exim левые письма
exim левые письма
недавно в почтовой очереди начали забиваться странные письма, например
в vestacp заведена почта [email protected], которая перенаправляет письма на [email protected], это просто спам или с моего сервера рассылают спам?
Code: Select all
1dVGhm-0007Yc-UQ-D
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
(ultimately generated from [email protected])
SMTP error from remote mail server after end of data:
host gmail-smtp-in.l.google.com [64.233.191.27]:
550-5.7.1 [1.2.3.4 7] Our system has detected that this message is
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
550-5.7.1 this message has been blocked. Please visit
550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError
550 5.7.1 for more information. q7si2227627itc.102 - gsmtp
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from static.232.158.46.78.clients.your-server.de ([78.46.158.232] helo=mailer-daemon)
by domain.com with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
(Exim 4.82)
(envelope-from <[email protected]>)
id 1dVGhX-0007Uq-OB
for [email protected]; Wed, 12 Jul 2017 15:25:16 +0300
Received: from [179.211.85.36] (helo=b3d35524.virtua.com.br)
by mailer-daemon with smtp (Exim 4.80)
(envelope-from <[email protected]>)
id 1dVGhU-0004IJ-RH
for [email protected]; Wed, 12 Jul 2017 14:25:06 +0200
Message-ID: <[email protected]>
From: "Trudy Kent" <[email protected]>
Subject: Don't slow your life down! Use Viagra Capsules.
To: [email protected]
Date: Wed, 12 Jul 2017 12:17:03 -0100
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="_av-2096603544953141"
X-Spam-Score: 76
X-Spam-Bar: +++++++
X-Spam-Report: Spam detection software, running on the system "domain.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Don't slow your life down! Use Viagra Capsules. = A man can
do more when he uses Viagra Super Active. Buy it in our online store and
become Super Active! = The best price here! *SALE2017 *Use this code and get
ADDITIONAL discount 5% for all our product.* [...]
Content analysis details: (7.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: uploadhouse.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?179.211.85.36>]
0.8 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[179.211.85.36 listed in dnsbl.sorbs.net]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.0 FSL_HELO_NON_FQDN_1 No description available.
0.0 T_HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
2.0 DRUGS_ERECTILE Refers to an erectile drug
X-Spam-Status: Yes
X-ACL-Warn: SpamAssassin detected spam (from [email protected] to [email protected]).
--_av-2096603544953141
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printableRe: exim левые письма
Вам прислали письмо с рекламой Виагры от [email protected] к [email protected] в котором SpamAssassin распознал спам и прихлопнул его.И отослал на почту уведомление об этом.
Текст рекламы Виагры перевести? :)
Текст рекламы Виагры перевести? :)
Re: exim левые письма
спасибо за ответ, переводить текст не надо :-)
как-то можно обезопасить себя от такого спама?
как-то можно обезопасить себя от такого спама?
Re: exim левые письма
вот например еще одно такое письмо
в логах
и
как же так получается?
Code: Select all
1dVMGA-0001sf-DK-D
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
(ultimately generated from [email protected])
SMTP error from remote mail server after end of data:
host gmail-smtp-in.l.google.com [64.233.191.27]:
550-5.7.1 [1.2.3.4 7] Our system has detected that this message is
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
550-5.7.1 this message has been blocked. Please visit
550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError
550 5.7.1 for more information. w194si3124440ith.57 - gsmtp
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from static.232.158.46.78.clients.your-server.de ([78.46.158.232] helo=mailer-daemon)
by domain.com with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
(Exim 4.82)
(envelope-from <[email protected]>)
id 1dVMG8-0001s8-3e
for [email protected]; Wed, 12 Jul 2017 21:21:12 +0300
Received: from [187.181.148.112] (helo=bbb59470.virtua.com.br)
by mailer-daemon with smtp (Exim 4.80)
(envelope-from <[email protected]>)
id 1dVMFy-0006fD-8m
for [email protected]; Wed, 12 Jul 2017 20:21:10 +0200
Message-ID: <578393427940236-ZCRMAEHEGXRCBSCIPKNR@gzhfn.mailman.siteprotect.com>
From: "Tiffany Skinner" <[email protected]>
Subject: Re: Time for immodest proposals. Buy Viagra Soft now!
To: [email protected]
Date: Wed, 12 Jul 2017 22:17:00 +0300
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="_av-7813179968303522"
X-Spam-Score: 87
X-Spam-Bar: ++++++++
X-Spam-Report: Spam detection software, running on the system "domain.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Time for immodest proposals. Buy Viagra Soft now! = No longer
exciting nights? We know how to help with Viagra Super Active at our online
shop! = Click Here To View! *SALE2017 *Use this code and get ADDITIONAL discount
5% for all our product.* [...]
Content analysis details: (8.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: wishing.com.tw]
1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: wishing.com.tw]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.6 DRUG_ED_ONLINE BODY: Fast Viagra Delivery
0.0 HK_RANDOM_ENVFROM Envelope sender username looks random
0.0 FSL_HELO_NON_FQDN_1 No description available.
0.0 T_HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?187.181.148.112>]
0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=zqvzvkwr%40axismg.com;ip=78.46.158.232;r=domain.com]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
2.0 DRUGS_ERECTILE Refers to an erectile drug
X-Spam-Status: Yes
X-ACL-Warn: SpamAssassin detected spam (from [email protected] to [email protected]).
Code: Select all
2017-07-12 21:21:14 1dVMGA-0001sf-DK <= <> R=1dVMG8-0001s8-3e U=Debian-exim P=local S=45948
2017-07-12 21:21:55 1dVMGA-0001sf-DK ** [email protected] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[email protected]>: host mail.axismg.com [23.239.15.169]: 550 No such person at this address"Code: Select all
1dVMGA-0001sf-DK <> *** frozen ***Re: exim левые письма
Застрелить всех спамеров :)Garcia wrote:как-то можно обезопасить себя от такого спама?