Page 1 of 1

this spam is not filtered

Posted: 23 Dec 2018 22:26
by keysteal
The content of this spam is strangly not filtered by EFA. I've been receiveing this kind of email several times this week, and even if It was learned with spamassassin I continue to receive it, with some modifications. Any Idea how to solve it?
X-Antivirus: avast (VPS 18122204)
X-Antivirus-Status: Clean
Return-Path: help@songchao8.com
Received: from antispam.xxxxxxxxxx.it (antispam.xxxxxxxxx.it [xxx.xxx.xxx.xxx])
by mail.xxxxxxxxxx.it with ESMTP
; Thu, 20 Dec 2018 03:24:15 +0100
Message-ID: <7AE22B76-07C9-42A5-9056-D0A6679EDAF6@mail.xxxxxxx.it>
X-Spam-Status: No
X-Myantispam-MailScanner-EFA-Watermark: 1545877449.09051@RjpgH/QbeBfQ30gUhg1PqQ
X-Myantispam-MailScanner-EFA-From: help@songchao8.com
X-Myantispam-MailScanner-EFA-SpamScore: sss
X-Myantispam-MailScanner-EFA: Found to be clean
X-Myantispam-MailScanner-EFA-ID: 645311580614.A48BA
X-Myantispam-MailScanner-EFA-Information: Please contact xxxxxxxx@xxxxxxx.it for more information
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
DMARC-Filter: OpenDMARC Filter v1.3.2 antispam.xxxxxxxxxx.it 645311580614
Authentication-Results: antispam.xxxxxxx.it; dmarc=pass (p=none dis=none) header.from=songchao8.com
Authentication-Results: antispam.xxxxxxx.it; spf=pass smtp.mailfrom=help@songchao8.com
DKIM-Filter: OpenDKIM Filter v2.11.0 antispam.xxxxxxx.it 645311580614
Authentication-Results: antispam.xxxxxxx.it;
dkim=pass (1024-bit key) header.d=songchao8.com header.i=help@songchao8.com header.b="L2wO50+P"
Received: from songchao8.com (songchao8.com [185.254.120.84])
by antispam.xxxxxxxx.it (Postfix) with ESMTP id 645311580614
for <xxxxxxxx@xxxxxxx.it>; Thu, 20 Dec 2018 03:24:07 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail; d=songchao8.com;
h=From:Subject:To:Content-Type:MIME-Version:Content-Transfer-Encoding:Reply-To:Date; i=help@songchao8.com;
bh=mu2QgRPljjOfjDgMDKL4IIVAfRicj8et+oAUn1v5xaw=;
b=L2wO50+PPe87TWAxpk6IIrOuHIzIVC5rk7TKPez/3G8aj+DramiqHvPdyPFNVBIMlpC5hB+ME9QZ
Jz1IiaSp0S4t1x3Ai/TyonpvkrAnu12iG8Hs7kC7XAAScwsoSnK+iAxXov4K1vfCVoN9BIuANC0Y
njCtzKhPEJm33JObt8A=
From: "Seganti Carlo" <help@songchao8.com>
Subject: inviamo la fattura 12/20/18494
To: "my email " <xxxxxxx@xxxxxxxxx.it>
Content-Type: text/plain; charset=utf-8
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Reply-To: "Seganti Carlo" <help2@songchao8.com>
Organization: Ambienti Srl
Date: Thu, 20 Dec 2018 03:24:05 +0100

buond=C3=AC,
Dal nome di Roberti Ufficio Srl, invio la fattura, allo stesso tempo c=
hiedo un pagamento tempestivo. Documenti allegati: http://globaldeals.=
1800greens.com/holmes/90.html?email=3D59585@301ee
Con rispetto,=20
Seganti Carlo
Roberti Ufficio Srl

Re: this spam is not filtered

Posted: 24 Dec 2018 13:29
by henk
The spam report from mailscanner shows usefull info on the score build for a message,
Learn as spam to train bayes and report it to get it on blacklists
2018-12-24C185403E8.png
2018-12-24C185403E8.png (41.53 KiB) Viewed 3164 times
You could add a score for mail from Russia ( or a list of countries) ,to classify it as spam.
viewtopic.php?t=2659

Check if the IP is listed
https://whatismyipaddress.com/blacklist-check
2018-12-24 IPAddressBlacklistCheck.png
2018-12-24 IPAddressBlacklistCheck.png (28.21 KiB) Viewed 3164 times
Now decide if you want to add additional blacklists, versus the risk of false positives and make sure DNS Recursion is enabled on EFA

Re: this spam is not filtered

Posted: 12 Dec 2019 09:51
by thomaryan
Hey can you help me out in this regard,
I am unable to change my IP Address.
Is my IP on the Saga Games is black listed ?
https://www.purevpn.com/what-is-my-ip
I am from Switzerland and My IP is of here. But unable to login since 3 days.
ANy tool to see the problem?