Page 4 of 4 FirstFirst ... 234
Results 31 to 36 of 36

Thread: [SOLVED] increase of spam

  1. #31
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    This is a email i sent from my hotmail to my zimbra accout with the test signature

    Return-Path: xxxx@hotmail.com
    Received: from mail.redballinternet.com (LHLO mail.redballinternet.com)
    (142.166.48.148) by mail.redballinternet.com with LMTP; Wed, 23 Jun 2010
    11:27:52 -0300 (ADT)
    Received: from localhost (localhost [127.0.0.1])
    by mail.redballinternet.com (Postfix) with ESMTP id EF28E2DC005
    for <prhebert@redballinternet.com>; Wed, 23 Jun 2010 11:27:51 -0300 (ADT)
    X-Virus-Scanned: amavisd-new at mail.redballinternet.com
    X-Spam-Flag: NO
    X-Spam-Score: 0.834
    X-Spam-Level:
    X-Spam-Status: No, score=0.834 tagged_above=-10 required=5.6
    tests=[AV:Sanesecurity.TestSig_Type4_Bdy.3.UNOFFICIAL=0, AWL=-1.286,
    BAYES_00=-2.599, CLAM_SS=2.5, HTML_MESSAGE=0.001, SPF_PASS=-0.001,
    TVD_SPACE_RATIO=2.219] autolearn=no
    Received: from mail.redballinternet.com ([127.0.0.1])
    by localhost (mail.redballinternet.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id jl4-99JdSYmY for <prhebert@redballinternet.com>;
    Wed, 23 Jun 2010 11:27:50 -0300 (ADT)
    Received: from snt0-omc4-s16.snt0.hotmail.com (snt0-omc4-s16.snt0.hotmail.com [65.55.90.219])
    by mail.redballinternet.com (Postfix) with ESMTP id BA90C2DC004
    for <prhebert@redballinternet.com>; Wed, 23 Jun 2010 11:27:50 -0300 (ADT)
    Received: from SNT103-W23 ([65.55.90.200]) by snt0-omc4-s16.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
    Wed, 23 Jun 2010 07:30:32 -0700
    Message-ID: <SNT103-W23E56466A727717EE2C199B0C50@phx.gbl>
    Content-Type: multipart/alternative;
    boundary="_dbac62a0-22f1-4ba8-857d-cac63ef057de_"
    X-Originating-IP: [142.166.111.182]
    From: Paul-Rene Hebert <xxxx@hotmail.com>
    To: <prhebert@redballinternet.com>
    Subject: test
    Date: Wed, 23 Jun 2010 11:30:32 -0300
    Importance: Normal
    MIME-Version: 1.0
    X-OriginalArrivalTime: 23 Jun 2010 14:30:32.0291 (UTC) FILETIME=[A2C3DB30:01CB12E0]

    --_dbac62a0-22f1-4ba8-857d-cac63ef057de_
    Content-Type: text/plain; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable


    body_rrg63Uhj2UCyECcruX7D83A4qd5UA5vnlgwJp6b6fmPZ0 ajdjkwjnSSDfsdfsdfnwerd =
    =

    --_dbac62a0-22f1-4ba8-857d-cac63ef057de_
    Content-Type: text/html; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

    ***************

    and this is the log file

    Jun 23 11:27:50 mail postfix/smtpd[1632]: connect from snt0-omc4-s16.snt0.hotmail.com[65.55.90.219] Jun 23 11:27:50 mail postfix/smtpd[1632]: BA90C2DC004: client=snt0-omc4-s16.snt0.hotmail.com[65.55.90.219] Jun 23 11:27:50 mail postfix/cleanup[1636]: BA90C2DC004: message-id=<SNT103-W23E56466A727717EE2C199B0C50@phx.gbl> Jun 23 11:27:50 mail postfix/qmgr[12190]: BA90C2DC004: from=<justcallmeplurnay@hotmail.com>, size=1660, nrcpt=1 (queue active)
    Jun 23 11:27:50 mail amavis[24049]: (24049-14) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20100623T085725-24049: <justcallmeplurnay@hotmail.com> -> <prhebert@redballinterne$Jun 23 11:27:50 mail amavis[24049]: (24049-14) Checking: jl4-99JdSYmY [65.55.90.219] <justcallmeplurnay@hotmail.com> -> <prhebert@redballinternet.com> Jun 23 11:27:50 mail amavis[24049]: (24049-14) p003 1 Content-Type: multipart/alternative Jun 23 11:27:50 mail amavis[24049]: (24049-14) p001 1/1 Content-Type: text/plain, size: 86 B, name: Jun 23 11:27:50 mail amavis[24049]: (24049-14) p002 1/2 Content-Type: text/html, size: 355 B, name: Jun 23 11:27:50 mail postfix/smtpd[1632]: disconnect from snt0-omc4-s16.snt0.hotmail.com[65.55.90.219] Jun 23 11:27:50 mail clamd[10919]: /opt/zimbra/data/amavisd/tmp/amavis-20100623T085725-24049/parts/p004: Sanesecurity.TestSig_Type4_Bdy.3.UNOFFICIAL FOUND
    Jun 23 11:27:50 mail amavis[24049]: (24049-14) run_av (ClamAV-clamd): /opt/zimbra/data/amavisd/tmp/amavis-20100623T085725-24049/parts INFECTED: Sanesecurity.TestSig_Type4_Bdy.3.U$Jun 23 11:27:50 mail amavis[24049]: (24049-14) Turning AV infection into a spam report: score=0, AV:Sanesecurity.TestSig_Type4_Bdy.3.UNOFFICIAL=0
    Jun 23 11:27:51 mail amavis[24049]: (24049-14) SPAM-TAG, <justcallmeplurnay@hotmail.com> -> <prhebert@redballinternet.com>, No, score=0.834 tagged_above=-10 required=5.6 tests=[A$Jun 23 11:27:51 mail postfix/smtpd[28651]: connect from localhost[127.0.0.1] Jun 23 11:27:51 mail postfix/smtpd[28651]: EF28E2DC005: client=localhost[127.0.0.1] Jun 23 11:27:51 mail postfix/cleanup[1636]: EF28E2DC005: message-id=<SNT103-W23E56466A727717EE2C199B0C50@phx.gbl> Jun 23 11:27:51 mail postfix/smtpd[28651]: disconnect from localhost[127.0.0.1] Jun 23 11:27:51 mail postfix/qmgr[12190]: EF28E2DC005: from=<justcallmeplurnay@hotmail.com>, size=2444, nrcpt=1 (queue active)
    Jun 23 11:27:51 mail amavis[24049]: (24049-14) FWD via SMTP: <justcallmeplurnay@hotmail.com> -> <prhebert@redballinternet.com>,BODY=7BIT 250 2.0.0 Ok, id=24049-14, from MTA([127.$
    Jun 23 11:27:52 mail amavis[24049]: (24049-14) Passed CLEAN, [65.55.90.219] [65.55.90.200] <justcallmeplurnay@hotmail.com> -> <prhebert@redballinternet.com>, Message-ID: <SNT103-$
    Jun 23 11:27:52 mail postfix/smtp[1637]: BA90C2DC004: to=<prhebert@redballinternet.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.3, delays=0.21/0/0/1.1, dsn=2.0.0, status=sent $Jun 23 11:27:52 mail postfix/qmgr[12190]: BA90C2DC004: removed
    Jun 23 11:27:52 mail amavis[24049]: (24049-14) TIMING [total 1093 ms] - SMTP greeting: 1 (0%)0, SMTP EHLO: 0 (0%)0, SMTP pre-MAIL: 0 (0%)0, lookup_ldap: 5 (0%)1, SMTP pre-DATA-fl$
    Jun 23 11:27:52 mail postfix/lmtp[1640]: EF28E2DC005: to=<prhebert@redballinternet.com>, relay=mail.redballinternet.com[142.166.48.148]:7025, delay=0.12, delays=0.02/0.01/0.03/0.$Jun 23 11:27:52 mail postfix/qmgr[12190]: EF28E2DC005: removed Jun 23 11:28:05 mail zmmailboxdmgr[2689]: status requested Jun 23 11:28:05 mail zmmailboxdmgr[2689]: status OK Jun 23 11:28:10 mail zmmailboxdmgr[3077]: status requested Jun 23 11:28:10 mail zmmailboxdmgr[3077]: status OK Jun 23 11:28:10 mail zmmailboxdmgr[3139]: status requested Jun 23 11:28:10 mail zmmailboxdmgr[3139]: status OK

  2. #32
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    It is working
    Code:
    CLAM_SS=2.5
    The entries in salocal.cf.in define what score should be given when a virus is received.

  3. #33
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    Oh! your are right... it is working cool!!!

    Thanks again for all your help...
    we have seen a significant drop in spam

    I suggest to add those signatures to anyone who are having problem with spam

  4. #34
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    I try to grep things like

    RCVD_IN_SPAMRATS_NOPTR
    RCVD_IN_JMF_BR
    RCVD_IN_SEMBACKSCATTER
    RCVD_IN_SEMBLACK
    SEM_URI
    SEM_URIRED
    SEM_FRESH
    RCVD_IN_NIX_SPAM

    in my zimbra.log...
    and nothing is comming up???

    are they just rare or its not working...
    All I did is to add them to salocal.cf.in is there something else I have to do

  5. #35
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    can anyone helped me on this one?

  6. #36
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    They will only appear if a IP address has been listed on the associated RBL. By checking in /var/log/zimbra.log you will see what is being hit.

Page 4 of 4 FirstFirst ... 234

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Huge increase in SPAM
    By padraig in forum Administrators
    Replies: 4
    Last Post: 06-22-2010, 07:12 AM
  2. zen.spamhaus.org SPAM increase
    By andremta in forum Administrators
    Replies: 1
    Last Post: 03-03-2010, 06:02 AM
  3. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 10:54 PM
  4. Recent spam increase & greylisting
    By grunty in forum Administrators
    Replies: 0
    Last Post: 04-18-2008, 02:37 AM
  5. Increase spam filtrering
    By timothyalangorman in forum Administrators
    Replies: 0
    Last Post: 11-28-2007, 01:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •