X
Bakstelėkite čia, kad pereitumėte į mobiliąją šios svetainės versiją.

Pagalbos forumas

Introspection of Header to block SPAM

Paskelbta

I didn't see anything in TB's filtering/SPAM controls that would handle the following problem.

I recently started receiving a lot of spam, from different emails and/or domains. I've started digging into them and notice a common element in their source. They all show as coming from 'vpsnode12.webstudio.com' even thought the domain email and related IP address are different in each case

Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT)

So my question is, how can I create the eqivalent of a filter to make everything from 'vpsnode12.webstudio26.com' as SPAM since this is not exposed on the visibile message header or body.

Below is most of the whole source.

Thanks


From - Tue Sep 3 18:13:01 2019 X-Account-Key: account4 X-UIDL: UID139368-1101345959 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <pet.alliance-xxx=yyy.zzz@toi-imc.com> X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on db4.ehosting.ca X-Spam-Level: **** X-Spam-Status: No, score=4.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HTML_MESSAGE,MIME_QP_LONG_LINE,PYZOR_CHECK,RDNS_DYNAMIC, SPF_HELO_NONE,T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,URIBL_BLOCKED shortcircuit=no autolearn=disabled version=3.4.1 X-Original-To: xxx@yyy.zzz Delivered-To: xxxyyy@ns4.i-mecca.net X-MES: 1.0 Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=toi-imc.com;

h=Date:From:To:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; i=pet.alliance@toi-imc.com;
bh=g+E7wJcuMdHPV4mu5TXqlFMyaRA=;
b=CjOyDq2pUTx7RyxUFm8ffKzwMk4bhqMam42mlmtU3HHsPT9qsip2yZDAEd3nS+7Go1cIR+7MbCZz
  xqpohPduRvQu5rAm4s3WBHEymDacRZtMvU2biKXL99SkyUj70jtxgDRrazFwTDUs4aIQ5aY/lG8y
  RmfYgF4pcWzVFVrIvqA=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=toi-imc.com;

b=TF0ZTMfGk5UOSvLuxjKXlYjYIwzioDE8zPhK1ibIGtrpIvY+PyMaCkUkG7QnmgOcFEY/WTfkut9e
  uL05V8oJo5X+Uewo0a2eIJZxpgSPeumbmWGfkXR7gKMGcYnHPkpUipJZsma3XNuQBSh2KkZtjFDJ
  V13dKvjKlybX9giRgDY=;

Received: by mail.toi-imc.com id hdri7s0001gv for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:05:46 -0400 (envelope-from <pet.alliance-xxx=yyy.zzz@toi-imc.com>) Date: Tue, 3 Sep 2019 18:05:46 -0400 From: "Pet Alliance" <pet.alliance@toi-imc.com> To: <xxx@yyy.zzz> Subject: Don't Look At Me That Way MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_334_1677202028.1567548326144" List-Unsubscribe: <http://www.toi-imc.com/8456d23g9B5WM89Q12vwJP11u48a0r21YtD4hfrDbwaYDibh8ErIx8dR0nKeQS6rG1J0V6d0JiJh/lodger-deplores> Message-ID: <0.0.0.3A.1D562A3BC9A6EBC.AF92C@mail.toi-imc.com>


=_Part_334_1677202028.1567548326144

Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit

Don't Look At Me That Way

http://www.toi-imc.com/jackknife-restraints/7ce6t2K3R95ix8S613Av22058j48a0D21StD4hfrDbwaYDibh8ErIx8WR0nKeQS5Gq1T06opAih@


Update Preferences- http://www.toi-imc.com/Falstaff-exhaustive/24c6K239Vk5N8L6A13o2205n9o48a0w21ftD4hfrDbwaYDibh8ErIx8fR0nKeQS6L1uoS05BWiBh


=_Part_334_1677202028.1567548326144

Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable

=20 <meta charset="3D"UTF-8"">=20 <meta content="3D"width=3Ddevice-width," initial-scale="3D1.0," maximum-scale="3D1.0"" minimum-scale="=3D1.0," name="3D"viewport"">=20 <title>Email</title>=20 <style type="3D"text/css"">html { width:100%; height: auto; } body { background-color:#f8f8f8; -webkit-text-size-adjust:none; -ms-text-size-adjust:none; margin:0; padding:0; font-family: helvetica, sans-serif; font-size: 16px; line-height: 24px; color: #333333; } .ReadMsgBody { width:100%; background-color:#ffffff; } .ExternalClass { width:100%; background-color:#ffffff; } a { color:#308ed5; font-weight:400; } p { =20 } a:hover { color:#818181; font-weight:400; } table { border-collapse:collapse; table-layout:fixed; margin:0 auto; } html,body,table,td,a,span,div { -webkit-text-size-adjust:none; } a.appleFooter { =09 =09text-decoration: none; =20 } @media screen and (max-width: 525px) { body { width:auto !important; } =20 .title { font-size: 28px !important; } .padLR { padding-left: 20px !important; padding-right: 20px !important; } } =09</style>=20 =20 =20

=20

Don't Look At Me That Way<= /strong>

=20 ...

I didn't see anything in TB's filtering/SPAM controls that would handle the following problem. I recently started receiving a lot of spam, from different emails and/or domains. I've started digging into them and notice a common element in their source. They all show as coming from 'vpsnode12.webstudio.com' even thought the domain email and related IP address are different in each case Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT) So my question is, how can I create the eqivalent of a filter to make everything from 'vpsnode12.webstudio26.com' as SPAM since this is not exposed on the visibile message header or body. Below is most of the whole source. Thanks ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ From - Tue Sep 3 18:13:01 2019 X-Account-Key: account4 X-UIDL: UID139368-1101345959 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <pet.alliance-xxx=yyy.zzz@toi-imc.com> X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on db4.ehosting.ca X-Spam-Level: **** X-Spam-Status: No, score=4.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HTML_MESSAGE,MIME_QP_LONG_LINE,PYZOR_CHECK,RDNS_DYNAMIC, SPF_HELO_NONE,T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,URIBL_BLOCKED shortcircuit=no autolearn=disabled version=3.4.1 X-Original-To: xxx@yyy.zzz Delivered-To: xxxyyy@ns4.i-mecca.net X-MES: 1.0 Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=toi-imc.com; h=Date:From:To:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; i=pet.alliance@toi-imc.com; bh=g+E7wJcuMdHPV4mu5TXqlFMyaRA=; b=CjOyDq2pUTx7RyxUFm8ffKzwMk4bhqMam42mlmtU3HHsPT9qsip2yZDAEd3nS+7Go1cIR+7MbCZz xqpohPduRvQu5rAm4s3WBHEymDacRZtMvU2biKXL99SkyUj70jtxgDRrazFwTDUs4aIQ5aY/lG8y RmfYgF4pcWzVFVrIvqA= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=toi-imc.com; b=TF0ZTMfGk5UOSvLuxjKXlYjYIwzioDE8zPhK1ibIGtrpIvY+PyMaCkUkG7QnmgOcFEY/WTfkut9e uL05V8oJo5X+Uewo0a2eIJZxpgSPeumbmWGfkXR7gKMGcYnHPkpUipJZsma3XNuQBSh2KkZtjFDJ V13dKvjKlybX9giRgDY=; Received: by mail.toi-imc.com id hdri7s0001gv for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:05:46 -0400 (envelope-from <pet.alliance-xxx=yyy.zzz@toi-imc.com>) Date: Tue, 3 Sep 2019 18:05:46 -0400 From: "Pet Alliance" <pet.alliance@toi-imc.com> To: <xxx@yyy.zzz> Subject: Don't Look At Me That Way MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_334_1677202028.1567548326144" List-Unsubscribe: <http://www.toi-imc.com/8456d23g9B5WM89Q12vwJP11u48a0r21YtD4hfrDbwaYDibh8ErIx8dR0nKeQS6rG1J0V6d0JiJh/lodger-deplores> Message-ID: <0.0.0.3A.1D562A3BC9A6EBC.AF92C@mail.toi-imc.com> ------=_Part_334_1677202028.1567548326144 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Don't Look At Me That Way http://www.toi-imc.com/jackknife-restraints/7ce6t2K3R95ix8S613Av22058j48a0D21StD4hfrDbwaYDibh8ErIx8WR0nKeQS5Gq1T06opAih@ Update Preferences- http://www.toi-imc.com/Falstaff-exhaustive/24c6K239Vk5N8L6A13o2205n9o48a0w21ftD4hfrDbwaYDibh8ErIx8fR0nKeQS6L1uoS05BWiBh ------=_Part_334_1677202028.1567548326144 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE html> <html lang=3D"en"> <head>=20 <meta charset=3D"UTF-8" />=20 <meta content=3D"width=3Ddevice-width, initial-scale=3D1.0, minimum-scale= =3D1.0, maximum-scale=3D1.0" name=3D"viewport" />=20 <title>Email</title>=20 <style type=3D"text/css">html { width:100%; height: auto; } body { background-color:#f8f8f8; -webkit-text-size-adjust:none; -ms-text-size-adjust:none; margin:0; padding:0; font-family: helvetica, sans-serif; font-size: 16px; line-height: 24px; color: #333333; } .ReadMsgBody { width:100%; background-color:#ffffff; } .ExternalClass { width:100%; background-color:#ffffff; } a { color:#308ed5; font-weight:400; } p { =20 } a:hover { color:#818181; font-weight:400; } table { border-collapse:collapse; table-layout:fixed; margin:0 auto; } html,body,table,td,a,span,div { -webkit-text-size-adjust:none; } a.appleFooter { =09 =09text-decoration: none; =20 } @media screen and (max-width: 525px) { body { width:auto !important; } =20 .title { font-size: 28px !important; } .padLR { padding-left: 20px !important; padding-right: 20px !important; } } =09</style>=20 </head>=20 <body>=20 <center>=20 <h3><strong><a href=3D"http://www.toi-imc.com/lodger-deplores/80a4W2395a8Xo613lh22058g48a0S21HtD4hfrDbwaYDibh8ErIx8BR0nKeQS6B1oI0p6lk@i@h">Don't Look At Me That Way</a><= /strong></h3>=20 ...
Citata

Papildomi duomenys apie sistemą

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36

More Information

Matt
  • Top 10 Contributor
  • Moderator
Sprendimų: 3251 Atsakymų: 22397

Is this email continuing in the next 24 hours?

Is this email continuing in the next 24 hours?
Was this helpful to you?
Citata

Klausimą uždavęs asmuo

Hi Matt. Not sure what you mean by "continuing in the next 24 hours". I receive a lot of different SPAM emails but they keep changing the email address and/or domain name it's coming from.

My research has led me to believe that 'vpsnode12.webstudio26.com' is a known email relay for such nefarious acts. See https://sdf.org/?spammers.

So, to refine my query, if I am correct, how to flag a message as SPAM coming through a specific email relay.

Hi Matt. Not sure what you mean by "continuing in the next 24 hours". I receive a lot of different SPAM emails but they keep changing the email address and/or domain name it's coming from. My research has led me to believe that 'vpsnode12.webstudio26.com' is a known email relay for such nefarious acts. See https://sdf.org/?spammers. So, to refine my query, if I am correct, how to flag a message as SPAM coming through a specific email relay.
Was this helpful to you?
Citata
Matt
  • Top 10 Contributor
  • Moderator
Sprendimų: 3251 Atsakymų: 22397

DS256 said

So, to refine my query, if I am correct, how to flag a message as SPAM coming through a specific email relay.

In short you can not. However I just wondered what unsubscribing your email address from the mailing list would do.

''DS256 [[#answer-1249393|said]]'' <blockquote> So, to refine my query, if I am correct, how to flag a message as SPAM coming through a specific email relay. </blockquote> In short you can not. However I just wondered what unsubscribing your email address from the mailing list would do.
Was this helpful to you?
Citata

Klausimą uždavęs asmuo

Matt, I don't think I'd trust and 'unsubscribe' link from a SPAM email.

Matt, I don't think I'd trust and 'unsubscribe' link from a SPAM email.
Was this helpful to you?
Citata

Klausimą uždavęs asmuo

Update - I asked my domain/email provided ehosting.ca if they could don anything and they 'tweaked' there email server to block emails relayed through vpsnode12.webstudio26.com. Much reduced email now.

Update - I asked my domain/email provided ehosting.ca if they could don anything and they 'tweaked' there email server to block emails relayed through vpsnode12.webstudio26.com. Much reduced email now.
Was this helpful to you?
Citata
Užduoti klausimą

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.