>Changed and Amavis has been restarted. I’ll check the headers on the next
>piece of spam to come through. Thanks
I’m still trying to figure out how illegitimate stuff like this is getting
through. It’s obviously a virus (which was caught) but then why did the email
get through? I see the flag was for 4.0 so it wasn’t enough to kick it out
based on wording but wouldn’t something in the headers be forged and catch this?
Received: from smtp.phhwtechnology.com (10.0.1.7) by mail.phhwtechnology.com
(10.0.1.5) with Microsoft SMTP Server id 14.3.195.1; Fri, 22 Aug 2014
15:12:59 -0500
Received: from localhost (localhost [127.0.0.1]) by smtp.phhwtechnology.com
(Postfix) with ESMTP id DCC4C194998E for <gledf...@phhwtechnology.com>; Fri,
22 Aug 2014 15:01:50 -0500 (CDT)
X-Quarantine-ID: <NDBldcOJqsG1>
X-Virus-Scanned: Debian amavisd-new at smtp.phhwtechnology.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char C2 hex):
From: Janna
\021\303\202\302\261N\303\203\302\276\303\203\302\267\022\303\202\302\256\303\202\302\270\303\203\302\230\303\203\302\273[...]
X-Spam-Flag: NO
X-Spam-Score: 4.803
X-Spam-Level: ****
X-Spam-Status: No, score=4.803 tagged_above=-100 required=5
tests=[DCC_CHECK=1.1, FROM_ILLEGAL_CHARS=2.059,
RCVD_IN_BRBL_LASTEXT=1.644] autolearn=no autolearn_force=no
Received: from smtp.phhwtechnology.com ([127.0.0.1]) by localhost
(smtp.phhwtechnology.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id
NDBldcOJqsG1 for <gledf...@phhwtechnology.com>; Fri, 22 Aug 2014 15:01:49
-0500 (CDT)
Received-SPF: none (smtp.1-800-optisource.com: No applicable sender policy
available) receiver=spamfilter; identity=mailfrom;
envelope-from="dqyf...@smtp.1-800-optisource.com";
helo=smtp.1-800-optisource.com; client-ip=96.56.14.106
Received: from smtp.1-800-optisource.com (smtp.1-800-optisource.com
[96.56.14.106]) by smtp.phhwtechnology.com (Postfix) with ESMTP id
4BDCC194998A for <gledf...@phhwtechnology.com>; Fri, 22 Aug 2014 15:01:48
-0500 (CDT)
From:
<"Janna
�??N????�??????????????????{|????r???"@??}W????^-??????#??|????????jQ????????Z??+??c??_????1R??????c????????????K??|
/????????]????8'+%??5??�??u??>,
<"????Rw??d}?????????????j????????????h"@smtp.phhwtechnology.com>,
"zS]???????" <dqyf...@smtp.1-800-optisource.com>
To: <gledf...@phhwtechnology.com>
Subject: inovice_AUG_7831915.pdf
Date: Fri, 22 Aug 2014 16:01:06 -0400
Message-ID: <5921d510-35dc-be7b-ad00-8655a7347...@mail.phhwtechnology.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0025_01CFBE22.48401B00"
Return-Path: dqyf...@smtp.1-800-optisource.com
X-MS-Exchange-Organization-AuthSource: WEBSERVER01.mail.phhwtechnology.com
X-MS-Exchange-Organization-AuthAs: Anonymous
