Crap Spam

Question asked by John Marx - 4/23/2019 at 6:44 AM

Answered

Our clients are getting a TON of these emails and is right now our biggest complaint on spam.They are from user@domain.com so SmarterMail is marking them as "Trusted". These are not trusted. as the header show they are not from our system. I know our clients cannot be the only ones getting these crap spam emails. How can we prevent these "false positives"?

Return-Path: <contato@hplus.com.br>
Received: from srv.hplus.com.br (192-163-237-152.unifiedlayer.com [192.163.237.152]) by xxx-mail-00.xxx.com with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Tue, 23 Apr 2019 13:39:30 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=hplus.com.br; s=default; h=Subject:From:To:Date:Message-ID:MIME-Version:
Content-Type:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=woHzbXfA3G7iDB3awS7RKBedYSBd9gDVmnZ0qrtG/4M=; b=nY3+7megOlos7SQJNjg+qFwF7n
29ro/2VszHN1L2NLM4DV5RjCJXmFSw921gBRF/voKCJSxxesq7hlUq+gexyw8VI6LvtK54P/b4gwH
pcyD+NHkdTn8FTpux2wsxGCHmqOL9G/OFAWEC5mtGp8Hk7BlNp4ohYxsvFhBqkEXUOBKauEMMLudz
KC/YChvn7ePwMdJeH4F4jbzwCoWzeuMQNY8rXnsd0lRpc+p+o5PtQpbWeoQ7nJ8tKf2CpW8v/hY2N
KPcFFAqUVtlHQFFzjf4zFazz6J+yz155F+IzVFE7eoVXVl9EOm8eJeq5kWhzcVdSck0QLmOk7gBvG
Mgdt6pJg==;
Received: from interno.tpa.com.br ([189.45.192.4]:46414 helo=[dynamic-179-127-181-236.tpa.net.br])
by srv.hplus.com.br with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256)
(Exim 4.89_1)
(envelope-from <contato@hplus.com.br>)
id 1hIvT5-0006R2-4y
for xxx@xxx.com; Tue, 23 Apr 2019 08:28:29 -0500
Content-Type: multipart/related;
boundary="fyoal-4DDAA848C9084-pdwfvncipi-A968AD0786ED7155F3CB-hhxxmdtym-5BAF39EC1E9E6"
MIME-Version: 1.0
Message-ID: <kyopkzz16202083.79400405@mail.hplus.com.br>
X-Sender: contato@hplus.com.br
User-Agent: Workspace Webmail 6.9.07
Date: Tue, 23 Apr 2019 15:28:15 +0200
To: xxx@xxx.com
From: <xxx@xxx.com>
Organization: Jmrfqeami
Subject: john
X-Abuse-Reports-To: <abuse@mailer.hplus.com.br>
Feedback-ID: 8dmyuipa7jl0wztb5glr1twbz9y6rxncxcl55lr2zbzjvqt:none:lacrtlg
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv.hplus.com.br
X-AntiAbuse: Original Domain - xxx.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - hplus.com.br
X-Get-Message-Sender-Via: srv.hplus.com.br: authenticated_id: contato@hplus.com.br
X-Authenticated-Sender: srv.hplus.com.br: contato@hplus.com.br
X-Source:
X-Source-Args:
X-Source-Dir:
X-RBL-Warning: WEIGHT10: Weight of 11 reaches or exceeds the limit of 10.
X-Declude-Sender: contato@hplus.com.br [192.163.237.152]
X-Declude-Spoolname: 392445779.eml
X-Declude-RefID:
X-Declude-Note: Scanned by Declude 4.12.11
X-Declude-Scan: Incoming Score [11] at 13:39:37 on 23 Apr 2019
X-Declude-Tests: SORBS-RECENT [3], BASE64 [4], HELOBOGUS [5], FROMNOMATCH [2], WEIGHT10 [10]
X-Country-Chain: UNITED STATES->destination
X-Declude-Code: e
X-HELO: srv.hplus.com.br
X-Identity: 192.163.237.152 | 192-163-237-152.unifiedlayer.com | hplus.com.br
X-SmarterMail-Spam: SPF [Fail]: 10, SORBS - Recent: 5, ISpamAssassin [raw:5]: 9, DK [None]: 0, DKIM [None]: 5, Declude: 11
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - Domain)

7 Replies

Reply to Thread

Matt Petty Replied

4/23/2019 at 7:06 AM

Employee Post Marked As Answer

We have a fix for SPF [FAIL] Not triggering the invalid trusted sender behavior. I've DM'd you a custom build with a fix.

Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com

John Marx Replied

4/23/2019 at 7:41 AM

Thanks Matt!

Sébastien Riccio Replied

4/23/2019 at 8:45 AM

Hello,

we also have this issue with the latest SM 16, will a fix be available for it too as we are not yet ready to migrate our current user base to V17?

Thanks a lot for your answer.

Sébastien Riccio System & Network Admin https://swisscenter.com

Matt Petty Replied

4/23/2019 at 10:16 AM

Employee Post

As far as I'm aware SmarterMail 16 does not have this problem as this cropped up due to changes made a couple weeks back to SmarterMail 17.

If you can link the Headers for an email that exhibits this behavior I could tell you if your seeing the same thing.
This specifically fixes cases where SPF fails but we still accept a trusted sender. If SPF or DKIM fail we will print
X-SmarterMail-TotalSpamWeight: X (Trusted Sender - Domain, failed SPF)
or
X-SmarterMail-TotalSpamWeight: X (Trusted Sender - Domain, failed DKIM)

With X being a non-zero weight.

Notice in the example above by John, this was not the case.

Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com

Tim DeMeza Replied

4/23/2019 at 8:01 PM

Matt,

I think I need this build as well. It would really help. I am very concerned about malware / phishing scams getting through because of this. We can educate all we want, but somebody is going to click the link. Currently we are on 7040.

Thank you.

Matt Petty Replied

4/24/2019 at 7:15 AM

Employee Post

I sent that link to you. We do have a minor tentatively scheduled for release today. This link I'm handing out is a build from Friday so if you use this custom build you still might want to consider using the minor from later today.

Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com

CTL Replied

4/24/2019 at 9:11 PM

I have same problem for build 7040 , I think new build 7053 fix the issue

Thanks

Back to Community Threads

Please leave this box unchecked

7 Replies

Reply to Thread

Tags

Related Knowledge Base Articles