Email SPAM

Discussion in 'General' started by onastvar, Jan 31, 2018.

  1. onastvar

    onastvar Member

    All of a sudden, I'm getting 50-100 emails daily that look like this:

    Hi, info, my name is Daria and i'm from Russia. Currently I live in US. Im so glad to see your profile on Facebook. You seem like my type and I would like us to know each other better. You are super cute and handsome. If you feel the same, email me [email protected] and I will send some of my photos. Hugs, Daria

    According to below, I think my server isn't sending the emails. Each email has similar, subject, message, email received by are from different domains & different IPs. Any one has any suggestions how to block this SPAM?

    Googling X-PHP-Originating-Script: 971:class-phpmailer.php
    returned this result from January 2014, is this still valid today?

    Just edit /etc/php5/cgi/php.ini and change the following to:
    mail.add_x_header = Off
    While your in there change:
    expose_php = Off


    Return-Path: <[email protected]>
    Delivered-To: [email protected]
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by sun.mydomain.com (Postfix) with ESMTP id D0BE61485F8D
    for <[email protected]>; Wed, 31 Jan 2018 13:35:16 -0600 (CST)
    X-Virus-Scanned: Debian amavisd-new at sun.mydomain.com
    X-Spam-Flag: YES
    X-Spam-Score: 13.713
    X-Spam-Level: *************
    X-Spam-Status: Yes, score=13.713 tagged_above=1 required=4.5
    tests=[BAYES_99=3.5, BAYES_999=0.2, HELO_MISC_IP=0.001,
    HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723,
    PHP_ORIG_SCRIPT=2.337, RCVD_IN_DNSWL_BLOCKED=0.001, RDNS_NONE=0.793,
    SCHAALIT_BODY_517=5, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001]
    autolearn=no autolearn_force=no
    Received: from sun.mydomain.com ([127.0.0.1])
    by localhost (sun.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id NCy0aUb1mKSu for <[email protected]>;
    Wed, 31 Jan 2018 13:35:10 -0600 (CST)
    Received: from [46.210.160.199] (unknown [176.13.102.208])
    by sun.mydomain.com (Postfix) with ESMTP id 19113148909E
    for <[email protected]>; Wed, 31 Jan 2018 13:35:09 -0600 (CST)
    Received: by mail.goddessofgarbage.com (Postfix, from userid 971) id FB75CF39A3F; Wed, 31 Jan 2018 21:35:05 +0300
    To: [email protected]
    Subject: ***SPAM***yo
    X-PHP-Originating-Script: 971:class-phpmailer.php
    Date: Wed, 31 Jan 2018 21:35:06 +0300
    From: Daria <[email protected]>
    Message-ID: <[email protected]>
    X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
    MIME-Version: 1.0
    Content-Type: text/html; charset=UTF-8
    Content-Transfer-Encoding: 8bit
     
  2. sjau

    sjau Local Meanie Moderator

    You could add content filtering and e.g. blacklist all of rumbler.ru
     
  3. florian030

    florian030 Well-Known Member HowtoForge Supporter

    X-Spam-Flag: YES
    X-Spam-Score: 13.713

    Why don't you set "move spam to junk" for teh account?
     
  4. onastvar

    onastvar Member

    Emails already go to SPAM I was trying to find out if I can block these somehow? I tried to create Mail Content Filter, I'm not sure what goes under Regexp Pattern: ????

    Filter: Body Filter
    Regexp Pattern: ????
    Data: rambler.ru
    Action: DISCARD
    Active: Yes
     
  5. florian030

    florian030 Well-Known Member HowtoForge Supporter

  6. onastvar

    onastvar Member

    Thanks Florian! I am using NORMAL Spamfilter policy, if I change SPAM kill level from 50.00 to 49.00 would that stop delivery of SPAM to JUNK folder and kill the message before it reaches user's mailbox?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    You will have to set Kill level to e.g. 12 to get the above mentioned mail deleted.
     

Share This Page