Alex skrev den 2023-01-15 20:47:
Hi,
X-Spam-Status: No, score=1.102 tagged_above=-200 required=5
tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, DMARC_PASS=-0.1, FMBLA_HELO_OUTMX=-0.01,
FMBLA_RDNS_OUTMX=-0.01, HTML_MESSAGE=0.001, LOC_CDIS_INLINE=0.1,
LOC_FILE_SHARE_PHISH1=0.75, LOC_FROMADDR=0.01, LOC_FROMNAME=0.01,
LOC_IMGSPAM=0.1, LOC_XORIGORG=0.01, MIME_HTML_ONLY=0.1,
RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001,
RCVD_IN_SENDERSCORE_80_89=-0.4, RELAYCOUNTRY_LOW=0.1,
RELAYCOUNTRY_US=0.01,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, TXREP=-0.166]
autolearn=disabled
I'm reporting it to spamcop and training bayes, but does anyone have
any other ideas?
Is this just someone using their sharepoint account to send a phish?
Perhaps account takeover?
https://pastebin.com/2CJ3SLf2
Content analysis details: (3.1 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.7 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see
http://www.openspf.org/Why?s=mfrom;id=no-reply%40sharepointonline.com;ip=199.199.178.197;r=localhost.junc.eu]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
0.0 ARC_SIGNED Message has a ARC signature
0.1 DKIM_INVALID DKIM or DK signature exists, but is not
valid
0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with
Strict
Alignment
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.0 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the
message and
the domain has a DMARC reject policy
0.1 DMARC_REJECT DMARC reject policy
it gets neutral score since its maillist of some kind imho ?
reject it by dkim valid, one of the signers is valid, if not just arc,
if only arc is then do setup AuthRes plugin in spamassassin 4.x.x
i dont know how, but i belive spammers die slowly in 2023