Hi, We're receiving quite a few SPAM messages with zip files attached that look like they come from our own domain. Sorry if I appear a complete noob, but how is this even possible? SA seems to not score this high enough to be SPAM. What can we do to fix this? Headers are below.
Kind regards, Tom From tena...@qka.com Thu Sep 24 13: 29:50 2015 MIME-Version: 1.0 X-Spam-Status: No, hits=2.8 required=5.0 X-MS-Exchange-Organization-Authsource: ga8r9nl0j6u7...@motec.com.au Content-Type: multipart/mixed; boundary="----=_Next_54920_1367254513.7341918864818" Message-ID: <3qacpit7myo3scscxw1urx79vbpnf58nkz7...@motec.com.au> X-MS-Exchange-Organization-Authas: Internal X-MS-Exchange-Organization-SCL: -1 X-MS-Tnef-Correlator: <j0ehcypux29pa2x3pgntnnerzyloajmol6j...@motec.com.au> Received: from mail.motec.com.au (motec6.motec.com.au [115.70.189.243]) by support.motec.com.au (8.14.4/8.14.4) with ESMTP id t8O3Tn7D021736 for <i2...@support.motec.com.au>; Thu, 24 Sep 2015 13:29:50 +1000 Received: (qmail 8515 invoked by alias); 24 Sep 2015 03:29:48 -0000 Received: (qmail 8502 invoked by uid 187); 24 Sep 2015 03:29:48 -0000 Received: from 116.58.205.184 by scion.motec.com.au (envelope-from <tena...@qka.com>, uid 181) with qmail-scanner-2.08st (clamdscan: 0.97.8/20932. spamassassin: 3.3.1. perlscan: 2.08st. Clear:RC:0(116.58.205.184):SA:0(2.8/5.0):. Processed in 6.943055 secs); 24 Sep 2015 03:29:48 -0000 Received: from unknown (HELO banglalinkgsm.com) (116.58.205.184) by scion.motec.com.au with SMTP; 24 Sep 2015 03:29:29 -0000 Received: from 4750.motec.com.au (10.238.114.77) by motec.com.au (10.0.0.218) with Microsoft SMTP Server id 6WSFFOKZ; Wed, 23 Sep 2015 11:28:46 GMT Delivered-To: i2...@motec.com.au Subject: Scanned Image from a Xerox WorkCentre X-Spam-Report: SA TESTS 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [116.58.205.184 listed in bb.barracudacentral.org] 1.0 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=helo;id=banglalinkgsm.com;ip=116.58.205.184;r=scion.motec.com.au] -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 1.0 XPRIO Has X-Priority header 0.4 AWL AWL: Adjusted score from AWL reputation of From: address X-Priority: 3 (Normal) Date: Wed, 23 Sep 2015 11:28:46 GMT X-Spam-Level: ++ X-MS-Has-Attach: yes X-MS-Exchange-Organization-Authmechanism: 02 To: helen.papp...@motec.com.au X-MS-Exchange-Organization-Avstamp-Mailbox: MSFTFF;0;0;0 0 0 From: "Incoming Fax" <incoming....@motec.com.au> Content-Length: 0 content-type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-RT-Original-Encoding: ascii Content-Length: 412 -- Tom Robinson IT Manager/System Administrator MoTeC Pty Ltd 121 Merrindale Drive Croydon South 3136 Victoria Australia T: +61 3 9761 5050 F: +61 3 9761 5051 E: tom.robin...@motec.com.au
signature.asc
Description: OpenPGP digital signature
