Problem with spam with different Received for and To in headers [SOLVED]

Discussion in 'ISPConfig 3 Priority Support' started by SupuS, Oct 11, 2017.

  1. SupuS

    SupuS Member HowtoForge Supporter

    Hello,
    I am fighting with spam with predictable headers but I am not able to block it by spamassasin rule. Here is example header of email from spammer:
    Code:
    Return-Path: <[email protected]>
    Delivered-To: [email protected]
    Received: from localhost (localhost.localdomain [127.0.0.1])
        by mx1.server.ltd (Postfix) with ESMTP id DBECF51C3B9
        for <[email protected]>; Wed, 11 Oct 2017 04:30:47 +0200 (CEST)
    X-Virus-Scanned: Debian amavisd-new at mx1.server.ltd
    X-Spam-Flag: NO
    X-Spam-Score: 2.831
    X-Spam-Level: **
    X-Spam-Status: No, score=2.831 tagged_above=1 required=4.5
        tests=[HTML_IMAGE_ONLY_04=0.342, HTML_MESSAGE=0.001,
        HTML_SHORT_LINK_IMG_1=0.139, MPART_ALT_DIFF=0.724,
        SUBJ_ALL_CAPS=1.625] autolearn=disabled
    Received: from mx1.server.ltd ([127.0.0.1])
        by localhost (mx1.server.ltd [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id jyq13G-l7AmT for <[email protected]>;
        Wed, 11 Oct 2017 04:30:47 +0200 (CEST)
    Received: from mx2.server.ltd (mx2.server.ltd [12.34.56.78])
        by mx1.server.ltd (Postfix) with ESMTPS id 6FE5D51C3B8
        for <[email protected]>; Wed, 11 Oct 2017 04:30:47 +0200 (CEST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
        by mx2.server.ltd (Postfix) with ESMTP id F23891010821
        for <[email protected]>; Wed, 11 Oct 2017 04:30:46 +0200 (CEST)
    X-Virus-Scanned: Debian amavisd-new at mx2.server.ltd
    Received: from mx2.server.ltd ([127.0.0.1])
        by localhost (mx2.server.ltd [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id oCaT4eGu1Eb0 for <[email protected]>;
        Wed, 11 Oct 2017 04:30:46 +0200 (CEST)
    Received: from mail.alfahost.co.ua (mail.alfahost.co.ua [85.25.159.68])
        by mx2.server.ltd (Postfix) with ESMTP id A92AD10107E2
        for <[email protected]>; Wed, 11 Oct 2017 04:30:46 +0200 (CEST)
    Received: from alfahost.co.ua (mail.alfahost.co.ua [85.25.159.68])
        by mail.alfahost.co.ua (Postfix) with ESMTPA id 1143ABC1EAF;
        Wed, 11 Oct 2017 03:27:54 +0300 (EEST)
    Message-ID: <inqu[email protected]>
    From: "Machoman" <[email protected]>
    To: <[email protected]>
    As you can see there are different "To" ([email protected]) and "Received" for ([email protected]). Is there a way to detect and increase spam points for mails with different "To" and "Received for"? I cannot find how to write spamassasin custom rule for this purpose. Or any other way how to filter this mess.

    Thanks for any idea.
     
  2. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

  3. SupuS

    SupuS Member HowtoForge Supporter

    Thank you it is much better than I hoped :)
     
  4. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

Share This Page