Block the interface malware/virus emails

Discussion in 'Installation/Configuration' started by vk3heg, Nov 15, 2015.

  1. vk3heg

    vk3heg Member

    Hi Everyone,

    How would I go about blocking the following email. They always come from different ip's etc.
    I have put into the postfix global blacklist for "interfax.net", and "incoming@interfax.net" yet the emails keep on coming.

    As a last resort I have put a block in amavis for any *.doc/*.docx files (Even those in zip files)

    Return-Path: <MAILER-DAEMON>
    X-Original-To: admin@domain.net.au
    Delivered-To: admin@domain.net.au
    Received: from localhost (unknown [127.0.0.1])
    by server.domain.net.au (Postfix) with ESMTP id E767D2544A4D
    for <admin@domain.net.au>; Sun, 15 Nov 2015 11:40:39 +0000 (UTC)
    X-Envelope-From: <web246@webbox122.server-home.org>
    X-Envelope-To: <info@domain.net.au>
    X-Envelope-To-Blocked: <info@domain.net.au>
    X-Quarantine-ID: <yEZRL7BuL6qU>
    X-Amavis-Alert: BANNED, message contains .asc,document000292405.doc.js
    X-Spam-Flag: NO
    X-Spam-Score: 0
    X-Spam-Level:
    X-Spam-Status: No, score=x tag=x tag2=x kill=x tests=[] autolearn=unavailable
    Received: from server.domain.net.au ([127.0.0.1])
    by localhost (server.domain.net.au [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id yEZRL7BuL6qU for <info@domain.net.au>;
    Sun, 15 Nov 2015 22:40:39 +1100 (AEDT)
    Received-SPF: none (webbox122.server-home.org: No applicable sender policy available) receiver=shadow.activateit.net.au; identity=mailfrom; envelope-from="web246@webbox122.server-home.org"; helo=webbox122.server-home.org; client-ip=83.220.144.26
    Received: from webbox122.server-home.org (webbox122.server-home.org [83.220.144.26])
    by server.domain.net.au (Postfix) with ESMTP id 51DC0254451F
    for <info@domain.net.au>; Sun, 15 Nov 2015 22:40:33 +1100 (AEDT)
    Received: by webbox122.server-home.org (Postfix, from userid 1625)
    id 44D36C5E43; Sun, 15 Nov 2015 12:40:30 +0100 (CET)
    To: info@domain.net.au
    Subject: You have received fax, document 000292405
    Date: Sun, 15 Nov 2015 12:40:30 +0100
    From: "Interfax Online" <incoming@interfax.net>
    Reply-To: "Interfax Online" <incoming@interfax.net>
    Message-ID: <9b253fb5dc5493644c3737604f0c21d4@bestoflogistics.org>
    X-Priority: 3
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="b1_a19df9d3fec74a8f67de22d5a6654af7"
    Content-Transfer-Encoding: 8bit

    New incoming fax document.

    You can find your fax document in the attachment.

    File size: 242 Kb
    Scanned: Sat, 14 Nov 2015 17:29:39 +0300
    Sender: Benjamin Hensley
    Pages number: 7
    Scan duration: 24 seconds
    Fax name: document000292405.doc
    Quality: 200 DPI

    Thanks for using Interfax service!


    [document000292405.zip application/zip (2259 bytes)]
     

Share This Page