Re: Spam messages with no payload
On 2/19/12 5:45 PM, Jason Haar wrote: I know what you mean - see if anyone can figure out what this one was about! I think they're just screwing with us :-/ (I mean, do they seriously think people are going to reply excuse me, did you mean to send this to me? and take it from there?) http://pastebin.com/MCwFrP6C this is a typical 'freight forwarder scam' they want you to prepay freight to their 'authorized forwarder' who never accepts the shipment, it gets sent back to you, but you are on the hook for the original payments, and/ or, you totally lose your shipment anyway. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 *| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ __
Re: Spam messages with no payload
On 02/19/2012 06:58 AM, Benny Pedersen wrote: Den 2012-02-19 06:14, neon_overload skrev: http://pastebin.com/xxJut9wb http://pastebin.com/BApWfSfd invalid messageid and html attachment when there exists html body + freemail sender
Re: Spam messages with no payload
I know what you mean - see if anyone can figure out what this one was about! I think they're just screwing with us :-/ (I mean, do they seriously think people are going to reply excuse me, did you mean to send this to me? and take it from there?) http://pastebin.com/MCwFrP6C -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: Spam messages with no payload
For starters, your using qmail. I know postfix will give you more protection up front with just rbl and certain restrictions that would help quite a bit. Are you running any rbl or dns checks with qmail? -- Jeremy McSpadden On Feb 19, 2012, at 4:46 PM, Jason Haar jason_h...@trimble.com wrote: I know what you mean - see if anyone can figure out what this one was about! I think they're just screwing with us :-/ (I mean, do they seriously think people are going to reply excuse me, did you mean to send this to me? and take it from there?) http://pastebin.com/MCwFrP6C -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: Spam messages with no payload
Den 2012-02-19 23:45, Jason Haar skrev: http://pastebin.com/MCwFrP6C ip2cc 8.8.8.8 whats is the date of that ?, your clamav is outdated :(
Spam messages with no payload
I'm convinced that spammers are using me as a guinea pig. I'm getting hit pretty hard by just a few determined spammers at the moment who seem to vary their spam signature every day or so (they sent out through thousands of free accounts at free email providers, so can't use client DNSBL). But every now and again, I'll get a spam from them that follows pretty much the same pattern as everything else, except that the vital ingredient - the link to their spam site or any mention of what they are promoting - is not there. Just the formatting and the random words. And these mails get right through my spam filter. It's as if they are just sending out a test run when they come up with a new pattern, to see if it increases their bounce rate or something. BAYES_99 often hits on them, but I don't want to reject email just because it hits BAYES_99. The thing is, it's difficult to classify these emails even manually as spam or not spam, so it'd be hard to come up with rules to filter them. They are once-off, so they're not bulk per se - and they are not promoting the spammer - they are just random words. But they are, of course, still spam to me because they are noise I didn't request. -- View this message in context: http://old.nabble.com/Spam-messages-with-no-payload-tp33350242p33350242.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Spam messages with no payload
Can you pastebin some sample messages + headers ? -- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net http://www.fluxlabs.net/ Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 On 2/18/12 6:55 PM, neon_overload neon...@neonjs.com wrote: I'm convinced that spammers are using me as a guinea pig. I'm getting hit pretty hard by just a few determined spammers at the moment who seem to vary their spam signature every day or so (they sent out through thousands of free accounts at free email providers, so can't use client DNSBL). But every now and again, I'll get a spam from them that follows pretty much the same pattern as everything else, except that the vital ingredient - the link to their spam site or any mention of what they are promoting - is not there. Just the formatting and the random words. And these mails get right through my spam filter. It's as if they are just sending out a test run when they come up with a new pattern, to see if it increases their bounce rate or something. BAYES_99 often hits on them, but I don't want to reject email just because it hits BAYES_99. The thing is, it's difficult to classify these emails even manually as spam or not spam, so it'd be hard to come up with rules to filter them. They are once-off, so they're not bulk per se - and they are not promoting the spammer - they are just random words. But they are, of course, still spam to me because they are noise I didn't request. -- View this message in context: http://old.nabble.com/Spam-messages-with-no-payload-tp33350242p33350242.ht ml Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Spam messages with no payload
Here is one example from this morning http://pastebin.com/xxJut9wb And after decoding that base64 attachment: http://pastebin.com/BApWfSfd Normally, there is a link or redirect to the spammer's site but this is one of the ones that is missing that, it has all the same formatting and the filler text but no payload so it is a pointless spam (unless there is some other reason for it, like testing bounce rates). -- View this message in context: http://old.nabble.com/Spam-messages-with-no-payload-tp33350242p33350641.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Spam messages with no payload
Den 2012-02-19 06:14, neon_overload skrev: http://pastebin.com/xxJut9wb http://pastebin.com/BApWfSfd invalid messageid and html attachment when there exists html body
Re: Spam messages with no payload
Benny Pedersen wrote: invalid messageid and html attachment when there exists html body Thanks for looking at that for me. Forgive me since I am relatively new to Spamassasin, but why wouldn't it have built-in rules for this, or are there rules that are just disabled by default? It seems it would be easy to do a header rule for the message-id and to do a meta rule for an HTML body plus an HTML attachment. Feel free to point me in the right direction. Cheers, Thomas Rutter -- View this message in context: http://old.nabble.com/Spam-messages-with-no-payload-tp33350242p33350779.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.