>From what I see from the spam scoring, you have a -100 from the domain being whitelisted, i.e. google.com in your example. This gave the total spam score a value of less than 0, and based on the header it says a 6.31 score or higher would cause the message to be blocked. So the spammer is spoofing google.com and your set up doesn't seem to be verifying that the ip and helo name do not match google. I don't use those content filters to know enough to tell you what to do, but that's why the emails are getting in. I'd be interested in hearing the solution to this as well.
On Wed, Nov 13, 2013 at 5:41 AM, HL <freemail.grha...@gmail.com> wrote: > Hello, > > Could someone help me with this spam technique, so I can get rid of these > spams > I am using postfix postscreen + amavis + spamassassin > but for some reason this kind of spam comes through it. > > I include the headers of the mail > smtp names and e-mails have been changed intentionally for obvious reasons, > Thanks in advance for your answers > Regards, > Harry. > ------------------------------------------------------------ > ------------------------------------------------------------ > -------------------- > > Return-Path: <ionizationy8...@google.com> > X-Original-To: postmas...@mydomain.com > Delivered-To: postmas...@mydomain.com > Received: from localhost (localhost.localdomain [127.0.0.1]) > by SMTP.MYDOMAIN.COM (Postfix) with ESMTP id D16A0125205A > for <postmas...@mydomain.com>; Wed, 13 Nov 2013 09:22:35 +0200 > (EET) > X-Spam-Flag: NO > X-Spam-Score: -88.74 > X-Spam-Level: > X-Spam-Status: No, score=-88.74 required=6.31 tests=[BAYES_80=2, > FILL_THIS_FORM=0.001, FILL_THIS_FORM_LONG=3.404, > HELO_DYNAMIC_IPADDR=1.951, SPF_SOFTFAIL=0.665, URIBL_BLACK=1.725, > URIBL_RHS_DOB=1.514, USER_IN_WHITELIST=-100] autolearn=no > Received: from SMTP.MYDOMAIN.COM ([127.0.0.1]) > by localhost (SMTP.MYDOMAIN.COM [127.0.0.1]) (amavisd-new, port > 10024) > with LMTP id PKsznNOBUVah for <postmas...@mydomain.com>; > Wed, 13 Nov 2013 09:22:14 +0200 (EET) > Received-SPF: Softfail (domain owner discourages use of this host) > identity=mailfrom; client-ip=41.13.5.22; helo=vc-nat-gp-s-41-13-5-22. > umts.vodacom.co.za; envelope-from=ionizationy8...@google.com; receiver= > my_normal_u...@mydomain.com > Received: from vc-nat-gp-s-41-13-5-22.umts.vodacom.co.za (unknown > [41.13.5.22]) > by SMTP.MYDOMAIN.COM (Postfix) with ESMTP id 7192B1252068 > for <postmas...@mydomain.com>; Wed, 13 Nov 2013 09:21:46 +0200 > (EET) > Received: from [78.46.5.107] (account stupiditiesmo...@google.com HELO > luremarwrygsy.gjkuq.info) > by vc-nat-gp-s-41-13-5-22.umts.vodacom.co.za (CommuniGate Pro > SMTP 5.2.3) > with ESMTPA id 011263209 for my_normal_u...@mydomain.com; Wed, 13 > Nov 2013 09:21:45 +0200 > Date: Wed, 13 Nov 2013 09:21:45 +0200 > From: <my_normal_u...@mydomain.com>, > <postmas...@mydomain.com> > X-Mailer: The Bat! (v2.00.5) Personal > X-Priority: 3 (Normal) > Message-ID: <7520979746.y738unqz317...@qjdutytbsjinak.bzxgmzafmq.biz> > To: <my_normal_u...@mydomain.com>, > <postmas...@mydomain.com> > Subject: Employment you've been searching! > MIME-Version: 1.0 > Content-Type: text/plain; > charset=iso-8859-2 > Content-Transfer-Encoding: 7bit > ------------------------------------------------------------ > ------------------------------------------------------------ > ------------------------------------------------------------ > ---------------------------------- >
