Hello,
I have an issue that I can't explain. I've been received a fair amount
of the spam below. What's unusual is that it seems to bypass my acls,
spamassassin, etc. I would expect to see the SpamAssassin scores in the
headers but this just seems to be doing something to bypass that.
The only thing I note is that its sent my smtp (as oppossed to esmtp).
Would that make a difference?
I've appended the mail and the log lines below
Thanks a mil!
John
Complete Mail:
======================================================
Return-path: <>
Envelope-to: my@???
Delivery-date: Tue, 01 Sep 2015 12:10:05 +0200
Received: from a113.sub165.net78.udm.net ([78.85.165.113]:51034
helo=78.85.165.113)
by myserver.co.za with smtp (Exim 4.80.1)
id 1ZWiVw-0007MT-3m
for my@???; Tue, 01 Sep 2015 12:10:04 +0200
Received: from unknown (HELO localhost)
(nitc.co.ir@???@207.80.158.108)
by 78.85.165.113 with ESMTPA; Tue, 1 Sep 2015 14:12:34 +0400
X-Originating-IP: 207.80.158.108
From: nitc.co.ir@???
To: my@???
Message-Id: <E1ZWiVw-0007MT-3m@???>
Date: Tue, 01 Sep 2015 12:10:04 +0200
Subject: Received annoying spam from BestMoversToronto?
Received annoying spam "from us"?
We understand how it feels, but we didn't do this.
Someone very jealous is trying to bring reputation of our company down by
sending these annoying emails to you. These spammers' goal is to make you
angry and report "us" as spammers. That's why being opened we are showing
this message to you and wanted to let you know that we would never do this.
Our privacy policy actually protects you from receiving those emails. And
we have received multiple complains and we know that your are probably not
even living in Toronto.
Lastly, we would like to say that we are actively investigating the case
and you can actually help us to collect more evidences and prosecute the
offenders! Please forward the emails you receive to
abuse@???
Thank you for your time and understanding,
Real team of BestMoversToronto.ca
LOG LINES:
======================================================
2015-09-01 12:10:01 [29631] SMTP connection from [78.85.165.113]:51034
I=[5.5.5.5]:25 (TCP/IP connection count = 1)
2015-09-01 12:10:05 [28301] 1ZWiVw-0007MT-3m <= <>
H=a113.sub165.net78.udm.net (78.85.165.113) [78.85.165.113]:51034
I=[5.5.5.5]:25 P=smtp S=1476 T="Received annoying spam from
BestMoversToronto?" from <> for my@???
2015-09-01 12:10:05 [28417] cwd=/var/spool/exim 3 args: /usr/sbin/exim
-Mc 1ZWiVw-0007MT-3m
2015-09-01 12:10:05 [28417] 1ZWiVw-0007MT-3m => Me <my@???> F=<>
P=<> R=localuser T=dovecot_delivery S=1569 QT=1s DT=0s
2015-09-01 12:10:05 [28301] SMTP connection from
a113.sub165.net78.udm.net (78.85.165.113) [78.85.165.113]:51034
I=[5.5.5.5]:25 closed by QUIT
2015-09-01 12:10:08 [28417] 1ZWiVw-0007MT-3m Completed QT=4s
