Increase of SPAM volume

[phoenix]

You need to give some details of the headers from your 'spam', posting what text is in there doesn't tell us much. You should also post details of what modifications (if any) you've made to improve the anti-spam system (from the wiki articles and forum threads) and you really should upgrade to the most recent release of Zimbra and I mean immediately.

[nrgyz]

Hi all,

I see more and more users complaining about a typical SPAM activity that occurs since early December. I'm very surprised that these messages are successful at defeating numerous anti-SPAM techniques used on our Zimbra server. RBLs are enabled, SpamAssassin too as well as Greylisting. The SPAM comes from domains with good reputation.

My first question is : Anyone else is seeing this? Am I under a targeted attack?
My second question is: Anyone having a suggestion so we could tweak SpamAssassin to increase the spam score for these messages?

Thanks in advance!

Alex


Here is the typical SPAM message we receive :

Code:

I just earned $563 in five days doing simple things online! I went to - Business Week Journal You will thank me!

Code:

I just made $501 in 5 days browsing the internet! It came from - Business Week Journal Dont forget to thank me!

Code:

I just made $609 in a month doing simple things online! I used - Business Week Journal Keep this a secret!

Code:

I racked in $362 in a weekend being on the web! I went to - Business Week Journal friends help friends!

Code:

I just racked $72 in 5 days doing easy things! I went to - Channel 7 News friends help friends!

Code:

I just profited $118 in five days being online! All thanks to - Business Week Journal trust me, you will be happy

[nrgyz]

You'll find attached a copy of those spam

[xeon]

I am seeing these emails slip through as well. I have been just black listing the senders email address which is usually always the same, just does not match the name.

[nrgyz]

Hi,

I've analyzed some of these SPAM messages. They seem to come from a large botnet. They are infecting machines which in turn uses Hotmail and Yahoo MTAs to distribute those SPAM.

Code:

From				X-Originating-IP	Country

demitendolle@hotmail.com	95.181.13.208		Russia
anderton30@hotmail.com		201.165.177.253		Mexico
xuyu8585@hotmail.com		194.146.217.50		Poland
vincentb8@hotmail.fr		203.218.175.13		Hong Kong
rookie_satya613@hotmail.co.jp	95.29.48.169		Russia
saliha156@yahoo.com		151.205.166.204		USA
ecko_red_babe@hotmail.com	98.207.91.234		USA
marinaromano2908@hotmail.com	187.140.93.101		Mexico
deja_voo2005@yahoo.com		115.113.183.2		Australia
fridols@hotmail.com		217.118.93.92		Russia
delphine_bootz@hotmail.com	89.214.162.225		Portugal
manartuh@hotmail.com		92.83.154.175		Romania
angelesnino@hotmail.com		190.137.83.167		Uruguay

SANS ISC also published an article about these particular SPAM
T'is the season to be SPAMMY, trallalalaa la la la laaa

Thanks again!