this spam is not filtered

General eFa discussion
Post Reply
keysteal
Posts: 6
Joined: 10 Nov 2018 07:25

this spam is not filtered

Post by keysteal » 23 Dec 2018 22:26

The content of this spam is strangly not filtered by EFA. I've been receiveing this kind of email several times this week, and even if It was learned with spamassassin I continue to receive it, with some modifications. Any Idea how to solve it?
X-Antivirus: avast (VPS 18122204)
X-Antivirus-Status: Clean
Return-Path: help@songchao8.com
Received: from antispam.xxxxxxxxxx.it (antispam.xxxxxxxxx.it [xxx.xxx.xxx.xxx])
by mail.xxxxxxxxxx.it with ESMTP
; Thu, 20 Dec 2018 03:24:15 +0100
Message-ID: <7AE22B76-07C9-42A5-9056-D0A6679EDAF6@mail.xxxxxxx.it>
X-Spam-Status: No
X-Myantispam-MailScanner-EFA-Watermark: 1545877449.09051@RjpgH/QbeBfQ30gUhg1PqQ
X-Myantispam-MailScanner-EFA-From: help@songchao8.com
X-Myantispam-MailScanner-EFA-SpamScore: sss
X-Myantispam-MailScanner-EFA: Found to be clean
X-Myantispam-MailScanner-EFA-ID: 645311580614.A48BA
X-Myantispam-MailScanner-EFA-Information: Please contact xxxxxxxx@xxxxxxx.it for more information
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
DMARC-Filter: OpenDMARC Filter v1.3.2 antispam.xxxxxxxxxx.it 645311580614
Authentication-Results: antispam.xxxxxxx.it; dmarc=pass (p=none dis=none) header.from=songchao8.com
Authentication-Results: antispam.xxxxxxx.it; spf=pass smtp.mailfrom=help@songchao8.com
DKIM-Filter: OpenDKIM Filter v2.11.0 antispam.xxxxxxx.it 645311580614
Authentication-Results: antispam.xxxxxxx.it;
dkim=pass (1024-bit key) header.d=songchao8.com header.i=help@songchao8.com header.b="L2wO50+P"
Received: from songchao8.com (songchao8.com [185.254.120.84])
by antispam.xxxxxxxx.it (Postfix) with ESMTP id 645311580614
for <xxxxxxxx@xxxxxxx.it>; Thu, 20 Dec 2018 03:24:07 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail; d=songchao8.com;
h=From:Subject:To:Content-Type:MIME-Version:Content-Transfer-Encoding:Reply-To:Date; i=help@songchao8.com;
bh=mu2QgRPljjOfjDgMDKL4IIVAfRicj8et+oAUn1v5xaw=;
b=L2wO50+PPe87TWAxpk6IIrOuHIzIVC5rk7TKPez/3G8aj+DramiqHvPdyPFNVBIMlpC5hB+ME9QZ
Jz1IiaSp0S4t1x3Ai/TyonpvkrAnu12iG8Hs7kC7XAAScwsoSnK+iAxXov4K1vfCVoN9BIuANC0Y
njCtzKhPEJm33JObt8A=
From: "Seganti Carlo" <help@songchao8.com>
Subject: inviamo la fattura 12/20/18494
To: "my email " <xxxxxxx@xxxxxxxxx.it>
Content-Type: text/plain; charset=utf-8
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Reply-To: "Seganti Carlo" <help2@songchao8.com>
Organization: Ambienti Srl
Date: Thu, 20 Dec 2018 03:24:05 +0100

buond=C3=AC,
Dal nome di Roberti Ufficio Srl, invio la fattura, allo stesso tempo c=
hiedo un pagamento tempestivo. Documenti allegati: http://globaldeals.=
1800greens.com/holmes/90.html?email=3D59585@301ee
Con rispetto,=20
Seganti Carlo
Roberti Ufficio Srl

henk
Posts: 379
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: this spam is not filtered

Post by henk » 24 Dec 2018 13:29

The spam report from mailscanner shows usefull info on the score build for a message,
Learn as spam to train bayes and report it to get it on blacklists
2018-12-24C185403E8.png
2018-12-24C185403E8.png (41.53 KiB) Viewed 331 times
You could add a score for mail from Russia ( or a list of countries) ,to classify it as spam.
viewtopic.php?t=2659

Check if the IP is listed
https://whatismyipaddress.com/blacklist-check
2018-12-24 IPAddressBlacklistCheck.png
2018-12-24 IPAddressBlacklistCheck.png (28.21 KiB) Viewed 331 times
Now decide if you want to add additional blacklists, versus the risk of false positives and make sure DNS Recursion is enabled on EFA

Post Reply