Is anyone else getting spam similar to this: I started getting this (albeit in English) a month or two ago, and it went away about the same time I turned on the CBL/XBL filters on postfix. It appears it's back again. Note, I have absolutely zero connection with "baosteel.com" before these started showing up. Example: --------------------------------------------------------------------------------
From - Fri Mar 04 10:17:59 2011 X-Account-Key: account3 X-UIDL: 0000144b4b5bb8b1 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <yanxd@baosteel.com> X-Original-To: immute##THISWASADDED##@msk4.com Delivered-To: immute##THISWASADDED##@msk4.com Received: from smtps-2.sercomtel.com.br (smtps-2.sercomtel.com.br [200.155.34.156]) by li01.msk4.com (Postfix) with ESMTP id E4ED34157 for <immute##THISWASADDED##@msk4.com>; Fri, 4 Mar 2011 01:20:13 -0600 (CST) Received: from User (unknown [95.59.199.4]) by smtps-2.sercomtel.com.br (Postfix) with ESMTP id 6E1D32F00C2; Fri, 4 Mar 2011 04:17:55 -0300 (BRT) Reply-To: <mail.a3@gmx.us> From: "Mail Administrator"<yanxd@baosteel.com> Subject: Email Quota Exceeded Date: Fri, 4 Mar 2011 08:19:40 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: <20110304071756.6E1D32F00C2@smtps-2.sercomtel.com.br> To: undisclosed-recipients:;
This is to inform you that you have exceeded your E-mail Quota Limit and you need to increase your E-mail Quota Limit because in less than 96 hours your E- mail Account will be disabled.Increase your E-mail Quota Limit and continue to use your Webmail Account.
To increase your E-mail Quota Limit to 2.7GB, Fill in your Details as below and send to the E-mail Quota Webmaster by CLICKING REPLY:
EMAIL ADDRESS: USERNAME: PASSWORD: CONFIRM PASSWORD: DATE OF BIRTH:
Thank you for your understanding and corperation in helping us give you the Best of E-mail Service.
Common phishing scam; we see them all the time, nearly always from accounts which have been compromised by others who respond to the same scam. On Fri, 04 Mar 2011 10:30:53 -0600 imNet Administrator <admin+nanog@msk4.com> wrote:
Is anyone else getting spam similar to this: I started getting this (albeit in English) a month or two ago, and it went away about the same time I turned on the CBL/XBL filters on postfix. It appears it's back again. Note, I have absolutely zero connection with "baosteel.com" before these started showing up.
Example: --------------------------------------------------------------------------------
From - Fri Mar 04 10:17:59 2011 X-Account-Key: account3 X-UIDL: 0000144b4b5bb8b1 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <yanxd@baosteel.com> X-Original-To: immute##THISWASADDED##@msk4.com Delivered-To: immute##THISWASADDED##@msk4.com Received: from smtps-2.sercomtel.com.br (smtps-2.sercomtel.com.br [200.155.34.156]) by li01.msk4.com (Postfix) with ESMTP id E4ED34157 for <immute##THISWASADDED##@msk4.com>; Fri, 4 Mar 2011 01:20:13 -0600 (CST) Received: from User (unknown [95.59.199.4]) by smtps-2.sercomtel.com.br (Postfix) with ESMTP id 6E1D32F00C2; Fri, 4 Mar 2011 04:17:55 -0300 (BRT) Reply-To: <mail.a3@gmx.us> From: "Mail Administrator"<yanxd@baosteel.com> Subject: Email Quota Exceeded Date: Fri, 4 Mar 2011 08:19:40 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: <20110304071756.6E1D32F00C2@smtps-2.sercomtel.com.br> To: undisclosed-recipients:;
This is to inform you that you have exceeded your E-mail Quota Limit and you need to increase your E-mail Quota Limit because in less than 96 hours your E- mail Account will be disabled.Increase your E-mail Quota Limit and continue to use your Webmail Account.
To increase your E-mail Quota Limit to 2.7GB, Fill in your Details as below and send to the E-mail Quota Webmaster by CLICKING REPLY:
EMAIL ADDRESS: USERNAME: PASSWORD: CONFIRM PASSWORD: DATE OF BIRTH:
Thank you for your understanding and corperation in helping us give you the Best of E-mail Service.
-- John
On 3/4/2011 10:35 AM, John Peach wrote:
Common phishing scam; we see them all the time, nearly always from accounts which have been compromised by others who respond to the same scam.
I thought this might be the case. Any particular hints on spam filters that can catch this type of thing? I already have most of the Postfix Anti-UCE cheatsheet implemented, but I'm hesitant to implement body checks because this installation supports a very small userbase and runs on limited hardware.
participants (2)
-
imNet Administrator
-
John Peach