All of a sudden, I'm getting 50-100 emails daily that look like this: Hi, info, my name is Daria and i'm from Russia. Currently I live in US. Im so glad to see your profile on Facebook. You seem like my type and I would like us to know each other better. You are super cute and handsome. If you feel the same, email me [email protected] and I will send some of my photos. Hugs, Daria According to below, I think my server isn't sending the emails. Each email has similar, subject, message, email received by are from different domains & different IPs. Any one has any suggestions how to block this SPAM? Googling X-PHP-Originating-Script: 971:class-phpmailer.php returned this result from January 2014, is this still valid today? Just edit /etc/php5/cgi/php.ini and change the following to: mail.add_x_header = Off While your in there change: expose_php = Off Return-Path: <[email protected]> Delivered-To: [email protected] Received: from localhost (localhost.localdomain [127.0.0.1]) by sun.mydomain.com (Postfix) with ESMTP id D0BE61485F8D for <[email protected]>; Wed, 31 Jan 2018 13:35:16 -0600 (CST) X-Virus-Scanned: Debian amavisd-new at sun.mydomain.com X-Spam-Flag: YES X-Spam-Score: 13.713 X-Spam-Level: ************* X-Spam-Status: Yes, score=13.713 tagged_above=1 required=4.5 tests=[BAYES_99=3.5, BAYES_999=0.2, HELO_MISC_IP=0.001, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723, PHP_ORIG_SCRIPT=2.337, RCVD_IN_DNSWL_BLOCKED=0.001, RDNS_NONE=0.793, SCHAALIT_BODY_517=5, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from sun.mydomain.com ([127.0.0.1]) by localhost (sun.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NCy0aUb1mKSu for <[email protected]>; Wed, 31 Jan 2018 13:35:10 -0600 (CST) Received: from [46.210.160.199] (unknown [176.13.102.208]) by sun.mydomain.com (Postfix) with ESMTP id 19113148909E for <[email protected]>; Wed, 31 Jan 2018 13:35:09 -0600 (CST) Received: by mail.goddessofgarbage.com (Postfix, from userid 971) id FB75CF39A3F; Wed, 31 Jan 2018 21:35:05 +0300 To: [email protected] Subject: ***SPAM***yo X-PHP-Originating-Script: 971:class-phpmailer.php Date: Wed, 31 Jan 2018 21:35:06 +0300 From: Daria <[email protected]> Message-ID: <[email protected]> X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer) MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Emails already go to SPAM I was trying to find out if I can block these somehow? I tried to create Mail Content Filter, I'm not sure what goes under Regexp Pattern: ???? Filter: Body Filter Regexp Pattern: ???? Data: rambler.ru Action: DISCARD Active: Yes
You can decrease the kill-level for mails in the current policy. The mails are tagged as spam and it's up to the admin how to hanlde the mails based on the kill-levels. Maybe this explains something more in detail: https://schaal-it.com/spammail-understand-header-move-mails/
Thanks Florian! I am using NORMAL Spamfilter policy, if I change SPAM kill level from 50.00 to 49.00 would that stop delivery of SPAM to JUNK folder and kill the message before it reaches user's mailbox?
