On 24/11/2016 13:15, Matus UHLAR - fantomas wrote:
On 24.11.16 10:23, Geoff Soper wrote:
Subject: Spam with attachments and UNPARSEABLE_RELAY
For a few weeks I've been suffering spam messages with attachments
getting through with a suspicious score of 0.0. Upon inspection, they
all had the following lines in the header:
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
server.alphaworks.co.uk
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=3.0 tests=UNPARSEABLE_RELAY
autolearn=unavailable autolearn_force=no version=3.4.1
X-Spam-Score: 0.0
1. can you post headers from any such mail?
2. do other mails get catched or at least score different from 0.0 ?
Hi,
1. See attached example. I've removed the username and replaced it with
<removed>.
2. Other mail is getting correctly identified as spam so that's something...
Many thanks,
Geoff
Return-Path: <gardner.esmera...@microauto.com>
X-Spam-Relays-External:
X-Spam-Relays-Untrusted:
X-Spam-Flag: NO
X-Spam-Status: No, Score=0.0
X-Spam-Report:
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
lines
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
server.alphaworks.co.uk
X-Spam-Score: 0.0
X-Original-To: <removed>@alphaworks.co.uk
Delivered-To: <removed>@alphaworks.co.uk
X-No-Auth: unauthenticated sender
Received: (nullmailer pid 36796 invoked by uid 7637323);
Fri, 25 Nov 2016 12:23:11 +0500
X-No-Auth: unauthenticated sender
Received: from internal (unknown [x.x.x.x])
Received: (nullmailer pid 36796 invoked by uid 7637323);
Fri, 25 Nov 2016 12:23:11 +0500
To: <removed>@alphaworks.co.uk>
Subject: *** VIRUS ***It Is Important
X-PHP-Originating-Script: 7637323:SendMail.class.php
From: "Esmeralda Gardner" <gardner.esmera...@microauto.com>
Date: Fri, 25 Nov 2016 12:23:11 +0500
MIME-Version: 1.0
Content-Type: multipart/related; boundary="4863c15906b03373f7d9d5b584584773"
Message-Id: <1124330643.045726.43998.sendm...@alphaworks.co.uk>
X-Procmail-Alphaworks-Geoff: 27/01/2014
X-Procmail-HeaderInclude: 27/01/2014
X-Procmail-Alphaworks-Whitelist: 27/01/2014
X-Procmail-DomainInclude: 27/01/2014
X-Procmail-Alphaworks-Blacklist: 27/01/2014
X-Procmail-BounceInclude: 27/01/2014
X-Procmail-DotInclude: 25/12/2009
X-Procmail-SpamAssassinInclude: 25/12/2009
X-Procmail-FooterInclude: 25/12/2009
X-Antivirus: avast! (VPS 161124-7, 24/11/2016), Inbound message
X-Antivirus-Status: Infected
X-Attachment: INVOICE_<removed>.zip#1783656308|>HQ2s9y6f.js Virus:
JS:LockyDownloader [Trj] Deleted
--4863c15906b03373f7d9d5b584584773
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Dear <removed>, we received your invoice but couldn't pay, =
because your requisites were invalid.
Sending you the report of the problem - please open the attachment and =
check the data.
--4863c15906b03373f7d9d5b584584773--
