinference at creativecommons.org
X-Spam-Status: Yes

This is a multipart message in MIME format.

------=_NextPart_000_0066_01CED96F.A9989730
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

Christina Aguilera undressed
http://affiliateathomereview.com/magistrateimpeller/


--?
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


------=_NextPart_000_0066_01CED96F.A9989730
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns=
:odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-micro=
soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc=3D"http://m=
icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://=
schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share=
point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel=
/2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" xmlns:ois=
=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir=3D"http://=
schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3=
.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint=
/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc" xmlns:xsd=3D"http=
://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha=
repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"=
?xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xmlns:sps=3D"http://=
schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001=
/XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so=
ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udc=
p2p=3D"http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf=3D"http:/=
/schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche=
mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi=
crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat=
s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf=
ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c=
om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa=
ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web=
partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/20=
06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/200=
6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/Sli=
deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortal=
Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:=
st=3D"=01" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii">


<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
?/* Font Definitions */
?@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
?/* Style Definitions */
?p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
?<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" ></o:shapedefaults>
</xml><![endif]--><!--[if gte mso 9]><xml>
?<o:shapelayout v:ext=3D"edit">
? <o:idmap v:ext=3D"edit" data=3D"1" ></o:idmap>
?</o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><o:p>Christina Aguilera undressed</o:p></p>
<p class=3DMsoNormal><o:p><a href=3D"http://affiliateathomereview.com/magis=
trateimpeller/">http://affiliateathomereview.com/magistrateimpeller/</a></o=
:p></p>

</div>

<br />--=20
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href=3D"http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body>

</html>

------=_NextPart_000_0066_01CED96F.A9989730--












On Mon, 04 Nov 2013 13:43:13 +0000
Post by Steve Freegard
Post by Ejaz
How can I block spam messages, below is the header of one of the spam
message. So many such emails I am receiving and I wanted to control it.
Received: from mail9.atl51.rsgsv.net (mail9.atl51.rsgsv.net
[205.201.135.9])
by mailgate5.cyberia.net.sa (Postfix) with ESMTP id 2F353A48C42
for <imad at cyberia.net.sa>; Mon, 4 Nov 2013 15:47:21 +0300 (AST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1;
d=mail9.atl51.rsgsv.net;
h=Subject:From:Reply-To:To:Date:Message-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version;
i=e.mar=3Dksa-courses.com at mail9.atl51.rsgsv.net;
bh=5HHALciK6EJmpLR92xc+LiuVads=;
b=eOxxPdNKA1rrRjKNOvYp6lT1p2VkSnBqwdmJ+sZCLROasZpQiL3E7XPlVfvfjBEwSi0BH4wryDrp
ZUUHy38sV/AfyZWZd6uZbnSaHRG9xSMRzymqr6z6MtHWeOYva92QZeal06+qdKE6aYkkMmUF64er
CcuENRoqgeC2jMNbAEw=
<mailto:unsubscribe-8766c1f2ecb17c88da70599b7-d31b95ad2d-3dc3f41543 at mailin1.us2.mcsv.net?subject=unsubscribe>,
<http://itc.us5.list-manage.com/unsubscribe?u=8766c1f2ecb17c88da70599b7&id=f8000d1db1&e=3dc3f41543&c=d31b95ad2d>
Sender: "Integrated for Training"
<e.mar=ksa-courses.com at mail9.atl51.rsgsv.net>
This message is a genuine e-mail from MailChimp (one of the better ESPs).
I suggest you use the unsubscribe mechanism rather than trying to write
rules to block this.
http://itc.us5.list-manage.com/unsubscribe?u=8766c1f2ecb17c88da70599b7&id=f8000d1db1&e=3dc3f41543&c=d31b95ad2d
Regards,
Steve.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Steve Freegard
2013-11-04 16:20:15 UTC
Permalink
Post by mejaz
Thanks for your help. here is another one it should have blocked it by
mailscanner/spamassasin but it accepted. and send to user inbox with spam
tag only
here is the header.
X--MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=7.385,
required 6, BAYES_60 1.50, FSL_HELO_NON_FQDN_1 0.00,
HTML_MESSAGE 0.00, RCVD_IN_BRBL_LASTEXT 1.45, RDNS_NONE 0.79,
SPF_SOFTFAIL 0.67, TVD_SPACE_RATIO 0.00, URIBL_BLACK 1.73,
URIBL_JP_SURBL 1.25)
SpamAssassin considered that this message was spam. It's your
configured Spam Actions that delivered the message to the mailbox tagged.

You can either:

1) Change the Spam Actions to 'store' and put messages considered to be
spam in the quarantine.

2) Increase the scores of the pertinent tests to make these spams high
scoring (e.g. URIBL_*)

3) You could add some extra software and reject this at the SMTP stage
(as it contained blacklisted URIs).

Regards,
Steve.

Loading...