users receiving a lot of Porno emails
users receiving a lot of Porno emails
emails seem to get through to the user
Noticed a spam core of -1.97 to -3 on some of these !
Have asked user to forward me these emails and couple of them were picked up by EFA .... on the same spamfilter but different domain!
Any ideas welcome
Noticed a spam core of -1.97 to -3 on some of these !
Have asked user to forward me these emails and couple of them were picked up by EFA .... on the same spamfilter but different domain!
Any ideas welcome
Re: users receiving a lot of Porno emails
unless we can see the headers and scores these emails have received we can't say much.
Please ask that user to forward you the emails which slipped through as attachments so you can see the original headers as he received them.
Please ask that user to forward you the emails which slipped through as attachments so you can see the original headers as he received them.
Re: users receiving a lot of Porno emails
Does any of this help.
I released this from the EFA - to my email address. This one came through as clean..
(I've replaced the domains)
This one had a spamassain score of 2.41
Return-path: <postmaster@efadomain.com>
Received: from mwall2.efadomain.com ([::ffff:192.168.1.57])
by mail.efadomain.com with ESMTP; Thu, 21 Jul 2016 06:45:36 +0100
Received: by mwall2.efadomain.com (Postfix, from userid 48)
id EE6B080079; Thu, 21 Jul 2016 06:45:33 +0100 (BST)
X-Greylist: greylisting inactive for james@mydomain.co.uk in SQLgrey-1.8.0
Received: from h2077322.stratoserver.net (h2077322.stratoserver.net [85.214.227.48])
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mwall2.efadomain.com (Postfix) with ESMTPS id DDE1E8005A
for <james@mydomain.co.uk>; Wed, 20 Jul 2016 23:36:32 +0100 (BST)
Received: from u2077322 by h2077322.stratoserver.net with local (Exim 4.85)
(envelope-from <jessica_barnett@40rocks.de>)
id 1bQ06S-0008R9-3Q
for james@mydomain.co.uk; Thu, 21 Jul 2016 00:36:32 +0200
To: james@mydomain.co.uk
Subject: Hot Indian Pussy 42
Date: Thu, 21 Jul 2016 00:36:32 +0200
From: Jessica Barnett <jessica_barnett@40rocks.de>
Message-ID: <d3d2f6fd95c83cba59d42155414ec0b7@40rocks.de>
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_d3d2f6fd95c83cba59d42155414ec0b7"
Content-Transfer-Encoding: 8bit
X-efadomain-MailScanner-EFA-Information: Please contact admin@efadomain.com for more information
X-efadomain-MailScanner-EFA-ID: EE6B080079.A5F9D
X-efadomain-MailScanner-EFA: Found to be clean
X-efadomain-MailScanner-EFA-From: postmaster@efadomain.com
X-efadomain-MailScanner-EFA-Watermark: 1469684735.87222@2T6wxAcRerlGco53PlP+hw
X-Spam-Status: No
--b1_d3d2f6fd95c83cba59d42155414ec0b7
Content-Type: text/plain; charset=us-ascii
Office slut Lily Paige is poked on computer desk [ http://mohantarneja.com/file.php?a=111& ... Gg&5=zyS9N ] Find the video here.
--b1_d3d2f6fd95c83cba59d42155414ec0b7
Content-Type: text/html; charset=us-ascii
<html>
<body>
<div style="font-family:Arial,sans-serif;color:#000000;font-size:14px;">
Office slut Lily Paige is poked on computer desk <a href="http://mohantarneja.com/file.php?a=111& ... yS9N">Find the video here.</a>
</div>
</body>
</html>
--b1_d3d2f6fd95c83cba59d42155414ec0b7--
I released this from the EFA - to my email address. This one came through as clean..
(I've replaced the domains)
This one had a spamassain score of 2.41
Return-path: <postmaster@efadomain.com>
Received: from mwall2.efadomain.com ([::ffff:192.168.1.57])
by mail.efadomain.com with ESMTP; Thu, 21 Jul 2016 06:45:36 +0100
Received: by mwall2.efadomain.com (Postfix, from userid 48)
id EE6B080079; Thu, 21 Jul 2016 06:45:33 +0100 (BST)
X-Greylist: greylisting inactive for james@mydomain.co.uk in SQLgrey-1.8.0
Received: from h2077322.stratoserver.net (h2077322.stratoserver.net [85.214.227.48])
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mwall2.efadomain.com (Postfix) with ESMTPS id DDE1E8005A
for <james@mydomain.co.uk>; Wed, 20 Jul 2016 23:36:32 +0100 (BST)
Received: from u2077322 by h2077322.stratoserver.net with local (Exim 4.85)
(envelope-from <jessica_barnett@40rocks.de>)
id 1bQ06S-0008R9-3Q
for james@mydomain.co.uk; Thu, 21 Jul 2016 00:36:32 +0200
To: james@mydomain.co.uk
Subject: Hot Indian Pussy 42
Date: Thu, 21 Jul 2016 00:36:32 +0200
From: Jessica Barnett <jessica_barnett@40rocks.de>
Message-ID: <d3d2f6fd95c83cba59d42155414ec0b7@40rocks.de>
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_d3d2f6fd95c83cba59d42155414ec0b7"
Content-Transfer-Encoding: 8bit
X-efadomain-MailScanner-EFA-Information: Please contact admin@efadomain.com for more information
X-efadomain-MailScanner-EFA-ID: EE6B080079.A5F9D
X-efadomain-MailScanner-EFA: Found to be clean
X-efadomain-MailScanner-EFA-From: postmaster@efadomain.com
X-efadomain-MailScanner-EFA-Watermark: 1469684735.87222@2T6wxAcRerlGco53PlP+hw
X-Spam-Status: No
--b1_d3d2f6fd95c83cba59d42155414ec0b7
Content-Type: text/plain; charset=us-ascii
Office slut Lily Paige is poked on computer desk [ http://mohantarneja.com/file.php?a=111& ... Gg&5=zyS9N ] Find the video here.
--b1_d3d2f6fd95c83cba59d42155414ec0b7
Content-Type: text/html; charset=us-ascii
<html>
<body>
<div style="font-family:Arial,sans-serif;color:#000000;font-size:14px;">
Office slut Lily Paige is poked on computer desk <a href="http://mohantarneja.com/file.php?a=111& ... yS9N">Find the video here.</a>
</div>
</body>
</html>
--b1_d3d2f6fd95c83cba59d42155414ec0b7--
Re: users receiving a lot of Porno emails
This one had a score of -1.12
Return-path: <postmaster@efadomain.com>
Received: from mwall2.efadomain.com ([::ffff:192.168.1.57])
by mail.efadomain.com with ESMTP; Thu, 21 Jul 2016 06:43:46 +0100
Received: by mwall2.efadomain.com (Postfix, from userid 48)
id 7915D80079; Thu, 21 Jul 2016 06:43:43 +0100 (BST)
X-Greylist: greylisting inactive for james@mydomain.co.uk in SQLgrey-1.8.0
Received: from list (ns3044074.ip-94-23-201.eu [94.23.201.41])
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mwall2.efadomain.com (Postfix) with ESMTPS id 1B04D8005A
for <james@mydomain.co.uk>; Thu, 21 Jul 2016 00:16:20 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=kacakiddasiteleri.com; s=default; h=Content-Transfer-Encoding:Content-Type:
MIME-Version:Message-ID:From:Date:Subject:To:Sender:Reply-To:Cc:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=g8Cl6AhGgKyvY+9GNsL+9BbVSTVGZN2JDhYTnDcHFH4=; b=YnH//Z6VT1mynl9G130MCVmBdw
LxR0Ncv9UapVDBBzkUNUxjIvMBQWzWyMjTLq+vbMAOIusIgAjtrEjzGg8w3y4UWuDnTA/zQz+3RvZ
wiH+ZwvU8IeHUiF7uL8AnH2E9CxKQJx5ilRpZs8Lwyd+ScSXGx5BvGzlCMU2W+IddG0Pyoojl65rN
lUHwFhg035BMTZCwFADuyyzhwzaIXUFaxJC+XCVqiozCkOm5jKJxYu4vxq0CPDfCMDPt1IJsK7bZm
AbzNwNl43S81hBqYSKi/aGhTLIuyKmtPzEKhqVKawcteh1ihifI9wk3oNiHuboU515SGdt76SElyM
0G8WrBDA==;
Received: from kacak by list with local (Exim 4.87)
(envelope-from <pat_beck@kacakiddasiteleri.com>)
id 1bQ0iw-0004CQ-1k
for james@mydomain.co.uk; Thu, 21 Jul 2016 02:16:18 +0300
To: james@mydomain.co.uk
Subject: Japanese Amateur really cute
X-PHP-Script: kacakiddasiteleri.com/ for 127.0.0.1, 127.0.0.1
Date: Thu, 21 Jul 2016 02:16:18 +0300
From: Pat Beck <pat_beck@kacakiddasiteleri.com>
Message-ID: <1bcf7405a9e51b78cef3a03d9ff4ae70@kacakiddasiteleri.com>
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_1bcf7405a9e51b78cef3a03d9ff4ae70"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - list
X-AntiAbuse: Original Domain - mydomain.co.uk
X-AntiAbuse: Originator/Caller UID/GID - [507 497] / [47 12]
X-AntiAbuse: Sender Address Domain - kacakiddasiteleri.com
X-Get-Message-Sender-Via: list: authenticated_id: kacak/from_h
X-Authenticated-Sender: list: pat_beck@kacakiddasiteleri.com
X-Source: /usr/local/sop/fcgi-bin/lsphp-5.5.35
X-Source-Args: lsphp5:ome/kacak/public_html/git/pulibet/gallery.php
X-Source-Dir: kacakiddasiteleri.com:/public_html/git/pulibet
X-efadomain-MailScanner-EFA-Information: Please contact admin@efadomain.com for more information
X-efadomain-MailScanner-EFA-ID: 7915D80079.A4F9B
X-efadomain-MailScanner-EFA: Found to be clean
X-efadomain-MailScanner-EFA-From: postmaster@efadomain.com
X-efadomain-MailScanner-EFA-Watermark: 1469684626.30737@ZLUiYiPE4inzTv4LGEUdGw
X-Spam-Status: No
--b1_1bcf7405a9e51b78cef3a03d9ff4ae70
Content-Type: text/plain; charset=us-ascii
Blondie Lilly Banks tickles her fancy right in the empty street [ http://www.dekalboutdoortheater.org/css ... um&6=BJKnQ ] Find the video here.
--b1_1bcf7405a9e51b78cef3a03d9ff4ae70
Content-Type: text/html; charset=us-ascii
<html>
<body>
<div style="font-family:Arial,sans-serif;color:#000000;font-size:14px;">
Blondie Lilly Banks tickles her fancy right in the empty street <a href="http://www.dekalboutdoortheater.org/css ... JKnQ">Find the video here.</a>
</div>
</body>
</html>
--b1_1bcf7405a9e51b78cef3a03d9ff4ae70--
Return-path: <postmaster@efadomain.com>
Received: from mwall2.efadomain.com ([::ffff:192.168.1.57])
by mail.efadomain.com with ESMTP; Thu, 21 Jul 2016 06:43:46 +0100
Received: by mwall2.efadomain.com (Postfix, from userid 48)
id 7915D80079; Thu, 21 Jul 2016 06:43:43 +0100 (BST)
X-Greylist: greylisting inactive for james@mydomain.co.uk in SQLgrey-1.8.0
Received: from list (ns3044074.ip-94-23-201.eu [94.23.201.41])
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mwall2.efadomain.com (Postfix) with ESMTPS id 1B04D8005A
for <james@mydomain.co.uk>; Thu, 21 Jul 2016 00:16:20 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=kacakiddasiteleri.com; s=default; h=Content-Transfer-Encoding:Content-Type:
MIME-Version:Message-ID:From:Date:Subject:To:Sender:Reply-To:Cc:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=g8Cl6AhGgKyvY+9GNsL+9BbVSTVGZN2JDhYTnDcHFH4=; b=YnH//Z6VT1mynl9G130MCVmBdw
LxR0Ncv9UapVDBBzkUNUxjIvMBQWzWyMjTLq+vbMAOIusIgAjtrEjzGg8w3y4UWuDnTA/zQz+3RvZ
wiH+ZwvU8IeHUiF7uL8AnH2E9CxKQJx5ilRpZs8Lwyd+ScSXGx5BvGzlCMU2W+IddG0Pyoojl65rN
lUHwFhg035BMTZCwFADuyyzhwzaIXUFaxJC+XCVqiozCkOm5jKJxYu4vxq0CPDfCMDPt1IJsK7bZm
AbzNwNl43S81hBqYSKi/aGhTLIuyKmtPzEKhqVKawcteh1ihifI9wk3oNiHuboU515SGdt76SElyM
0G8WrBDA==;
Received: from kacak by list with local (Exim 4.87)
(envelope-from <pat_beck@kacakiddasiteleri.com>)
id 1bQ0iw-0004CQ-1k
for james@mydomain.co.uk; Thu, 21 Jul 2016 02:16:18 +0300
To: james@mydomain.co.uk
Subject: Japanese Amateur really cute
X-PHP-Script: kacakiddasiteleri.com/ for 127.0.0.1, 127.0.0.1
Date: Thu, 21 Jul 2016 02:16:18 +0300
From: Pat Beck <pat_beck@kacakiddasiteleri.com>
Message-ID: <1bcf7405a9e51b78cef3a03d9ff4ae70@kacakiddasiteleri.com>
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_1bcf7405a9e51b78cef3a03d9ff4ae70"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - list
X-AntiAbuse: Original Domain - mydomain.co.uk
X-AntiAbuse: Originator/Caller UID/GID - [507 497] / [47 12]
X-AntiAbuse: Sender Address Domain - kacakiddasiteleri.com
X-Get-Message-Sender-Via: list: authenticated_id: kacak/from_h
X-Authenticated-Sender: list: pat_beck@kacakiddasiteleri.com
X-Source: /usr/local/sop/fcgi-bin/lsphp-5.5.35
X-Source-Args: lsphp5:ome/kacak/public_html/git/pulibet/gallery.php
X-Source-Dir: kacakiddasiteleri.com:/public_html/git/pulibet
X-efadomain-MailScanner-EFA-Information: Please contact admin@efadomain.com for more information
X-efadomain-MailScanner-EFA-ID: 7915D80079.A4F9B
X-efadomain-MailScanner-EFA: Found to be clean
X-efadomain-MailScanner-EFA-From: postmaster@efadomain.com
X-efadomain-MailScanner-EFA-Watermark: 1469684626.30737@ZLUiYiPE4inzTv4LGEUdGw
X-Spam-Status: No
--b1_1bcf7405a9e51b78cef3a03d9ff4ae70
Content-Type: text/plain; charset=us-ascii
Blondie Lilly Banks tickles her fancy right in the empty street [ http://www.dekalboutdoortheater.org/css ... um&6=BJKnQ ] Find the video here.
--b1_1bcf7405a9e51b78cef3a03d9ff4ae70
Content-Type: text/html; charset=us-ascii
<html>
<body>
<div style="font-family:Arial,sans-serif;color:#000000;font-size:14px;">
Blondie Lilly Banks tickles her fancy right in the empty street <a href="http://www.dekalboutdoortheater.org/css ... JKnQ">Find the video here.</a>
</div>
</body>
</html>
--b1_1bcf7405a9e51b78cef3a03d9ff4ae70--
Re: users receiving a lot of Porno emails
You installation of Spamassassin does not appear to be configured to show the detailed spam reports with your messages.
For example, in my messages, I will see the following headers:
We cannot see them in your messages.
Can you grab the spam report from the message details through the efa web interface, or can you reconfigure your installation to include the spam report headings?
I believe the options are (in /etc/MailScanner.conf)
For example, in my messages, I will see the following headers:
Code: Select all
X-efaDomain-MailScanner-EFA-SpamScore: sssss
X-efaDomain-MailScanner-EFA-SpamCheck: spam, SpamAssassin (not cached,
score=5.203, required 4, BAYES_50 0.80, DCC_CHECK 1.10,
DIGEST_MULTIPLE 0.29, DKIM_SIGNED 0.10,
FREEMAIL_FORGED_FROMDOMAIN 0.20, FREEMAIL_FROM 0.00,
HEADER_FROM_DIFFERENT_DOMAINS 0.00, HTML_MESSAGE 0.00,
HTML_OBFUSCATE_05_10 0.26, ML_SPF_PASS -0.68,
RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.89,
RAZOR2_CHECK 0.92, R_SB_FR 0.01, R_SB_FR_P03 -0.20, SPF_FAIL 0.00,
SPF_HELO_PASS -0.00, T_DKIM_INVALID 0.01)
X-efaDomain-MailScanner-EFA: Found to be clean
Can you grab the spam report from the message details through the efa web interface, or can you reconfigure your installation to include the spam report headings?
I believe the options are (in /etc/MailScanner.conf)
Code: Select all
Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = yes
Re: users receiving a lot of Porno emails
Looks like the other emails have been deleted
This one was in Pink with Score of 6.36 - but having added the two lines and rebooted EFA
I get different layout but spamassassin is mentioned
does this help?
Return-path: <postmaster@efadomain.com>
Received: from mwall2.efadomain.com ([::ffff:192.168.1.57])
by mail.efadomain.com with ESMTP; Thu, 21 Jul 2016 15:44:11 +0100
Received: by mwall2.efadomain.com (Postfix, from userid 48)
id 0694B80057; Thu, 21 Jul 2016 15:44:07 +0100 (BST)
X-Greylist: greylisting inactive for james@mydomain.co.uk in SQLgrey-1.8.0
Received: from h1434261.stratoserver.net (kulturfenster-berlin.de [85.214.139.183])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mwall2.efadomain.com (Postfix) with ESMTPS id 2B34080056
for <james@mydomain.co.uk>; Thu, 21 Jul 2016 12:16:47 +0100 (BST)
Received: by h1434261.stratoserver.net (Postfix, from userid 10003)
id 23BBACCF239; Thu, 21 Jul 2016 13:16:46 +0200 (CEST)
To: james@mydomain.co.uk
Subject: Brutal dildo in babes cunt showering
X-PHP-Originating-Script: 10003:start72.php(1942) : eval()'d code
Date: Thu, 21 Jul 2016 13:16:46 +0200
From: Stacy Carpenter <stacy_carpenter@meinschoeneweide.de>
Message-ID: <381d9d4d79e66dded8992b85695d52c6@meinschoeneweide.de>
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_381d9d4d79e66dded8992b85695d52c6"
Content-Transfer-Encoding: 8bit
X-efadomain-MailScanner-EFA-Information: Please contact admin@efadomain.com for more information
X-efadomain-MailScanner-EFA-ID: 0694B80057.A9B9F
X-efadomain-MailScanner-EFA: Found to be clean
X-efadomain-MailScanner-EFA-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=6.025, required 4, BAYES_00 -1.90,
HEADER_FROM_DIFFERENT_DOMAINS 0.00, HTML_MESSAGE 0.00,
KAM_BADPHP 2.50, RAZOR2_CF_RANGE_51_100 0.50,
RAZOR2_CF_RANGE_E8_51_100 1.89, RAZOR2_CHECK 0.92,
RCVD_IN_BRBL_LASTEXT 1.45, SPF_SOFTFAIL 0.67, URIBL_BLOCKED 0.00)
X-efadomain-MailScanner-EFA-From: postmaster@efadomain.com
X-efadomain-MailScanner-EFA-Watermark: 1469717049.73861@97RsMA5pX+wSYWTkv8j1CQ
X-Spam-Status: No
--b1_381d9d4d79e66dded8992b85695d52c6
Content-Type: text/plain; charset=us-ascii
That insane chick swallows like pervert! [ http://capturedojo.com/themes.php?g=111 ... Mz&6qeaf=J ] Check it out!
--b1_381d9d4d79e66dded8992b85695d52c6
Content-Type: text/html; charset=us-ascii
<html>
<body>
<div style="font-family:Arial,sans-serif;color:#000000;font-size:14px;">
That insane chick swallows like pervert! <a href="http://capturedojo.com/themes.php?g=111 ... f=J">Check it out!</a>
</div>
</body>
</html>
--b1_381d9d4d79e66dded8992b85695d52c6--
This one was in Pink with Score of 6.36 - but having added the two lines and rebooted EFA
I get different layout but spamassassin is mentioned
does this help?
Return-path: <postmaster@efadomain.com>
Received: from mwall2.efadomain.com ([::ffff:192.168.1.57])
by mail.efadomain.com with ESMTP; Thu, 21 Jul 2016 15:44:11 +0100
Received: by mwall2.efadomain.com (Postfix, from userid 48)
id 0694B80057; Thu, 21 Jul 2016 15:44:07 +0100 (BST)
X-Greylist: greylisting inactive for james@mydomain.co.uk in SQLgrey-1.8.0
Received: from h1434261.stratoserver.net (kulturfenster-berlin.de [85.214.139.183])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mwall2.efadomain.com (Postfix) with ESMTPS id 2B34080056
for <james@mydomain.co.uk>; Thu, 21 Jul 2016 12:16:47 +0100 (BST)
Received: by h1434261.stratoserver.net (Postfix, from userid 10003)
id 23BBACCF239; Thu, 21 Jul 2016 13:16:46 +0200 (CEST)
To: james@mydomain.co.uk
Subject: Brutal dildo in babes cunt showering
X-PHP-Originating-Script: 10003:start72.php(1942) : eval()'d code
Date: Thu, 21 Jul 2016 13:16:46 +0200
From: Stacy Carpenter <stacy_carpenter@meinschoeneweide.de>
Message-ID: <381d9d4d79e66dded8992b85695d52c6@meinschoeneweide.de>
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_381d9d4d79e66dded8992b85695d52c6"
Content-Transfer-Encoding: 8bit
X-efadomain-MailScanner-EFA-Information: Please contact admin@efadomain.com for more information
X-efadomain-MailScanner-EFA-ID: 0694B80057.A9B9F
X-efadomain-MailScanner-EFA: Found to be clean
X-efadomain-MailScanner-EFA-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=6.025, required 4, BAYES_00 -1.90,
HEADER_FROM_DIFFERENT_DOMAINS 0.00, HTML_MESSAGE 0.00,
KAM_BADPHP 2.50, RAZOR2_CF_RANGE_51_100 0.50,
RAZOR2_CF_RANGE_E8_51_100 1.89, RAZOR2_CHECK 0.92,
RCVD_IN_BRBL_LASTEXT 1.45, SPF_SOFTFAIL 0.67, URIBL_BLOCKED 0.00)
X-efadomain-MailScanner-EFA-From: postmaster@efadomain.com
X-efadomain-MailScanner-EFA-Watermark: 1469717049.73861@97RsMA5pX+wSYWTkv8j1CQ
X-Spam-Status: No
--b1_381d9d4d79e66dded8992b85695d52c6
Content-Type: text/plain; charset=us-ascii
That insane chick swallows like pervert! [ http://capturedojo.com/themes.php?g=111 ... Mz&6qeaf=J ] Check it out!
--b1_381d9d4d79e66dded8992b85695d52c6
Content-Type: text/html; charset=us-ascii
<html>
<body>
<div style="font-family:Arial,sans-serif;color:#000000;font-size:14px;">
That insane chick swallows like pervert! <a href="http://capturedojo.com/themes.php?g=111 ... f=J">Check it out!</a>
</div>
</body>
</html>
--b1_381d9d4d79e66dded8992b85695d52c6--
Re: users receiving a lot of Porno emails
yes.
look here:
it looks like you are whitelisting the spammers, thus the spam is being marked as clean.
look here:
Code: Select all
X-efadomain-MailScanner-EFA: Found to be clean
X-efadomain-MailScanner-EFA-SpamCheck: not spam (whitelisted),
Re: users receiving a lot of Porno emails
Hi
I saw that but the user has actually blacklisted these spammers
so I don't understand why they are white listed ?
is it possible some other user on the system has white listed ?
is there anyway to find out ?
I saw that but the user has actually blacklisted these spammers
so I don't understand why they are white listed ?
is it possible some other user on the system has white listed ?
is there anyway to find out ?
Re: users receiving a lot of Porno emails
I have hundreds of of Domains
all with mailxxx.yyy.com etc
I can't see anyone white-listing these !
has my system been perhaps hacked ?
all with mailxxx.yyy.com etc
I can't see anyone white-listing these !
has my system been perhaps hacked ?
Re: users receiving a lot of Porno emails
where do you have those?I have hundreds of of Domains
Re: users receiving a lot of Porno emails
when I click on Graylist > Domains
a list come up headed whitelist
a list come up headed whitelist
Re: users receiving a lot of Porno emails
that is just greylisting, doesn't concern this issue: https://en.wikipedia.org/wiki/Greylisting
What this: means is:
Go to your EFA web interface, select B/W Lists and check if those domains are there under the Whitelist section.
If they are, remove them.
Not sure where they would show if a user had whitelisted them, might still show there...
What this:
Code: Select all
X-efadomain-MailScanner-EFA-SpamCheck: not spam (whitelisted),
Go to your EFA web interface, select B/W Lists and check if those domains are there under the Whitelist section.
If they are, remove them.
Not sure where they would show if a user had whitelisted them, might still show there...
Re: users receiving a lot of Porno emails
No none of these are in there - 1st thing I checked since more than 1 user getting these
I also checked B/W lists each of the Users getting these emails - not there either
one entry I'm not 100% sure about - 127.0.0.1 - (local host )
should this be in there ??
(Guess I can check by setting a new EFA !)
I also checked B/W lists each of the Users getting these emails - not there either
one entry I'm not 100% sure about - 127.0.0.1 - (local host )
should this be in there ??
(Guess I can check by setting a new EFA !)
Re: users receiving a lot of Porno emails
afaik localhost should be there so EFA does whitelist emails originating on your EFA appliance itself.
Re: users receiving a lot of Porno emails
I have no idea what is causing your problem. I'd need to log into your system and see what's going on in order to work out why these domains are whitelisted.
Re: users receiving a lot of Porno emails
my IT manager said we should simply start again with a new install since its a VM
We have about 80 users 7 domains
are there any options for export users ?
We have about 80 users 7 domains
are there any options for export users ?