Back to Community Threads
1
A customer is getting tons of spam....
Problem reported by Brian Bjerring-Jensen - 5/31/2023 at 3:48 AM
Submitted
Return-Path: <random_NjAwMDAwMDIzNTk5MTI1NDE2X3NhbGVzQGlndC1scGcuY29tJHZpcA==@vip.makescrews.ltd>
X-AliDM-RcptTo: c2FsZXNAaWd0LWxwZy5jb20=
Feedback-ID: default:vip@vip.makescrews.ltd:batch:316440
Received: from chitu-hsf(mailfrom:vip@vip.makescrews.ltd fp:ma_600000023599125415)
          by smtp.aliyun-inc.com(127.0.0.1);
          Wed, 31 May 2023 18:20:26 +0800
Date: Wed, 31 May 2023 18:20:26 +0800
From: "=?UTF-8?B?cm9vZmluZyBzY3Jld+WFqOeQgw==?=" <vip@vip.makescrews.ltd>
Return-Path: "=?UTF-8?B?cm9vZmluZyBzY3Jld+WFqOeQgw==?=" <vip@vip.makescrews.ltd>
To: <sales@xxx.com>
Reply-To: <tjlituo0002@gmail.com>
Message-ID: <dfaac876-9090-493f-aa34-cc54ca5d0957@alibaba.com>
Subject: =?UTF-8?B?Um9vZmluZyBTY3JldyBNYW51ZmFjdHVyZXIgRGlyZWN0bHk=?=
X-Priority: 3
X-Mailer: Alimail-Mailagent
MIME-Version: 1.0
X-EnvId: 600000023599125416
X-Mailer: Alimail-Mailagent
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-SmarterMail-Spam: DMARC [none]: 0, Reverse DNS Lookup [Passed]: 0, Null Sender: 0, ISpamAssassin [raw:7,5]: 11, SPF [Pass]: 0, DK [None]: 0, DKIM [None]: 5, UCEProtect Level 1: 0, UCEProtect Level 2: 0, UCEProtect Level 3: 0, Spamhaus - PBL, Spamhaus - SBL, Spamhaus - CSS: 0, SpamCop: 0, MailSpike L5: 0, URIBL Black, URIBL Grey, URIBL Red: 0
X-SmarterMail-SpamDetail: 2,7 DEAR_FRIEND
X-SmarterMail-SpamDetail: 0,1 MIME_HTML_MOSTLY
X-SmarterMail-SpamDetail: 0,1 MIME_HTML_ONLY
X-SmarterMail-SpamDetail: 0,0 MIME_QP_LONG_LINE
X-SmarterMail-SpamDetail: 0,0 HTML_MESSAGE
X-SmarterMail-SpamDetail: 0,0 HTML_IMAGE_RATIO_02
X-SmarterMail-SpamDetail: 2,4 RDNS_NONE
X-SmarterMail-SpamDetail: 0,0 FROM_EXCESS_BASE64
X-SmarterMail-SpamDetail: 0,0 HTML_MIME_NO_HTML_TAG
X-SmarterMail-SpamDetail: 1,2 BODY_URI_ONLY
X-SmarterMail-SpamDetail: 1,0 TVD_SUBJ_NUM_OBFU_MINFP
X-SmarterMail-TotalSpamWeight: 23
X-SmarterMail-SpamAction: Low | NoAction


Next one:

Return-Path: <16x76370.509709902.1366792870@info.postmail.net.pl>
Received: from app8 (unknown [192.168.250.166])
    by smtp09.postmail.net.pl (Postfix) with SMTP id 98975670AF42
    for <sales@xxx.com>; Wed, 31 May 2023 12:30:40 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=postmail.net.pl;
    s=default; t=1685529040;
    bh=6t+0+3JkzA2JF2nNE0RXj19fRzaQix0dW6trDOU2jv4=;
    h=From:To:Reply-To:Date:Subject:List-Unsubscribe;
    b=LtkX8Z9IUJ5l4lSslunNkN9QXhITjRH9pUeT0pXdxYPe2zB7jw3TmL0UVi+xwlM/V
     azD4a3dpESyN1FUS4VqPNPjpo+ZjDRnhsX4CsPvDDVvJI/59AMEXinb4vx+WCCf7CZ
     ATyTu/rNS4zhb8KijqBD/Al5SGcSnXwWhoO2wNRg=
From: "OVH" <ovh@onlypromki.pl>
To: "sales@xxx.com" <sales@xxx.com>
Reply-To: ovh@onlypromki.pl
Date: Wed, 31 May 2023 12:30:40 +0200
Subject: =?utf-8?B?TWFqb3dlIFByb21vY2plIE9WSGNsb3VkLiBMaW1pdG93YW5hIG9mZXJ0YSBzZXJ3ZXLDs3cganXFvCBvZCA2MCB6xYIvbWllcy4gVHlsa28gZG8gMDYuMDY=?=
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="_=aspNetEmail=_635ee3e5d6fd494fbe0a06fccc92204f"
Precedence: bulk
List-Unsubscribe: <https://info.postmail.net.pl/appreg/panel/Redirect.aspx?link_id=571C1C71-A139-4103-9CA3-8328A3315A59&mail_id=48ebfc23-f05c-4d7b-9d9f-5a2ac9950091&d=16A0DD7C-E2C6-4DB6-B864-9137B5CE9A16&cntct_id=CmAQdkEhV1wMLQlHO25AQhV6FG8WLkVoVFsVelgTZncVShos&p1=FBNFExJWc0k2KGhVa1scICp6ZQRYc1kOdxsUbWELEwM8DF9aGwRccy1BEh8aTndLAVwNcBEBTx0ZWgt0cX5vVhIYDDhnCz0OAwgEHB5IK1YQXlhbKHkrOGQZUBZhDnEBVggNPn0xbURJZXkZGFJRdnVrcn9hEgcGYAp2Ag9gaxtLXnpTXgttAW9XYkI%2fe3JFUEdA&p2=F3tVdBACBUFeCkwOI0VuVl1gfA5ZJ0NiBm1kdGcEaA4cclUDAWExBENRfhAVI2QlLBk%2fJVBxF0orTiUpJGg%2bD1JyESdiHhlZXC4bagAeX1dFQ1QJXC5EXyR%2bAwttWHNZDAEGVWlfYUImAhZrHFVKAH1qc2Vl&site=aHR0cHMlM2ElMmYlMmZpbmZvLnBvc3RtYWlsLm5ldC5wbCUyZmFwcHJlZyUyZnBhbmVsJTJmUmVnaXN0ZXJPdXRQYWdlLmFzcHglM2ZtYWlsX2lkJTNkJTIzJTIzbWFpbF9pZCUyMyUyMyUyNmFtcCUzYmQlM2QxNkEwREQ3Qy1FMkM2LTREQjYtQjg2NC05MTM3QjVDRTlBMTY%3d>;
Feedback-ID: :509709902:76370:net.pl
X-Sid: 20230531.123040.6180@postmail.net.pl
Message-ID: <16x76370.509709902.1366792870@info.postmail.net.pl>
X-SmarterMail-Spam: DMARC [none]: 0, Reverse DNS Lookup [Passed]: 0, Null Sender: 0, ISpamAssassin [raw:3,4]: 5, SPF [Pass]: 0, DK [None]: 0, DKIM [Pass]: 0, UCEProtect Level 3: 0, Spamhaus - PBL, Spamhaus - SBL, Spamhaus - CSS: 0, SpamCop: 0, UCEProtect Level 2: 0, UCEProtect Level 1: 0, MailSpike L5: 0, URIBL Black, URIBL Grey, URIBL Red: 0
X-SmarterMail-SpamDetail: 2,4 FSL_HELO_NON_FQDN_1
X-SmarterMail-SpamDetail: 0,0 HTML_MESSAGE
X-SmarterMail-SpamDetail: 0,0 HTML_IMAGE_RATIO_02
X-SmarterMail-SpamDetail: 1,0 MAILING_LIST_MULTI
X-SmarterMail-SpamDetail: 0,0 HELO_NO_DOMAIN
X-SmarterMail-TotalSpamWeight: 8
X-SmarterMail-SpamAction: None | NoAction


They are getting hammered and I cant find a way to block it.

2 Replies

Reply to Thread
0
Karl Jones Replied
6/1/2023 at 7:58 AM
I add into security / SMTP Blocks [*.*.*.*] to EHLO Domain.
It blocks a lot of Localhost and IP only identified mail servers.
0
Brian Bjerring-Jensen Replied
6/1/2023 at 8:53 AM
Added it to EHLO. Thanks :)

I will see how it goes.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Spam and Security Checks for IPv6 SystemsSmarterMail > Antispam and Antivirus
My spool is full of pending messages. What do I do?SmarterMail > Troubleshooting
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Untangle Spam Filtering and SmarterMail TLS IssuesGeneral Topics