Contained Spam Keywords

Apr 10, 2007

Issues with emails with attachments getting filtered out.

I had put an attachment in an email that never get to it's destination. There were 2 flash files and a gif attached to it. That same email was send back today 2007-04-10 at 14:04 and was filtered out again.

Also, yesterday two emails were sent. Both emails had an mp3 file within them and were filtered out.

Got this automated response after sending an email with a .eml file in attachment :

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

Code:
testuser@local-domain.com
This message has been rejected because it has
a potentially executable attachment "Bigbox + intersticielle.eml"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
EXIM filter logs:

2007-04-10 10:31:32 1HbIJd-0002z1-S5 from testuser@local-domain.com contained spam keywords

Confirmed:
- spam assasin disabled
- spam box disabled
- no email filters set up
- mx entry correct
- unlimited mail disk quota

My /etc/antivirus.exim:

Code:
# Exim filter

if not first_delivery
then
finish
endif

if ${length_80:$header_date:} is not $header_date:
then
fail text "This message has been rejected because it has

an overlength date field which can be used

to subvert Microsoft mail programs

The following URL has further information

[url]
seen finish
endif

if $header_from: contains "@sexyfun.net"
then
fail text "This message has been rejected since it has

the signature of a known virus in the header."
seen finish
endif
if error_message and $header_from: contains "Mailer-Daemon@"
then
# looks like a real error message - just ignore it
finish
endif

if $header_content-type: matches "(?:file)?name=("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")"
then
fail text "This message has been rejected because it has

potentially executable content $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
then
fail text "This message has been rejected because it has

potentially executable content $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
endif

if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")[\s;]"
then
fail text "This message has been rejected because it has

a potentially executable attachment $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\s;]"
then
fail text "This message has been rejected because it has

a potentially executable attachment $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
endif

# START
# Filters all incoming an outgoing mail


logfile /var/log/filter.log 0644
## Common Spam
if

# Header Spam
$header_subject: contains "Pharmaceutical"
or $header_subject: contains "Viagra"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"

# Body Spam
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "Viaagrra"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok"

then
# Log Message - SENDS RESPONSE BACK TO SENDER
# SUGGESTED TO LEAVE OFF to prevent fail loops
# and more work for the mail system
#fail text "Message has been rejected because it hasn
# triggered our central filter."
logwrite "$tod_log $message_id from $sender_address contained spam keywords"

seen finish
endif

# END
# Filters all incoming an outgoing mail

View 1 Replies


ADVERTISEMENT

Keywords Filter, CPanel Server

Jun 2, 2008

I want to filter some keywords showing on the website.

For example,some adult keywords or some force keywords,I want apache change it to * or close the webpage.

I use cPanel/WHM but I find no place to do the setting.

View 0 Replies View Related

Enom Is Using Porn Links And Sex Keywords On The Expired Domain Pages!!

May 20, 2009

Has anyone else had this happen with Enom?

My clients domain expired a couple days ago and his page now has links with the following keywords:

C*nt
Hairy P*ssy
Fat *ss
Big T*t
Round *ss
Monster D*ck
Big *ss T*t

I called Enom, and they're only response was, "Well why did you let that domain expire?"

I then asked for a supervisor and was told that one was not available.

Looks like its time to find a new domain reseller.

View 14 Replies View Related

Plesk 11.x / Windows :: Move Spam To Spam Folder Not Available?

Oct 17, 2013

Microsoft Windows Server 2008 R2 Service Pack 1
Panel version 11.0.9 Update #59, last updated at Oct 3, 2013 02:06 AM
MailEnable version 5

I see in the plesk documentation that the screen to enable SPAM filtering for an individual there is an option to "Move spam to the Spam folder". I don't see that option so I am wondering if it is only available on some versions of Plesk, or in combination with certain mail servers. How to make that option available?

View 3 Replies View Related

Spam Bnc.txt?

Nov 17, 2008

One of our customers on a VPS downloaded this file and then ran it perl bnc.txt

I am wondering if its a spammer using the script to send spam.

It seems to be written in Portuguese, I have translated parts of it and it reminds of of the typical spam subjects you find now-a-days.

View 6 Replies View Related

Spam Bot

Aug 15, 2008

We are having some big issues with a spam bot on the server. We can remove the bot but could you please explain, IN DETAIL , how to configure the NAT to prevent outbound port 25 connections to the internet except from our real mail servers on with windows server 2003. Currently, the only firewall on this system is the standard windows one.

View 1 Replies View Related

So Much Spam

Aug 19, 2007

through some accounts on the server and the amount of spam in their mail queue is really frustrating. I had to set admin accounts for each site I run and the spammers have discovered them, so I am looking for a ssh command where I can just easily clean all the spam out. I tried cat /dev/null > /var/mail/"the username" but that didn't work.

View 1 Replies View Related

Spam

Nov 6, 2007

Someone on our server is sending spam mails, he does not know about it.

Most spam are sent to aol.com,gmail.com and cs.com

I'm getting loads of these Mail delivery failed mails:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

The e-mails come from the system/user account e-mail of the domain (usernameDA@domain.com), where DA is Direct Admin.

I think it sent more then 30.000 mails in 2 days.

Also received a complaint from aol.

How can I trace this? What can I do to fix it?

Is it a some crappy written php script?

He said he updated joomla, wiki and smf forum.

View 13 Replies View Related

Pervent SPAM

May 1, 2008

I use cpanel license, i enable phpsux on my server, but user can send email without smtp address.
how can pervent user for send mail without smtp?

View 3 Replies View Related

Spam From EasyAntiSpam

Jan 29, 2009

I just got this from EasyAntiSpam. Unless my address is harvested from the HostingCon database, I've certainly never been in touch with them. Disappointing either way.
Matt:

Good afternoon! I hope you are doing well. I am the new Director of Sales for Easy Antispam and I wanted to get in touch with you to find out who currently provides you with your anti-spam solutions?

I have listed below a few key benefits for our antispam solution here at Easy Antispam [url]

· Fully brandable quarantine with customizable url
· Customer level whitelisting
· Nothing to install. No complex configuration changes to make.

All you have to do is redirect the MX.

Easy Antispam is a service of Interjuncture, Corp. which was founded by George A. Roberts IV and Frank Spaulding in 2004. Easy Antispam offers a solution that doesn’t cause more problems and work than the spam itself. Thousands of businesses, organizations and individuals rely on Easy Antispam’s Email Protection Services to defend their inboxes against spam and other threats. So, what are YOU waiting for? Get protected, sign up now for a 30 day free trial.

View 14 Replies View Related

Spam On Gmail

Apr 18, 2009

I have a linux server with shared hosting ,now for couple of days one of my client face problem regarding spam with gmail,I have also cross-checked all the mandatory records,and we have already create MX,SPF & reverse dns record with domain keys for that domain.

View 5 Replies View Related

Emails Spam

Jun 25, 2009

im getting 50 and more spam mails each day, how do i secure my vps to stop 99% of the spam from coming in as i understand theres no way to completely block spams.

Im using directadmin control panel and enabled SpamAssasain but its not much of use even when i apply strict options on it.

View 3 Replies View Related

Spam Filtering

Jan 5, 2009

I used to have a reseller account and have shifted everything to a dedicated server. I now find that a couple of clients are getting lots of spam when they didn't before.

It seems that the servers used by the reseller account had some level of basic spam filtering installed; my provider suggested I look for a filtering program to install on my server.

There are, of course, dozens of them, so I wondered if anyone has any experience - enough, perhaps, to make a recommendation.

View 6 Replies View Related

Block Spam

May 12, 2009

I'm having difficulties with a whm running on centos dedicated server. The problem is that we receive too much of spam and junk emails. by too much I mean 2000 bulks per week. It's killing us.

how I can stop it.

View 14 Replies View Related

Spam And Security

Jul 5, 2009

I am facing some major SPAM problems.

I am a web host from the city of Kolkata, India.

Almost 95% of my clients are from my city - others are also known to me. I know many of them face to face - there are very little chances that any of them are SPAMMER.

Still my server IP is blacklisted - several times in last 1 year - I changed my datacenter - but the problem still persists.

View 10 Replies View Related

Spam Being Sent From Our Server.. But How And From Where

Apr 2, 2009

We're using whm/cpanel and we're always up to date with the latest upgrades (with all our scripts).

2 weeks ago, we receive a notification from SpamCop saying that our server was sending out spam. We verified everything and found nothing. 2 days ago, same story.

We tried looking at our logs and found nothing. Does this mean that there's a security hole somewhere? How can we find out from where the spammer is sending his viagra emails from ? We do not want to be permanently banned because of a spammer.

View 5 Replies View Related

Mail Going To Spam

May 27, 2009

I have problems with my mail server.

I have installed cPanel WHM.

In my server there are many accounts and now I discovered that not all accounts, when they send email to hotmail and yahoo, go to spam.

It does not happen in all accounts.

How can I bypass the filter of yahoo and hotmail for all domains configured on my server?

View 4 Replies View Related

Cgi Spam Script

Mar 31, 2009

i have this in my account:

/cgi-bin/check.cgi
/cgi-bin/gz.cgi
/cgi-bin/km.cgi
/cgi-bin/hnc.cgi
/cgi-bin/ypej.cgi

some script that sends (a LOT)spam, and dissapears

Does anyone know what that was?

i cannot find anything about it

i disabled cgi scripting,

View 2 Replies View Related

Spam From Parallels

May 20, 2009

I guess the economy must be hitting them hard. They have resorted to unsolicited commercial email, everyone's favourite.

Quote:

I hope this finds you well. I am currently attempting to reach out to companies that offer web hosting services and either use, or have used, Parallels Plesk Panel as a part of the service offerings. The goal is to re-introduce Parallels Plesk Panel and hopefully revive any previously established relationships. This includes looking into why the Parallels Plesk Panel business slowed, or stopped completely, within your organization.

We are working very hard to establish a reputable channel within the hosting marketplace. In order to do so we need to look at what is currently working and what is not currently working. The best place to begin this research is with companies that have used us, but now don't really offer our products. With that said, are you available for a phone call to discuss?

My goal is to understand:

* Do you currently offer control panels, if so, is Parallels Plesk Panel a part of your offerings?

* If you are no longer offering (pushing) Parallels Plesk Panel, is there a reason?

* Would you be receptive to some sort of "trial" program to re-introduce you to Parallels Plesk Panel and our Service Provider Partnership Program?

I look forward to your response and hopefully speaking with you soon.

Antoine Wilson
Partner Recruitment Manager
Service Provider Division
Parallels, Inc.
+1 (703) 995-4170 Direct
+1 (703) 991-5511 Efax

AIM: scrams93

Skype: antoine.wilson

ICQ: 215351114

View 13 Replies View Related

Spam Cannibal / Ptr

Jun 17, 2009

I was running an IP check on spamcannibal.org

It shows blocked because of this reason:

no reverse DNS, MX host should have rDNS - RFC1912 2.1

Is it actually possible to setup some kind of generic ptr records on IPs, even if they are assigned to dedicated server clients?

View 3 Replies View Related

Spam From Server

Jul 14, 2009

I noticed that reported server usage from Plesk is 2.x - 3.x, so I went to mail queue (in Plesk) and saw lots of mails that shouldn't be there.

There were several senders under the domain dedibox.fr sendint LOTS of emails to lots of addresses in the same email. There shouldn't be a sender @dedibox.fr, as that domain isn't hosted on our dedicated server.

I know little about Linux administration... I tried going to the /var/log folder and grep for dedibox on the messages and maillog files, but nothing found...

How can I know if someone connected to our server as an user or something like that?

View 6 Replies View Related

How Stop Spam

Apr 17, 2009

I have a server that is sending spam, but I can not know who sent because the server not has installed suphp.

There is another option to see who sends spam?

View 6 Replies View Related

SPF To Help Fight Spam

Apr 19, 2009

We are always looking for different ways to help combat spam, and have done things such as disabling pop before smtp on our servers, limiting the number of e-mails per domain per hour and so forth.

Lately we have been considering making SPF mandatory on all accounts. According to what I've read, it allows receiving e-mail servers to check that the e-mail did indeed originate from our e-mail servers and reject it if it fails (depending upon the SPF record configuration of course).

I am thinking something along these lines

"v=spf1 a mx -all"

would be good? or not? Am I right in thinking it would only allow e-mails coming from the IP of the A record on the domain OR the MX record?

2 questions:

1) This would mean that clients would need to use our SMTP servers (authentication is already required on our end, so that's not a big deal) or otherwise risk some e-mails been rejected by the recipient server?

2) Are there any potential pitfalls I have not mentioned in this message?

View 14 Replies View Related

Image Spam

Jul 12, 2009

I am not sure if many of you have been getting this same spam. But I've been getting spam about sexual topics and the email is just an image with words written on it.

Sometimes the email has words too such as what is written below.

Quote:

Doees Using sexual Body Langauge to Attract Women Really Works? www. med72. com. Chicago Bulls' Masecot Sued For Baad High-Five

I was wondering if you know of a way to block those emails.

View 6 Replies View Related

All Emails End Up In Spam, Any ISP

May 9, 2008

Got this strange issue here. Comcast customers cannot receive any emails sent from my server. With the others, most of the emails are being sent to a spam folder instead of inbox.

Serve is Centos 5 / Cpanel

I confirmed IP has proper reverse dns and is not blaclisted. I also setup SPF as well.

View 1 Replies View Related

Controlling SPAM

Jan 9, 2008

I will preface this thread this way:

I know there is no perfect solution to elimating SPAM and not losing "good email".

What do you use that is working well for you? I need some suggestions? I don't have time to babysite/teach a spam filter as I get thousands and thousands of emails each day through various emails address on the server. I cannot use services such as easyat.com as they don't work with server that use a remote/clustered DNS.

View 3 Replies View Related

Fight Against SPAM

Jul 6, 2008

i have fews hundred domain and 5 servers

THey all mix from windows/unix/linux and different control panel.

THey all have spam filter but we are getting so much spam that the server cant even process them quick enough.

Please let me know if there are any dedicated linux appliance and or firewall i can use to drop the spam IP address instead of process the spam.

View 10 Replies View Related

Spam Mail

Aug 16, 2008

I am using WHMCS and almost every order or invoice reminder goes to spam/junk folder(gmail/hostmail +++ )

I know problem isn't whmcs but my server, is there any step by steep tutorial on how to fix this problem ?

View 2 Replies View Related

Get Rid Of Spam Emails

Apr 29, 2008

I am using couple of emails on my domain since 3 years. I am having a big amount of spam emails. If I use SpamAssassin™ in the Cpanel it will miss sometimes hotmail, yahoo emails etc.. If I disable it, I will continue receiving those spam emails. However, some of my clients uses free emails like hotmail and yahoo.

View 10 Replies View Related

Wordpress Spam

Dec 21, 2008

I've a blog website

needhost.cn

recently i found many spam comment message left

how to prevent the spam comments?

View 12 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved