Crap Spam
Question asked by John Marx - April 23 at 6:44 AM
Answered
Our clients are getting a TON of these emails and is right now our biggest complaint on spam.They are from user@domain.com so SmarterMail is marking them as "Trusted". These are not trusted. as the header show they are not from our system. I know our clients cannot be the only ones getting these crap spam emails. How can we prevent these "false positives"?

Return-Path: <contato@hplus.com.br>
Received: from srv.hplus.com.br (192-163-237-152.unifiedlayer.com [192.163.237.152]) by xxx-mail-00.xxx.com with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Tue, 23 Apr 2019 13:39:30 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=hplus.com.br; s=default; h=Subject:From:To:Date:Message-ID:MIME-Version:
Content-Type:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=woHzbXfA3G7iDB3awS7RKBedYSBd9gDVmnZ0qrtG/4M=; b=nY3+7megOlos7SQJNjg+qFwF7n
29ro/2VszHN1L2NLM4DV5RjCJXmFSw921gBRF/voKCJSxxesq7hlUq+gexyw8VI6LvtK54P/b4gwH
pcyD+NHkdTn8FTpux2wsxGCHmqOL9G/OFAWEC5mtGp8Hk7BlNp4ohYxsvFhBqkEXUOBKauEMMLudz
KC/YChvn7ePwMdJeH4F4jbzwCoWzeuMQNY8rXnsd0lRpc+p+o5PtQpbWeoQ7nJ8tKf2CpW8v/hY2N
KPcFFAqUVtlHQFFzjf4zFazz6J+yz155F+IzVFE7eoVXVl9EOm8eJeq5kWhzcVdSck0QLmOk7gBvG
Mgdt6pJg==;
Received: from interno.tpa.com.br ([189.45.192.4]:46414 helo=[dynamic-179-127-181-236.tpa.net.br])
by srv.hplus.com.br with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256)
(Exim 4.89_1)
(envelope-from <contato@hplus.com.br>)
id 1hIvT5-0006R2-4y
for xxx@xxx.com; Tue, 23 Apr 2019 08:28:29 -0500
Content-Type: multipart/related;
boundary="fyoal-4DDAA848C9084-pdwfvncipi-A968AD0786ED7155F3CB-hhxxmdtym-5BAF39EC1E9E6"
MIME-Version: 1.0
Message-ID: <kyopkzz16202083.79400405@mail.hplus.com.br>
X-Sender: contato@hplus.com.br
User-Agent: Workspace Webmail 6.9.07
Date: Tue, 23 Apr 2019 15:28:15 +0200
To: xxx@xxx.com
From: <xxx@xxx.com>
Organization: Jmrfqeami
Subject: john
X-Abuse-Reports-To: <abuse@mailer.hplus.com.br>
Feedback-ID: 8dmyuipa7jl0wztb5glr1twbz9y6rxncxcl55lr2zbzjvqt:none:lacrtlg
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv.hplus.com.br
X-AntiAbuse: Original Domain - xxx.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - hplus.com.br
X-Get-Message-Sender-Via: srv.hplus.com.br: authenticated_id: contato@hplus.com.br
X-Authenticated-Sender: srv.hplus.com.br: contato@hplus.com.br
X-Source:
X-Source-Args:
X-Source-Dir:
X-RBL-Warning: WEIGHT10: Weight of 11 reaches or exceeds the limit of 10.
X-Declude-Sender: contato@hplus.com.br [192.163.237.152]
X-Declude-Spoolname: 392445779.eml
X-Declude-RefID:
X-Declude-Note: Scanned by Declude 4.12.11
X-Declude-Scan: Incoming Score [11] at 13:39:37 on 23 Apr 2019
X-Declude-Tests: SORBS-RECENT [3], BASE64 [4], HELOBOGUS [5], FROMNOMATCH [2], WEIGHT10 [10]
X-Country-Chain: UNITED STATES->destination
X-Declude-Code: e
X-HELO: srv.hplus.com.br
X-Identity: 192.163.237.152 | 192-163-237-152.unifiedlayer.com | hplus.com.br
X-SmarterMail-Spam: SPF [Fail]: 10, SORBS - Recent: 5, ISpamAssassin [raw:5]: 9, DK [None]: 0, DKIM [None]: 5, Declude: 11
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - Domain)


7 Replies

Reply to Thread
2
Matt Petty Replied
Employee Post Marked As Answer
We have a fix for SPF [FAIL] Not triggering the invalid trusted sender behavior. I've DM'd you a custom build with a fix.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
John Marx Replied
Thanks Matt!
0
Sébastien Riccio Replied
Hello,
 we also have this issue with the latest SM 16, will a fix be available for it too as we are not yet ready to migrate our current user base to V17?

Thanks a lot for your answer.
0
Matt Petty Replied
Employee Post
As far as I'm aware SmarterMail 16 does not have this problem as this cropped up due to changes made a couple weeks back to SmarterMail 17.

If you can link the Headers for an email that exhibits this behavior I could tell you if your seeing the same thing.
This specifically fixes cases where SPF fails but we still accept a trusted sender. If SPF or DKIM fail we will print
X-SmarterMail-TotalSpamWeight: X (Trusted Sender - Domain, failed SPF)
or
X-SmarterMail-TotalSpamWeight: X (Trusted Sender - Domain, failed DKIM)

With X being a non-zero weight.

Notice in the example above by John, this was not the case.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Tim DeMeza Replied
Matt,
I think I need this build as well.  It would really help.  I am very concerned about malware / phishing scams getting through because of this.  We can educate all we want, but somebody is going to click the link.  Currently we are on 7040.

Thank you.
1
Matt Petty Replied
Employee Post
I sent that link to you. We do have a minor tentatively scheduled for release today. This link I'm handing out is a build from Friday so if you use this custom build you still might want to consider using the minor from later today.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Binesh Shammunni Replied
I have same problem for build 7040 , I think new build 7053 fix the issue

Thanks

Reply to Thread