Being spammed

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Being spammed

Oriphix

523 posts

Ultimate Geek

#153836 9-Oct-2014 12:41

Hi There,

Can someone from Orcon send me a private message please.

I am getting spammed and it looks like it it coming from my own address as if its spoofed.

My domain is hosted with Orcon, I don't have a server my mail goes to a Orcon mailbox.

I have the email and email headers which I can give you for troubleshooting.

Thanks

1 | 2

9120 posts

Uber Geek

Subscriber

#1150659 9-Oct-2014 13:05

Are these emails being sent to you or bounce backs from unable to be delivered??

Regards,

Old3eyes

FireEngine

1223 posts

Uber Geek

Trusted

#1150719 9-Oct-2014 13:52

If it is being spoofed the origin could be anywhere on the internet

Regards FireEngine

Oriphix

523 posts

Ultimate Geek

#1150774 9-Oct-2014 14:50

old3eyes: Are these emails being sent to you or bounce backs from unable to be delivered??

They are being sent to me.

Oriphix

523 posts

Ultimate Geek

#1150776 9-Oct-2014 14:52

FireEngine: If it is being spoofed the origin could be anywhere on the internet

Okay isn't Orcon's anti-spam doing SPF checks or reverse lookups? As my MX would be locked to Orcons Mail IP address and if any email that comes from me from another IP it will drop the email.

That would weed out so many spammers.

trig42

5814 posts

Uber Geek

ID Verified

#1150781 9-Oct-2014 15:03

Are they emails offering you a job?

Seems that one is doing the rounds today.

Oriphix

523 posts

Ultimate Geek

#1150785 9-Oct-2014 15:05

trig42: Are they emails offering you a job?

Seems that one is doing the rounds today.

Yeah that's the one. Have had over 20 since yesterday....I am blocking the IP address its coming from in the Orcon spam portal however it doesn't seem to do much as its coming from different IP's

My Spam tolerance in the portal is 70/100.....not really sure what else to do...

Oriphix

523 posts

Ultimate Geek

#1150794 9-Oct-2014 15:16

This is interesting it says "may be forged"....yet the mail doesn't get put on hold for suspecting its a spam. It lets it through

Return-path: <xxxxxxx@choy.co.nz>
Envelope-to: xxxxxxx@choy.co.nz
Delivery-date: Thu, 09 Oct 2014 14:46:03 +1300
Received: from f5-bigip ([172.16.100.254] helo=mail.orcon.net.nz)
     by mx3.orcon.net.nz with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
     (Exim 4.69)
     (envelope-from <xxxxxxx@choy.co.nz>)
     id 1Xc2nq-0007Qw-9b
     for xxxxxxx@choy.co.nz; Thu, 09 Oct 2014 14:46:02 +1300
Received: from localhost (localhost [113.184.227.132] (may be forged))
     by mail.orcon.net.nz (8.14.3/8.14.3/Debian-9.4) with ESMTP id s991k0dK027901
     for <xxxxxxx@choy.co.nz>; Thu, 9 Oct 2014 14:46:01 +1300
Message-ID: <4D738670CCB8853A04F107BBCFF24D73@R3A2TI9Y6>
From: <xxxxxxx@choy.co.nz>
To: <xxxxxxx@choy.co.nz>
Subject: new job
Date: 9 Oct 2014 16:18:07 +0700
MIME-Version: 1.0
Content-Type: text/plain;
     charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.4968
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.4968
X-Bayes-Prob: 0.9999 (Score 5, tokens from: xxxxxxx@orcon.net.nz, base:default, @@RPTN)
X-Spam-Score: 13.47 (*************) [Hold at 70.00] DATE_IN_FUTURE_06_12:0.001,DOS_OE_TO_MX:3.086,FSL_HELO_NON_FQDN_1:0.001,HELO_LOCALHOST:3.603,
RDNS_NONE:1.274,TO_EQ_FM_DIRECT_MX:0.51,SPF(none:0),1776(0),Bayes(0.9999:5.0)
X-CanIt-Geo: ip=113.184.227.132; country=VN; region=Tinh Ha Tinh;
city=Dong Nai; latitude=18.1000; longitude=106.3333; http://maps.google.com/maps?q=18.1000,106.3333&z=6
X-CanItPRO-Stream: base:xxxxxxx@orcon.net.nz (inherits from base:default)
X-Canit-Stats-ID: 02N0NK0Il - 227ae7d41542 - 20141009
X-Scanned-By: CanIt (www . roaringpenguin . com)

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

old3eyes

9120 posts

Uber Geek

Subscriber

#1150796 9-Oct-2014 15:21

The geo tag shows it coming from Vietnam but i suspect it's being relayed..

Regards,

Old3eyes

Oriphix

523 posts

Ultimate Geek

#1150798 9-Oct-2014 15:23

In the spam the body contains the domain "jacomau.net" (all of them have it).

I have gone inside mail guard (Rules -> Custom rules) and gave it a score of 100. Since I have "HOLD" for spam messages scoring over the 70% threshold hopefully that stops it.

Lets see if that works.

Oblivian

7300 posts

Uber Geek

ID Verified

#1150821 9-Oct-2014 16:23

trig42: Are they emails offering you a job?

Seems that one is doing the rounds today.

Funny you should mention.. someone just asked me to release 3 of them here. After seeing the variants of employment opportunity and to an old email alias, alarm bells went off

Ramjet007

319 posts

Ultimate Geek

#1151025 10-Oct-2014 06:11

Getting lots too.

Sideface

9362 posts

Uber Geek

Trusted

Lifetime subscriber

#1151175 10-Oct-2014 11:02

Me too:

"We considered your CV to be very attractive and we thought the vacant position in our company could be interesting for you ...
If you are interested in our offer, mail to us your answer on noe@jacomau.net ..."

I don't have a published CV.

Sideface

Oriphix

523 posts

Ultimate Geek

#1151291 10-Oct-2014 13:11

Hi All,

So using my method seems to have done the trick using the Orcon mail guard. Look below all the messages that its caught being spam.

Then I can simply select reject all the messages as SPAM. As I get more spam i can build upon the rules and blocks that I have to get it better.

Now on to do the same for my wife and mum's email account ...sigh....

Snackos

243 posts

Master Geek

#1156688 17-Oct-2014 11:14

I have also noticed a very large increase in spam to my orcon email over the last few months. Prior to that I would only receive one or two a month but recently it's been one or two a day. I'm a tad confused as to where it is coming from since I use my gmail or outlook for signing up online, my orcon email is just personal family and friends.

Oriphix

523 posts

Ultimate Geek

#1156746 17-Oct-2014 12:17

Snackos: I have also noticed a very large increase in spam to my orcon email over the last few months. Prior to that I would only receive one or two a month but recently it's been one or two a day. I'm a tad confused as to where it is coming from since I use my gmail or outlook for signing up online, my orcon email is just personal family and friends.

Hi,

Yes I have the same setup but seems spam still comes through.

I have created a guide on how to setup your Orcon spam filter, URL below.

http://www.geekzone.co.nz/forums.asp?forumid=82&topicid=153978

Hope that helps.

1 | 2