Hi all,
I'm sure this has been asked multiple times before and found already some simular posts, but i cannot get it to work.
I daily receive spam messages from bit invest. I trained spamassassin with the headers, but it seems not to be working. I also created a custom spamassassin rule for it, but i keep receiving them.
It contains this header:
Hope someone can help me with a cool filter for this and how to create the filter the right way
I'm sure this has been asked multiple times before and found already some simular posts, but i cannot get it to work.
I daily receive spam messages from bit invest. I trained spamassassin with the headers, but it seems not to be working. I also created a custom spamassassin rule for it, but i keep receiving them.
It contains this header:
Code:
Return-Path: <contact@webwellblog.com>
Delivered-To:receiver
Received: from webserver
by webserver with LMTP
id wHmKBKg4vl+3eQAARAZS/w
(envelope-from <contact@webwellblog.com>)
for <myemail>; Wed, 25 Nov 2020 11:57:44 +0100
Return-path: <contact@webwellblog.com>
Envelope-to: myemail
Delivery-date: Wed, 25 Nov 2020 11:57:44 +0100
Received: from proxspamfilter ([178.19.119.250])
by webserver1 with esmtp (Exim 4.94)
(envelope-from <contact@webwellblog.com>)
id 1khsUa-0004cU-17
for myemail; Wed, 25 Nov 2020 11:57:44 +0100
Received: from pmgfilter (localhost [127.0.0.1])
by pmgfilter (Proxmox) with ESMTP id DAE86576
for <myemail>; Wed, 25 Nov 2020 11:57:43 +0100 (CET)
Received: from mail.webwellblog.com (mail.webwellblog.com [128.199.217.121])
by pmgfilter (Proxmox) with ESMTP
for <myemail>; Wed, 25 Nov 2020 11:57:42 +0100 (CET)
From: "Lucas , Klant manager" <contact@webwellblog.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=webwellblog.com;
s=default; t=1606301853;
bh=03fGkoweN6DAGYORTvjEQcykzxUY6OGUnbM+G94jZaE=;
h=From:Subject:To:Date:From;
b=mf2fg9yXygL2J/OPMmdpNHry7vrcu6xrcMRHFB+knr9shr4E3dkMpFEzdH+hNcaMi
tF7a65jdjeie0YUe04MoDY/SteHWT3waPGi7trGw3m4GlpOQAj/0j+W2JbMtwYYi3c
jEAz+PiyWXITArbpLJW+29byJ8rasKlbyRP+lAUQ=
Subject: Je hebt 24 uur om uw openstaande saldo, jj krijgen
To: "info" <myemail>
Content-Type: multipart/alternative; boundary="YEhP2me2qtYYDGQZhGeazcgF6n3tn=_Kor"
Mime-Version: 1.0
Date: Wed, 25 Nov 2020 02:57:33 -0800
Message-Id: <20201125105731.6E7B1600F76D@mail.webwellblog.com>
X-SPAM-LEVEL: Spam detection results: 2
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
HTML_MESSAGE 0.001 HTML included in message
SCHAALIT_URI_888 5 -
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_KAM_HTML_FONT_INVALID 0.01 Test for Invalidly Named or Formatted Colors in HTML
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [webwellblog.com,page.link,fonts.googleapis.com]Hope someone can help me with a cool filter for this and how to create the filter the right way
