store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Jul 22, 2014 9:29 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Spam problem 'email from lauren'
Unread postPosted: Tue Dec 14, 2010 5:00 pm 
Offline
Forum User
Forum User

Joined: Thu Nov 22, 2007 11:24 am
Posts: 14
I hope someone can help me with this email spam problem I and a few domains on my server have been getting over the past week. The e-mail is pretty much the same everytime bar the subject or email address in the body changing. The email looks like its sent to and from me (or whoever the receipient is). I have banned the sending e-mail domain and ip address but within a few hours (literally!) another comes from a different domain or ip address.

Is it possible, (and if so how?) to create a rule that blocks this email - maybe by body message?. It also comes with a gif attachment of a woman. The attachment number seems to increase everytime I've had the email up to 98892 - the first I received was 60543.

I'm on Plesk 9.5.3, and CentOS5. Spam assassin installed. Not sure what other information someone would need to help.

Quote:
DomainKey-Status: no signature
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on new.<mydomain>.com
X-Spam-Level: **
X-Spam-Status: No, score=2.3 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET,
RDNS_NONE,UNPARSEABLE_RELAY autolearn=no version=3.2.5
Received: (qmail 3846 invoked by uid 110); 14 Dec 2010 19:55:36 +0000
Delivered-To: 3-hello@<mydomain>.com
DomainKey-Status: no signature
Received: (qmail 3832 invoked from network); 14 Dec 2010 19:55:33 +0000
Received-SPF: none (no valid SPF record)
Received: from unknown (HELO ?79.135.200.152?) (79.135.200.152)
by <mydomain.com> with SMTP; 14 Dec 2010 19:55:32 +0000
Received: from 79.135.200.152 (account 000117u4508e865@fukuimegane.co.jp HELO psxftdarpskjofe.pohky.su)
by (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 099000115 for hello@<mydomain>.com; Tue, 14 Dec 2010 22:55:24 +0300
Date: Tue, 14 Dec 2010 22:55:24 +0300
From: <hello@<mydomain>.com>
X-Mailer: The Bat! (v3.71.04) Home
X-Priority: 3 (Normal)
Message-ID: <5048273845.79I3QA33963104@odkntggob.msqtfompjjxlv.info>
To: <hello@<mydomain>.com>
Subject: hi
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------9FB49266C32D45"

------------9FB49266C32D45
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 7bit


Quote:
Hello , i am Lauren,

I found your email in my friends list,
i think we talked some time at the one of social networks or not.
So i will remind you a little bit about me, i live in USA , Atlanta, GA.
I love to travel, visit new places, new countries. I am planning to visit UK once again,
that is why i am looking for friends here, it is always more interesting to travel
and to have good time together then alone.
So if you live in UK and you are single i will wait your email.
I am not interested in correspondence if you are married or have a girlfriend.

My e-mail is: sweet@laurenkisses.com

I hope to get your answer and of course i want to see your photo.
Have a good day
Kisses

Lauren


Many thanks
Chris.


Top
 Profile  
 
 Post subject: Re: Spam problem 'email from lauren'
Unread postPosted: Tue Dec 14, 2010 5:30 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7861
Location: earth
I see that one is found by RCVD_IN_BL_SPAMCOP_NET, you could increase the score for that in your spamassassin config to mark that up higher (say +100 :P)


Top
 Profile  
 
 Post subject: Re: Spam problem 'email from lauren'
Unread postPosted: Tue Dec 14, 2010 5:41 pm 
Offline
Forum User
Forum User

Joined: Thu Nov 22, 2007 11:24 am
Posts: 14
I didnt know it told you what it failed on , nice one thanks ! :)

Do you have an idea which cf file RCVD_IN_BL_SPAMCOP_NET might live in? I know I could create a new file, but I guess it could be overwritten if its defined somewhere else? :s


Top
 Profile  
 
 Post subject: Re: Spam problem 'email from lauren'
Unread postPosted: Tue Dec 14, 2010 5:46 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7861
Location: earth
You can just add a .cf file to /etc/mail/spamassassin/. Heres an example of one I use:

[root@www6 ~]# cat /etc/mail/spamassassin/local.cf
required_hits 4
score RCVD_IN_BL_SPAMCOP_NET 100.0
score RCVD_IN_BL_ZEN 100.0
ok_languages en
ok_locales en


Top
 Profile  
 
 Post subject: Re: Spam problem 'email from lauren'
Unread postPosted: Tue Dec 14, 2010 5:48 pm 
Offline
Forum User
Forum User

Joined: Thu Nov 22, 2007 11:24 am
Posts: 14
Brill !! That will keep the wife happy :lol:

Thanks a lot !!

Chris.


Top
 Profile  
 
 Post subject: Re: Spam problem 'email from lauren'
Unread postPosted: Wed Dec 15, 2010 11:08 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 770
Location: Sweden
Or try out spamdyke. Spamdyke has a function in the latest version for blocking mail sent to the from address.


Top
 Profile  
 
 Post subject: Re: Spam problem 'email from lauren'
Unread postPosted: Wed Dec 15, 2010 2:34 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7861
Location: earth
One advantage to doing this in spamassassin this way is that it will help train your bayes db with a known (spamcop) source of spam.


Top
 Profile  
 
 Post subject: Re: Spam problem 'email from lauren'
Unread postPosted: Wed Dec 15, 2010 7:31 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2017
This is hilarious -- I'm getting exactly the same emails.

I have to say I've seen a massive general rise in spam over the last few days.

Also ProFTP vulnerability attacks from loads of different IPs at once, plus various other things.

Looks like a botnet has turned its attention to us. Hmmm.....

Faris.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: Spam problem 'email from lauren'
Unread postPosted: Wed Dec 15, 2010 10:04 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7861
Location: earth
Try that training trick in spamassassin, its a great auto-learning trick


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group