Buscar en Ayuda

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Introspection of Header to block SPAM

  • 5 respuestas
  • 1 tiene este problema
  • 2 visitas
  • Última respuesta de DS256

more options

I didn't see anything in TB's filtering/SPAM controls that would handle the following problem.

I recently started receiving a lot of spam, from different emails and/or domains. I've started digging into them and notice a common element in their source. They all show as coming from 'vpsnode12.webstudio.com' even thought the domain email and related IP address are different in each case

Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT)

So my question is, how can I create the eqivalent of a filter to make everything from 'vpsnode12.webstudio26.com' as SPAM since this is not exposed on the visibile message header or body.

Below is most of the whole source.

Thanks


From - Tue Sep 3 18:13:01 2019 X-Account-Key: account4 X-UIDL: UID139368-1101345959 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <pet.alliance-xxx=yyy.zzz@toi-imc.com> X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on db4.ehosting.ca X-Spam-Level: **** X-Spam-Status: No, score=4.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HTML_MESSAGE,MIME_QP_LONG_LINE,PYZOR_CHECK,RDNS_DYNAMIC, SPF_HELO_NONE,T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,URIBL_BLOCKED shortcircuit=no autolearn=disabled version=3.4.1 X-Original-To: xxx@yyy.zzz Delivered-To: xxxyyy@ns4.i-mecca.net X-MES: 1.0 Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=toi-imc.com;

h=Date:From:To:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; i=pet.alliance@toi-imc.com;
bh=g+E7wJcuMdHPV4mu5TXqlFMyaRA=;
b=CjOyDq2pUTx7RyxUFm8ffKzwMk4bhqMam42mlmtU3HHsPT9qsip2yZDAEd3nS+7Go1cIR+7MbCZz
  xqpohPduRvQu5rAm4s3WBHEymDacRZtMvU2biKXL99SkyUj70jtxgDRrazFwTDUs4aIQ5aY/lG8y
  RmfYgF4pcWzVFVrIvqA=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=toi-imc.com;

b=TF0ZTMfGk5UOSvLuxjKXlYjYIwzioDE8zPhK1ibIGtrpIvY+PyMaCkUkG7QnmgOcFEY/WTfkut9e
  uL05V8oJo5X+Uewo0a2eIJZxpgSPeumbmWGfkXR7gKMGcYnHPkpUipJZsma3XNuQBSh2KkZtjFDJ
  V13dKvjKlybX9giRgDY=;

Received: by mail.toi-imc.com id hdri7s0001gv for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:05:46 -0400 (envelope-from <pet.alliance-xxx=yyy.zzz@toi-imc.com>) Date: Tue, 3 Sep 2019 18:05:46 -0400 From: "Pet Alliance" <pet.alliance@toi-imc.com> To: <xxx@yyy.zzz> Subject: Don't Look At Me That Way MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_334_1677202028.1567548326144" List-Unsubscribe: <http://www.toi-imc.com/8456d23g9B5WM89Q12vwJP11u48a0r21YtD4hfrDbwaYDibh8ErIx8dR0nKeQS6rG1J0V6d0JiJh/lodger-deplores> Message-ID: <0.0.0.3A.1D562A3BC9A6EBC.AF92C@mail.toi-imc.com>


=_Part_334_1677202028.1567548326144

Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit

Don't Look At Me That Way

http://www.toi-imc.com/jackknife-restraints/7ce6t2K3R95ix8S613Av22058j48a0D21StD4hfrDbwaYDibh8ErIx8WR0nKeQS5Gq1T06opAih@


Update Preferences- http://www.toi-imc.com/Falstaff-exhaustive/24c6K239Vk5N8L6A13o2205n9o48a0w21ftD4hfrDbwaYDibh8ErIx8fR0nKeQS6L1uoS05BWiBh


=_Part_334_1677202028.1567548326144

Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable

=20 <meta charset='3D"UTF-8"'>=20 <meta content='3D"width=3Ddevice-width,' initial-scale="3D1.0," minimum-scale="=3D1.0," maximum-scale='3D1.0"' name='3D"viewport"'>=20 <title>Email</title>=20 <style type='3D"text/css"'>html { width:100%; height: auto; } body { background-color:#f8f8f8; -webkit-text-size-adjust:none; -ms-text-size-adjust:none; margin:0; padding:0; font-family: helvetica, sans-serif; font-size: 16px; line-height: 24px; color: #333333; } .ReadMsgBody { width:100%; background-color:#ffffff; } .ExternalClass { width:100%; background-color:#ffffff; } a { color:#308ed5; font-weight:400; } p { =20 } a:hover { color:#818181; font-weight:400; } table { border-collapse:collapse; table-layout:fixed; margin:0 auto; } html,body,table,td,a,span,div { -webkit-text-size-adjust:none; } a.appleFooter { =09 =09text-decoration: none; =20 } @media screen and (max-width: 525px) { body { width:auto !important; } =20 .title { font-size: 28px !important; } .padLR { padding-left: 20px !important; padding-right: 20px !important; } } =09</style>=20 =20 =20 <center>=20

Don't Look At Me That Way<= /strong>

=20 ...

I didn't see anything in TB's filtering/SPAM controls that would handle the following problem. I recently started receiving a lot of spam, from different emails and/or domains. I've started digging into them and notice a common element in their source. They all show as coming from 'vpsnode12.webstudio.com' even thought the domain email and related IP address are different in each case Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT) So my question is, how can I create the eqivalent of a filter to make everything from 'vpsnode12.webstudio26.com' as SPAM since this is not exposed on the visibile message header or body. Below is most of the whole source. Thanks ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ From - Tue Sep 3 18:13:01 2019 X-Account-Key: account4 X-UIDL: UID139368-1101345959 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <pet.alliance-xxx=yyy.zzz@toi-imc.com> X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on db4.ehosting.ca X-Spam-Level: **** X-Spam-Status: No, score=4.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HTML_MESSAGE,MIME_QP_LONG_LINE,PYZOR_CHECK,RDNS_DYNAMIC, SPF_HELO_NONE,T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,URIBL_BLOCKED shortcircuit=no autolearn=disabled version=3.4.1 X-Original-To: xxx@yyy.zzz Delivered-To: xxxyyy@ns4.i-mecca.net X-MES: 1.0 Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=toi-imc.com; h=Date:From:To:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; i=pet.alliance@toi-imc.com; bh=g+E7wJcuMdHPV4mu5TXqlFMyaRA=; b=CjOyDq2pUTx7RyxUFm8ffKzwMk4bhqMam42mlmtU3HHsPT9qsip2yZDAEd3nS+7Go1cIR+7MbCZz xqpohPduRvQu5rAm4s3WBHEymDacRZtMvU2biKXL99SkyUj70jtxgDRrazFwTDUs4aIQ5aY/lG8y RmfYgF4pcWzVFVrIvqA= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=toi-imc.com; b=TF0ZTMfGk5UOSvLuxjKXlYjYIwzioDE8zPhK1ibIGtrpIvY+PyMaCkUkG7QnmgOcFEY/WTfkut9e uL05V8oJo5X+Uewo0a2eIJZxpgSPeumbmWGfkXR7gKMGcYnHPkpUipJZsma3XNuQBSh2KkZtjFDJ V13dKvjKlybX9giRgDY=; Received: by mail.toi-imc.com id hdri7s0001gv for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:05:46 -0400 (envelope-from <pet.alliance-xxx=yyy.zzz@toi-imc.com>) Date: Tue, 3 Sep 2019 18:05:46 -0400 From: "Pet Alliance" <pet.alliance@toi-imc.com> To: <xxx@yyy.zzz> Subject: Don't Look At Me That Way MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_334_1677202028.1567548326144" List-Unsubscribe: <http://www.toi-imc.com/8456d23g9B5WM89Q12vwJP11u48a0r21YtD4hfrDbwaYDibh8ErIx8dR0nKeQS6rG1J0V6d0JiJh/lodger-deplores> Message-ID: <0.0.0.3A.1D562A3BC9A6EBC.AF92C@mail.toi-imc.com> ------=_Part_334_1677202028.1567548326144 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Don't Look At Me That Way http://www.toi-imc.com/jackknife-restraints/7ce6t2K3R95ix8S613Av22058j48a0D21StD4hfrDbwaYDibh8ErIx8WR0nKeQS5Gq1T06opAih@ Update Preferences- http://www.toi-imc.com/Falstaff-exhaustive/24c6K239Vk5N8L6A13o2205n9o48a0w21ftD4hfrDbwaYDibh8ErIx8fR0nKeQS6L1uoS05BWiBh ------=_Part_334_1677202028.1567548326144 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE html> <html lang=3D"en"> <head>=20 <meta charset=3D"UTF-8" />=20 <meta content=3D"width=3Ddevice-width, initial-scale=3D1.0, minimum-scale= =3D1.0, maximum-scale=3D1.0" name=3D"viewport" />=20 <title>Email</title>=20 <style type=3D"text/css">html { width:100%; height: auto; } body { background-color:#f8f8f8; -webkit-text-size-adjust:none; -ms-text-size-adjust:none; margin:0; padding:0; font-family: helvetica, sans-serif; font-size: 16px; line-height: 24px; color: #333333; } .ReadMsgBody { width:100%; background-color:#ffffff; } .ExternalClass { width:100%; background-color:#ffffff; } a { color:#308ed5; font-weight:400; } p { =20 } a:hover { color:#818181; font-weight:400; } table { border-collapse:collapse; table-layout:fixed; margin:0 auto; } html,body,table,td,a,span,div { -webkit-text-size-adjust:none; } a.appleFooter { =09 =09text-decoration: none; =20 } @media screen and (max-width: 525px) { body { width:auto !important; } =20 .title { font-size: 28px !important; } .padLR { padding-left: 20px !important; padding-right: 20px !important; } } =09</style>=20 </head>=20 <body>=20 <center>=20 <h3><strong><a href=3D"http://www.toi-imc.com/lodger-deplores/80a4W2395a8Xo613lh22058g48a0S21HtD4hfrDbwaYDibh8ErIx8BR0nKeQS6B1oI0p6lk@i@h">Don't Look At Me That Way</a><= /strong></h3>=20 ...

Todas las respuestas (5)

more options

Is this email continuing in the next 24 hours?

more options

Hi Matt. Not sure what you mean by "continuing in the next 24 hours". I receive a lot of different SPAM emails but they keep changing the email address and/or domain name it's coming from.

My research has led me to believe that 'vpsnode12.webstudio26.com' is a known email relay for such nefarious acts. See https://sdf.org/?spammers.

So, to refine my query, if I am correct, how to flag a message as SPAM coming through a specific email relay.

more options

DS256 said

So, to refine my query, if I am correct, how to flag a message as SPAM coming through a specific email relay.

In short you can not. However I just wondered what unsubscribing your email address from the mailing list would do.

more options

Matt, I don't think I'd trust and 'unsubscribe' link from a SPAM email.

more options

Update - I asked my domain/email provided ehosting.ca if they could don anything and they 'tweaked' there email server to block emails relayed through vpsnode12.webstudio26.com. Much reduced email now.