On 30.03.16 06:18, redtailjason wrote:
Hello. We are seeing an issue where spoofed spam is being whitelisted to our
domain.
this is quote common issue for people that whitelist their own
domain/address and then wonder that spammers use them too.
(and spammers use their domains/addresses because many people whitelist
them).
Below is an excerpt from the headers of an example. Please let me know what
additional information you may need to know.
The headers you have posted show mail that only goes through
internal IPs and localhost, that mail doesn't seem to come from outside.
it also looks that it comes from EPSON scanner, and has .tiff attachment
that is quite common for scanned documents.
that means, it may be scanned document, or a fax, hoever it's not easy to
process scanned faxes for spammines.
Return-Path: ep...@redtailtechnology.com
Received: from 192.168.1.236 (LHLO smtp.redtailtechnology.com)
(192.168.1.236) by store1.redtailtechnology.com with LMTP; Wed, 30 Mar 2016
04:50:54 -0700 (PDT)
Received: from smtp.redtailtechnology.com (localhost [127.0.0.1])
by smtp.redtailtechnology.com (Postfix) with ESMTPS id 8D1AC241E6
for <jason.kel...@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54
-0700
(PDT)
Received: from smtp.redtailtechnology.com (localhost [127.0.0.1])
by smtp.redtailtechnology.com (Postfix) with ESMTPS id 60A7E2419F
for <jason.kel...@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54
-0700
(PDT)
Received: from smfemlsec008.redtailtechnology.com (unknown [192.168.4.38])
by smtp.redtailtechnology.com (Postfix) with ESMTP id 0D46E23040
for <jason.kel...@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54
-0700
(PDT)
Received: from localhost (localhost [127.0.0.1])
by smfemlsec008.redtailtechnology.com (Postfix) with ESMTP id
D0F0C440D55
for <jason.kel...@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54
-0700
(PDT)
X-Virus-Scanned: Debian amavisd-new at smfemlsec008.redtailtechnology.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=6 WHITELISTED tests=[]
autolearn=unavailable
Received: from smfemlsec008.redtailtechnology.com ([IPv6:::ffff:127.0.0.1])
by localhost (smfemlsec008.redtailtechnology.com [::ffff:127.0.0.1])
(amavisd-new, port 10024)
with ESMTP id d8lTFWK8x7HI for <jason.kel...@redtailtechnology.com>;
Wed, 30 Mar 2016 04:50:54 -0700 (PDT)
Received: from MAILSECURITY010.redtailtechnology.com (unknown
[192.168.5.250])
by smfemlsec008.redtailtechnology.com (Postfix) with ESMTP id
991A5440D37
for <ja...@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54 -0700 (PDT)
X-AuditID: c0a805fa-f79cd6d000005f93-77-56fbbd9dffc7
Received: from [1.22.69.90] (Unknown_Domain [192.168.1.175])
by MAILSECURITY010.redtailtechnology.com (Symantec Messaging Gateway)
with
SMTP id 69.3E.24467.E9DBBF65; Wed, 30 Mar 2016 04:50:54 -0700 (PDT)
From: EPSON <ep...@redtailtechnology.com>
To: "ja...@redtailtechnology.com" <ja...@redtailtechnology.com>
Subject: Emailing: docment_445.tiff
Thread-Topic: Emailing: docment_445.tiff
Thread-Index: AdF19gcy1pI0QqthRiW4cvvoSHimaQ==
Date: Wed, 30 Mar 2016 17:20:47 +0530
Message-ID: <5eebe6c7c8ec93d091aaaaa105283a596a7a2...@redtailtechnology.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.9.7]
Content-Type: multipart/mixed;
boundary="_009_969736950B901A97BC6F12CCEAED34481501232322711FCF93emamil_"
MIME-Version: 1.0
X-MXScan-Scan: Scanned by MxScan 2.7.501.0 for WIN-3EAMS8MV18J
X-MXScan-Msgid: 11014316981197995070449318587208_
X-MXScan-License: {Unregistered Version} Only for personal and
non-commercial use. Commercial use is PROHIBITED and requires a license.
X-MXScan-AntiVirus: ClamAV devel-clamav-0.97-408-ge11f7cc/21435/Wed, 30 Mar
2016 17:20:47 +0530 [Clean]
X-MXScan-AntiSpam: KEYWORD [Pass], RDNSBL [Pass], URLBL [NA], SPAMASSASSIN
[NA], DCC_CHECK [NA]
X-MXScan-SpamScore: 0
X-MXScan-ProcessingTime: 5.063 sec(s)
X-ME-Bayesian: 0.000000
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Configuration-Help-Request-Spoofed-Email-Being-Whitelisted-tp120328.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...
