This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Too much spam passes Astaro since v8

I realize that too much spam passes the Astaro since (I think) v8.200.

Today I got a mail with the word "vagina" in subject. Do we need to care about expressions now? We never had to care about expressions in the past, so we don´t have any word on the expression list until now.

What´s wrong there?

We use "Reject invalid HELO / missing RDNS", "Greylisting" and "Perform SPF check" and the following RBLs:

bl.spamcop.net
psbl.surriel.com
cbl.abuseat.org
dnsbl.ahbl.org
dul.maps.vix.com
rbl.maps.vix.com
blackholes.mail-abuse.org

What else can we do?

This thread was automatically locked due to age.

Parents

0 tomtomtom over 14 years ago

Ok, this is the Log:

[PHP]2011:10:16-13:23:47 gw exim-in[7473]: 2011-10-16 13:23:47 SMTP connection from [75.180.132.122]:48346 (TCP/IP connection count = 1)
2011:10:16-13:23:47 gw exim-in[11218]: 2011-10-16 13:23:47 [75.180.132.122] F= R= Accepted: to postmaster
2011:10:16-13:23:48 gw exim-in[11218]: 2011-10-16 13:23:48 1RFOol-0002uw-37 ctasd reports 'Unknown' RefID:str=0001.0A0B0202.4E9ABEC4.0034,ss=1,re=0.000,fgs=0
2011:10:16-13:23:48 gw exim-in[11218]: 2011-10-16 13:23:48 1RFOol-0002uw-37 Greylisting: Successful greylist retry from 75.180.132.122 (original host was 75.180.132.123/32)
2011:10:16-13:23:48 gw exim-in[11218]: 2011-10-16 13:23:48 1RFOol-0002uw-37  work R=SCANNER T=SCANNER
2011:10:16-13:23:50 gw smtpd[11221]: SCANNER[11221]: 1RFOol-0002uw-37 Completed
[/PHP]

and this the mail with header:

[PHP]
Received: from gw.*******.de ([10.*.*.250])
          by sd1 (Lotus Domino Release 8.5.1FP4)
          with ESMTP id 2011101613235470-2908 ;
          Sun, 16 Oct 2011 13:23:54 +0200
Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.122]:48346)
by gw.*******.de with esmtp (Exim 4.76)
(envelope-from )
id 1RFOol-0002uw-37
for postmaster@*******.de; Sun, 16 Oct 2011 13:23:48 +0200
Received: from cdptpa-omtalb.mail.rr.com ([10.127.143.54])
          by cdptpa-qmta04.mail.rr.com with ESMTP
          id
          for ; Sun, 16 Oct 2011 09:00:53 +0000
X-CTCH-RefID: str=0001.0A0B0202.4E9ABEC4.0034,ss=1,re=0.000,fgs=0
Return-Path:
Authentication-Results:  cdptpa-omtalb.mail.rr.com smtp.user=b6305@adelphia.net; auth=pass (LOGIN)
X-Authority-Analysis: v=1.1 cv=Ri5u3PlAq/1Uv+Mf6lrMSBCtIb5BqfMjuDuUC3EjppU= c=1 sm=0 a=Ek0Fk5aji7YA:10 a=uYRmwVSfly8A:10 a=AoypwtN02KXEoq/SvguDBg==:17 a=IONiDlPvAAAA:8 a=rG532u37N9vSUK8lxI4A:9 a=YznDO_Zu2gsA:10 wl=env:26 a=AoypwtN02KXEoq/SvguDBg==:117
X-Cloudmark-Score: 0
X-Originating-IP: 89.103.127.88
Received: from [89.103.127.88] ([89.103.127.88:3334] helo=localhost)
by cdptpa-oedge04.mail.rr.com (envelope-from )
(ecelerity 2.2.3.46 r()) with ESMTPA
id 62/30-26592-50D9A9E4; Sun, 16 Oct 2011 08:59:50 +0000
Date: Sun, 16 Oct 2011 08:59:49 +0000
Message-ID:
From: b6305@adelphia.net
To: postmaster@*******.de
Subject: Nail blue-wonderpilz with u to insure ur potence!
X-TNEFEvaluated: 1
X-MIMETrack: Itemize by SMTP Server on sd1/***(Release 8.5.1FP4|July 25, 2010) at
16.10.2011 13:23:54,
Serialize by Notes Client on *******/******/***(Release 8.5.2FP3|July
11, 2011) at 17.10.2011 14:13:39,
Serialize complete at 17.10.2011 14:13:39

New cheap bluetabz everyday. herbertandcridan.com/.../PHP]

Thank you, Tom.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tomtomtom over 14 years ago

Ok, this is the Log:

[PHP]2011:10:16-13:23:47 gw exim-in[7473]: 2011-10-16 13:23:47 SMTP connection from [75.180.132.122]:48346 (TCP/IP connection count = 1)
2011:10:16-13:23:47 gw exim-in[11218]: 2011-10-16 13:23:47 [75.180.132.122] F= R= Accepted: to postmaster
2011:10:16-13:23:48 gw exim-in[11218]: 2011-10-16 13:23:48 1RFOol-0002uw-37 ctasd reports 'Unknown' RefID:str=0001.0A0B0202.4E9ABEC4.0034,ss=1,re=0.000,fgs=0
2011:10:16-13:23:48 gw exim-in[11218]: 2011-10-16 13:23:48 1RFOol-0002uw-37 Greylisting: Successful greylist retry from 75.180.132.122 (original host was 75.180.132.123/32)
2011:10:16-13:23:48 gw exim-in[11218]: 2011-10-16 13:23:48 1RFOol-0002uw-37  work R=SCANNER T=SCANNER
2011:10:16-13:23:50 gw smtpd[11221]: SCANNER[11221]: 1RFOol-0002uw-37 Completed
[/PHP]

and this the mail with header:

[PHP]
Received: from gw.*******.de ([10.*.*.250])
          by sd1 (Lotus Domino Release 8.5.1FP4)
          with ESMTP id 2011101613235470-2908 ;
          Sun, 16 Oct 2011 13:23:54 +0200
Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.122]:48346)
by gw.*******.de with esmtp (Exim 4.76)
(envelope-from )
id 1RFOol-0002uw-37
for postmaster@*******.de; Sun, 16 Oct 2011 13:23:48 +0200
Received: from cdptpa-omtalb.mail.rr.com ([10.127.143.54])
          by cdptpa-qmta04.mail.rr.com with ESMTP
          id
          for ; Sun, 16 Oct 2011 09:00:53 +0000
X-CTCH-RefID: str=0001.0A0B0202.4E9ABEC4.0034,ss=1,re=0.000,fgs=0
Return-Path:
Authentication-Results:  cdptpa-omtalb.mail.rr.com smtp.user=b6305@adelphia.net; auth=pass (LOGIN)
X-Authority-Analysis: v=1.1 cv=Ri5u3PlAq/1Uv+Mf6lrMSBCtIb5BqfMjuDuUC3EjppU= c=1 sm=0 a=Ek0Fk5aji7YA:10 a=uYRmwVSfly8A:10 a=AoypwtN02KXEoq/SvguDBg==:17 a=IONiDlPvAAAA:8 a=rG532u37N9vSUK8lxI4A:9 a=YznDO_Zu2gsA:10 wl=env:26 a=AoypwtN02KXEoq/SvguDBg==:117
X-Cloudmark-Score: 0
X-Originating-IP: 89.103.127.88
Received: from [89.103.127.88] ([89.103.127.88:3334] helo=localhost)
by cdptpa-oedge04.mail.rr.com (envelope-from )
(ecelerity 2.2.3.46 r()) with ESMTPA
id 62/30-26592-50D9A9E4; Sun, 16 Oct 2011 08:59:50 +0000
Date: Sun, 16 Oct 2011 08:59:49 +0000
Message-ID:
From: b6305@adelphia.net
To: postmaster@*******.de
Subject: Nail blue-wonderpilz with u to insure ur potence!
X-TNEFEvaluated: 1
X-MIMETrack: Itemize by SMTP Server on sd1/***(Release 8.5.1FP4|July 25, 2010) at
16.10.2011 13:23:54,
Serialize by Notes Client on *******/******/***(Release 8.5.2FP3|July
11, 2011) at 17.10.2011 14:13:39,
Serialize complete at 17.10.2011 14:13:39

New cheap bluetabz everyday. herbertandcridan.com/.../PHP]

Thank you, Tom.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data