Spam Mails

[aynur.yilmaz]

Hi everyone,

I receive spam mails from many different places and with many different content. I am sending you some spam mail samples. Is there a more general filtering method?



I published a post.
https://forum.proxmox.com/threads/creating-a-spamassassin-rule.104806/

I am waiting for your suggestions and solutions. Thanks

 

[Stoiko Ivanov]

Please share the logs (from /var/log/mail.log on your PMG) from the time these mails arrived - maybe we can see some potential for improvement

 

[aynur.yilmaz]

Please share the logs (from /var/log/mail.log on your PMG) from the time these mails arrived - maybe we can see some potential for improvement

There is no log of these mails under /var/log/mail.log on my PMG.
Also, when I search for the sending e-mail addresses on PMG/Tracking Center, I can't find them.

 

[aynur.yilmaz]

Mail Raw Format ;

Return-Path: <duohun@correo.asirtec.online>
Received: from xxx (LHLO xxx)
 (172.16.205.77) by xxx with LMTP; Sun, 20 Feb 2022 08:34:22
 +0300 (EET)
Received: from localhost (localhost [127.0.0.1])
    by xxx (Postfix) with ESMTP id 58BD160026E4;
    Sun, 20 Feb 2022 08:34:22 +0300 (+03)
X-Virus-Scanned: amavisd-new at xxx
X-Spam-Flag: NO
X-Spam-Score: 6.265
X-Spam-Level: ******
X-Spam-Status: No, score=6.265 required=6.6 tests=[BAYES_60=1.5,
    FROM_SUSPICIOUS_NTLD=0.499, FROM_SUSPICIOUS_NTLD_FP=0.001,
    HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1,
    NORDNS_LOW_CONTRAST=2.349, NO_DNS_FOR_FROM=0.001, RAND_HEADER_MANY=1,
    RDNS_NONE=0.793, T_SPF_HELO_TEMPERROR=0.01, T_SPF_TEMPERROR=0.01]
    autolearn=no autolearn_force=no
Received: from xxx ([127.0.0.1])
    by localhost (xxx [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id nlsuA-7BVf8X; Sun, 20 Feb 2022 08:34:06 +0300 (+03)
Received: from correo.asirtec.online (unknown [212.48.78.241])
    by xxx (Postfix) with ESMTP id E22D560093CD
    for <yyy@xxx>; Sun, 20 Feb 2022 08:34:05 +0300 (+03)
Subject: Incoming voicemessage: 6:31
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Shall-Messengers-Creditor: 724217CA25EF7B
Sexual-Middle: 58C87AB5
Fantasize-Hegelianize: 94438D589
Content-Type: text/html; charset=UTF-8
Message-ID: <92b2279d32313-a528a6e51.5292a7dcddf2d86@correo.asirtec.online>
From: WhatsAppService <duohun@correo.asirtec.online>
To: "yyy@xxx" <yyy@xxx>
Date: Sun, 20 Feb 2022 06:31:02 +0000
X-Zimbra-DL: yyy@xxx

 

[Stoiko Ivanov]

I don't see that this message passed through PMG at all?
is correo.asirtec.online a PMG?
on a hunch - the mails just don't pass through PMG - but are directly posted to your mailserver?

check the deployment guide - PMG should be the MX record of your domain

I hope this helps!

 

[aynur.yilmaz]

I don't see that this message passed through PMG at all?
is correo.asirtec.online a PMG?
on a hunch - the mails just don't pass through PMG - but are directly posted to your mailserver?

check the deployment guide - PMG should be the MX record of your domain

I hope this helps!

When I added the What Object --> Match Field --> Subject rule to PMG, it was blocked because the word incoming was included in it.

(?i)(\W|^)(ages?|activated?|you|annoy|new|missed|incoming|containing|voice|request|asap|attack.*|attentions?)(\W|$)

The mail in this image is blocked by PMG by typing the following rule.I succeeded.

But spam mail is sent with many different words. It is not possible to write all the words in the filter.

 

[Stoiko Ivanov]

As said from the information you've shared until now - I don't see where this or any other message enters PMG - and what it does with it - I cannot help you without this information