On Tue, 6 Feb 2018, Philip wrote:
So lately I'm getting LOTS of emails coming directly though the filters so
most likely time to investigate how to create one.
The subject is always 'hey'
Subject: hey
Date: Mon, 29 Jan 2018 09:07:40 +0300
From: Darya Message-ID: <8f35b00fb4e07d18ce82448ec9747...@112it4u.ro>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Any SA hits at all? Please provide at a minimum that header; better,
upload the entire message (all headers intact) to someplace like pastebin.
Hi josh, my name is Darya and i'm from Russia, but living in the USA. A week
ago, maybe more, I came across your profile on Facebook and now I wan to know
you more. I know it sounds a bit strange, but I believe you had something
like this in your life too :-) If its mutual, email me, this is my email
danielamar...@rambler.ru and I will send some of my photos also answer any of
your questions. Waiting for you, XXX Darya
This sort of thing I'd expect Bayes to catch.
112it4u.ro from the message ID has valid NS entries but the reverse PTR is
invalid.
I don't know whether DNS checks on the hostname in the message-ID would be
worthwhile...
The email always starts, 'hi {mailbox name}, and the text is mostly the same
but the name changes now and then and so does the email address.
Any suggestions on where to start? nOOb here!
Do you have Bayes enabled and are you training it?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Watch... Wallet... Gun... Knee... -- Denny Crane
-----------------------------------------------------------------------
Tomorrow: the first Falcon Heavy test launch
