Hi there,
We seem to have hit a snag, since a week or so we are receiving an awful lot of SPAM, which isn't filtered by the Mailwasher ?
The emails vary quiet a bit so there isn't a common denominator.
What can we do to make the Mailwasher filter out the recent SPAM's better than it does at the moment ?
Thanks in advance,
Ton.
Are receiving considerably more SPAM than normal
- cliff
- Evil Firetrust Employee
Post
Re: Are receiving considerably more SPAM than normal
Hi Ton,
Sincere apologies on the delay in responding, I havent seen your post untill now.
Every time a message is passed through MWES, it is tagged with the reason why is was passed, or blocked.
Look at the headers of the email (View Source in Outlook) and look for the header starting with: X-MWES-{name here}.
In particular, the 'Reason' is often helpfull.
Make sure you also have the latest version of MWES, as the engine is often updated to prevent spam more effeciently.
Sincere apologies on the delay in responding, I havent seen your post untill now.
Every time a message is passed through MWES, it is tagged with the reason why is was passed, or blocked.
Look at the headers of the email (View Source in Outlook) and look for the header starting with: X-MWES-{name here}.
In particular, the 'Reason' is often helpfull.
Make sure you also have the latest version of MWES, as the engine is often updated to prevent spam more effeciently.
- Antoniusfm
- Student Sheep
Post
Re: Are receiving considerably more SPAM than normal
Cliff thanks for your response,
I am running the latest version as i am aware of ( 2.8 ). Furthermore i checked the source from a few of the SPAM emails, but i couldn't find the header you were referring to (i will attach an example below).
Is there anything i do wrong ? Also how do i check this if it concerns a plain text email (no html) ?
I am running the latest version as i am aware of ( 2.8 ). Furthermore i checked the source from a few of the SPAM emails, but i couldn't find the header you were referring to (i will attach an example below).
Is there anything i do wrong ? Also how do i check this if it concerns a plain text email (no html) ?
<span id=z>
<xhtml>
<head><title>Western Union</title></head>
<style
type="text/css">#obmessage .dummy {}
#z BODY,
#z TD {font-family: verdana,arial,helvetica,sans-serif;
font-size:12px;color: #000000;}
</style>
<table width=680 align=center>
<tr><td><A target="_blank"href="#"><IMG
src="http://hostinga.imagecross.com/image-ho ... 982-1-.jpg" alt=Western Union
border=0></A></td></tr>
</table>
<table width="100%" cellpadding=0>
<tr><td background=
"http://images.paypal.com/images/bg_clk.gif"
width=100%></td></tr>
</table>
<br>
<table align=center>
<tr>
<td width=400>
<table>
<tr><td><b>Dear Western Union Member:<br><br>Attention! Your
Western Union account
has been limited!</b><br><br>As part of our security
measures, we regularly screen activity in the
Western Union system.We recently
contacted you after noticing an issue on your
account.We requested information
from you for the following reason:<br><br>Our system detected unusual login attempts to your account.<br><br>
<b>Reference Number:
WU-882-024-774</b><br><br>
This is the Last reminder to login to your account as soon
as possible.<br><br>
Once you log in, you will be provided with steps to
restore your account access. We appreciate your understanding as we work to
ensure
account safety.<br><br>
<table width="80%" cellspacing=0 border=0 bgcolor="#FFE65C"
align=left>
<tr><td>
<table width="100%" cellpadding=4 bgcolor="#FFFECD" align=center>
<tr><td class="pp_sansserif" align=center>
<a target="_blank" href="http://host81-137-193-223.in-addr.btope ... in/">Click
here to activate your account</a></td></tr>
</table>
</td></tr>
</table>
<br><br><BR>We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you and your
account. We apologise for any inconvenience..
<br><br>Sincerely,<br>Western Union Account Review Department
</td></tr>
<tr><td><hr class=dotted></td></tr>
<tr><td>
<tr><td class="pp_footer">Copyright (C) 2001-2011 Western Union. All rights reserved. Western Union Ltd.
Western Union FSA Register
Number: 8023405.<br></td></tr><tr><td><img
src="http://images.paypal.com/en_US/i/scr/pixel.gif" height=10 width=1
border=0></td></tr>
</td></tr>
<tr><td>Western Union Email ID WU-73892</td></tr>
</table>
</td>
<td width=190 valign=top>
<table cellspacing=0 cellpadding=1 bgcolor="#cccccc">
<td>
<table cellspacing=0 cellpadding=0 bgcolor="#ffffff">
<tr><td>
<table width="100%" cellpadding=5 bgcolor="#eeeeee">
<tr><td align=center>Protect Your Account Info</td></tr>
</table>
<table cellpadding=5>
<tr><td>* Confirm your account security info.<br><br>* Allow up to 24 hours to update.<br><br>* Enjoy Western Union services<br></td></tr>
</table></td></tr>
<tr><td>
<table width="100%" cellpadding=5 bgcolor="#eeeeee">
<tr><td align=center>E-mail: australiacustomer@westernunion.com.au</td></tr>
</table>
</td></tr>
</table>
</td></tr>
</table>
</td></tr>
</table>
</xhtml></span>
- cliff
- Evil Firetrust Employee
Post
Re: Are receiving considerably more SPAM than normal
Hi Ton,
Depending on your mail client, the view source may show different aspects.
If you are using Outlook, Right click on the message and select "Message options" to view the headers.
Depending on your mail client, the view source may show different aspects.
If you are using Outlook, Right click on the message and select "Message options" to view the headers.
- Antoniusfm
- Student Sheep
Post
Re: Are receiving considerably more SPAM than normal
Thanks Cliff, this way I could find it.
Below is the header of a Spam email i received today (one of many), it says it's clean and is a "Grey listed friend" ?
I am not sure what that exactly means, but the sender is definitely not an known identity to us, so how can we make the MailWasher more strict, can we train it or something like that ? Would it be a good idea to block the IP address ?
Below is the header of a Spam email i received today (one of many), it says it's clean and is a "Grey listed friend" ?
I am not sure what that exactly means, but the sender is definitely not an known identity to us, so how can we make the MailWasher more strict, can we train it or something like that ? Would it be a good idea to block the IP address ?
Received: from host.seconde-dns4.com (127.0.0.1) by EA-DC02.elanoraau.local
(127.0.0.1) with Microsoft SMTP Server id 8.1.240.5; Fri, 8 Jul 2011 23:52:13
+1000
Received: from nobody by host.seconde-dns4.com with local (Exim 4.69)
(envelope-from <nobody@host.seconde-dns4.com>) id 1QfBTJ-0003bb-IA for
XXXX@XXXXXX.XXX; Fri, 08 Jul 2011 15:51:57 +0200
To: <XXXX@XXXXXX.XXX>
Subject: votre carte bancaire est suspendue
Date: Fri, 8 Jul 2011 15:51:57 +0200
From: Verified By Visa <service@vbv.fr>
Reply-To:
Message-ID: <c613c55e55f8bc2db9b98418b0679487@www.japanautosperformances.fr>
X-Priority: 5
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.seconde-dns4.com
X-AntiAbuse: Original Domain - elanora.biz
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - host.seconde-dns4.com
X-MWES-scanned: Checked by MailWasher Enterprise Server 2.8 {W}(2011-07-08 23:52:08)
X-MWES-status: Clean
X-MWES-reason: Grey Listed Friend
X-MWES-sourceip: 94.23.203.198
X-MWES-smtp-from: <nobody@host.seconde-dns4.com>
Return-Path: nobody@host.seconde-dns4.com
Last edited by Antoniusfm on Mon Jul 18, 2011 6:57 pm, edited 1 time in total.
- Antoniusfm
- Student Sheep
- cliff
- Evil Firetrust Employee
Post
Re: Are receiving considerably more SPAM than normal
Hi Ton,
Sorry - I missed your response.
Firstly, can you upgrade to the latest version of MWES - you're a version behind.
The upgrade process is installable over-the-top, and a simple restart of the MWES service. (doesnt hurt to stop the service initially as well)
Secondly, it looks like the spammers got through a 'real' mail server - hence the 'Greylisted friend'.
Clear the Greylist friend cache - (Settings -> Action -> Clear all grey listed friends) to purge them from the list.
If the spam is coming from a common IP, I'd block that too
~C
Sorry - I missed your response.
Firstly, can you upgrade to the latest version of MWES - you're a version behind.
The upgrade process is installable over-the-top, and a simple restart of the MWES service. (doesnt hurt to stop the service initially as well)
Secondly, it looks like the spammers got through a 'real' mail server - hence the 'Greylisted friend'.
Clear the Greylist friend cache - (Settings -> Action -> Clear all grey listed friends) to purge them from the list.
If the spam is coming from a common IP, I'd block that too
~C
- Antoniusfm
- Student Sheep
Post
Re: Are receiving considerably more SPAM than normal
Hi Cliff, i am using 2.8, and i can't find any newer version on your website, not sure what to upgrade too ?
Also i am confused what you mean by clearing the Greylist friend cache, I can't find the option you are referring too, do you want me to disable the "Grey listing" ?
Also i am confused what you mean by clearing the Greylist friend cache, I can't find the option you are referring too, do you want me to disable the "Grey listing" ?
- Attachments
-
- MWES_settings.jpg (103.78 KiB) Viewed 26855 times
- cliff
- Evil Firetrust Employee
Post
Re: Are receiving considerably more SPAM than normal
There was a subtle change in 2.8, not enough to create a new version - the difference was less than a day.
2.8 = First release
2.8.0.0 = Current release.
2.8 = First release
2.8.0.0 = Current release.
- Antoniusfm
- Student Sheep
Post
Re: Are receiving considerably more SPAM than normal
OK i will upgrade, if you think it will make a difference, what about the grey listing ?
- Antoniusfm
- Student Sheep
Post
Re: Are receiving considerably more SPAM than normal
Cliff, I still don't know how to clear the "greylist friend cache", can you please respond ?
- nick.bolton
- The Big Cheese
Post
Re: Are receiving considerably more SPAM than normal
Sorry about the late reply, we haven't been getting notifications of new posts.
Go to Settings>>Action and click the link 'Clear all grey listing friends'
Go to Settings>>Action and click the link 'Clear all grey listing friends'