[Mdaemon-L] Email Spam

[Bambang Setiawan via Mdaemon-L]

Dear Pak Syafril,

Mohon bantuan Bapak, hari ini mailserver kami menerima banyak email spam 
dengan lampiran file xlsm dan sender yang berubah-rubah.

terlampir contoh dari header email tersebut, sementara ini saya buat 
content filter untuk mencegah email-email tersebut masuk ke mailbox user 
kami.

X-MDAV-Result: infected
X-MDAV-Infected: password-protected
X-MDAV-Processed: mail.persada.id, Wed, 02 Mar 2022 13:45:13 +0700
X-Spam-Processed: mail.persada.id, Wed, 02 Mar 2022 13:45:13 +0700
Return-path: <rmuje...@leabridge.co.zw>
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.2 required=5.0 tests=DATE_IN_FUTURE_12_24,
    HTML_MESSAGE,MDAEMON_OP_SPAM_HIGH,MIME_HTML_ONLY,SPF_NONE,
    T_SCC_BODY_TEXT_LINE,URI_HEX shortcircuit=no autolearn=disabled
    version=3.4.4
X-Spam-Report:
    *  2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish
    *  0.0 SPF_NONE SPF: sender does not publish an SPF Record
    *  2.5 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received:
    *      date
    *  0.1 URI_HEX URI: URI hostname has long hexadecimal sequence
    *  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    *  0.0 HTML_MESSAGE BODY: HTML included in message
    * -0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24)
Authentication-Results: mail.persada.id;
    spf=none smtp.mailfrom=rmuje...@leabridge.co.zw;
    dmarc=none header.from=leabridge.co.zw (no DMARC record);
    iprev=pass policy.iprev=198.23.61.111 (PTR kosmostechnologies.org);
    iprev=pass policy.iprev=198.23.61.111 (HELO kosmostechnologies.org);
    iprev=pass policy.iprev=198.23.61.111 (MAIL rmuje...@leabridge.co.zw)
Received: from kosmostechnologies.org (kosmostechnologies.org 
[198.23.61.111]) by mail.persada.id (103.150.114.156) (MDaemon PRO v21.5.2)
    with ESMTP id md5001002977706.msg; Wed, 02 Mar 2022 13:45:12 +0700
X-MDOP-RefID: 
str=0001.0A67342B.621F1277.00C8,ss=1,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,pt=R_967809,cl=4,cld=1,fgs=0 
(_st=4 _vt=0 _iwf=0)
X-MDRemoteIP: 198.23.61.111
X-MDHelo: kosmostechnologies.org
X-MDArrival-Date: Wed, 02 Mar 2022 13:45:12 +0700
X-MDOrigin-Country: US, NA
X-Rcpt-To: deviana.purw...@persada.id
X-MDRcpt-To: deviana.purw...@persada.id
X-Return-Path: rmuje...@leabridge.co.zw
X-Envelope-From: rmuje...@leabridge.co.zw
X-MDaemon-Deliver-To: deviana.purw...@persada.id
Received: from [122.2.22.242] (port=63503)
    by altar45.supremepanel45.com with esmtpsa  (TLS1.2) tls 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    (Exim 4.94.2)
    (envelope-from <rmuje...@leabridge.co.zw>)
    id 1nPIjO-0002No-Ni
    for deviana.purw...@persada.id; Wed, 02 Mar 2022 06:45:01 +0000
Date: Wed, 02 Mar 2022 14:45:01 -0800
From: "<APRILLIA WULAN UTARI> wulan.ut...@persada.id 
(rmuje...@leabridge.co.zw)" <rmuje...@leabridge.co.zw>
To: "" <deviana.purw...@persada.id>
Subject: RE: deviana.purw...@persada.id
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="----=_NextPart_00136_2072_139952479.3020957578"
X-AntiAbuse: This header was added to track abuse, please include it 
with any abuse report
X-AntiAbuse: Primary Hostname - altar45.supremepanel45.com
X-AntiAbuse: Original Domain - persada.id
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - leabridge.co.zw
X-Get-Message-Sender-Via: altar45.supremepanel45.com: authenticated_id: 
rmuje...@leabridge.co.zw
X-Source:
X-Source-Args:
X-Source-Dir:
Message-ID: <mdaemon-f202203021345.aa4508110md5001000000...@mail.persada.id>
X-MDBadQueue-Reason: CF Rule "Xlsm"

------=_NextPart_00136_2072_139952479.3020957578
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
</head>
<body>
<br>
Hi ,
<br>
<br>
=0DSee attached
<br>
<br>
<br>
DATA 8082396.zip<br><br>
zip password: 089
<br>
<br>
<br>
Thank you,
<br>
<br>
APRILLIA WULAN UTARI<br>
wulan.ut...@persada.id<br>
<br>
<br>
</body>
</html>

Atas bantuannya diucapkan terima kasih.


Salam

--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0