Spam coming through RSS

1

Hi, lately I'm getting a lot of spam coming through.
Thats one example, but they are all the same just different recipients:

-------------------------------------------------------------------------------

-- EVENT SUMMARY --
Time: 28.01.2012 17:45:59 GMT+0100 Mitteleuropäische Zeit
Sender Email:
Recipient Email: customer-address (I removed the original address)
Related IP: 62.146.33.44
Action: (not available)
Email Subject: [Ates-Spam] - [Ates-Spam] - Ihre Kreditkarte wurde ausgesetzt, weil wir ein Problem festgestellt, auf Ihrem Konto.

-- EVENT MESSAGE --
Email passed checks.

-- EVENT DETAILS --
Filtering Point: On Arrival
Event Class: Pass
Severity: Information
Server: "my-server"
Event Source: SMTPSVC-2
HELO Domain: apofis.udag.de
Message ID:
Log Mode: Verbose
ORF Version: 5.0 "Margherita" DEVBUILD-REV06, DEBUG

-------------------------------------------------------------------------------

Any tipp how I could stop those kind of spam without blacklisting the sending IPs?

Regards
Norbert

by Norbert Fehlauer 7 years ago
2

@Norbert Fehlauer: This seems to be a phishing email and not a spam: are there any URLs in the body? Also, I noticed that something already detected this as spam (see the [Ates-Spam] tag in the subject). Are all email subject tagged liked that? Maybe blacklisting this tag using a Keyword Blacklist entry with a subject scope is the simplest solution...

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)

3

Yes, all those Mails seem to be tagged like that one. I did block the IP as it seems to come just from 2 IPs till now. I'll try to get the body of one of those mails to see if there is any URL inside.

Regards
Norbert

by Norbert Fehlauer 7 years ago
4

Is it ok, to post the content here, or would it be better to send it via mail (where to)?

Regards
Norbert

by Norbert Fehlauer 7 years ago
5

@Norbert Fehlauer: Please email the sample to .

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed