Spam coming through - ORF Forums

Spam coming through RSS Back to forum

1

Hi, lately I'm getting a lot of spam coming through.
Thats one example, but they are all the same just different recipients:

-------------------------------------------------------------------------------

-- EVENT SUMMARY --
Time: 28.01.2012 17:45:59 GMT+0100 Mitteleuropäische Zeit
Sender Email:
Recipient Email: customer-address (I removed the original address)
Related IP: 62.146.33.44
Action: (not available)
Email Subject: [Ates-Spam] - [Ates-Spam] - Ihre Kreditkarte wurde ausgesetzt, weil wir ein Problem festgestellt, auf Ihrem Konto.

-- EVENT MESSAGE --
Email passed checks.

-- EVENT DETAILS --
Filtering Point: On Arrival
Event Class: Pass
Severity: Information
Server: "my-server"
Event Source: SMTPSVC-2
HELO Domain: apofis.udag.de
Message ID:
Log Mode: Verbose
ORF Version: 5.0 "Margherita" DEVBUILD-REV06, DEBUG

-------------------------------------------------------------------------------

Any tipp how I could stop those kind of spam without blacklisting the sending IPs?

Regards
Norbert

by Norbert Fehlauer 7 years ago
2

@Norbert Fehlauer: This seems to be a phishing email and not a spam: are there any URLs in the body? Also, I noticed that something already detected this as spam (see the [Ates-Spam] tag in the subject). Are all email subject tagged liked that? Maybe blacklisting this tag using a Keyword Blacklist entry with a subject scope is the simplest solution...

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)

3

Yes, all those Mails seem to be tagged like that one. I did block the IP as it seems to come just from 2 IPs till now. I'll try to get the body of one of those mails to see if there is any URL inside.

Regards
Norbert

by Norbert Fehlauer 7 years ago
4

Is it ok, to post the content here, or would it be better to send it via mail (where to)?

Regards
Norbert

by Norbert Fehlauer 7 years ago
5

@Norbert Fehlauer: Please email the sample to .

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2