Yahoo.com not being filtered
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Yahoo.com not being filtered - 24.Jul.2005 11:50:00 PM
|
|
|
Landofbo
Posts: 9
Joined: 15.Mar.2005
From: Bath, UK
Status: offline
|
Hi all
Have been using GFI for several months now and no probs...However, in the last couple of weeks we are starting to get loads of spam which is all coming from ****@yahoo.com - the messages are text and contain keywords such as V1@GRA which are added to our keyword checking but the mails are not tagged as spam....its weird as it only seems on yahoo.com address, i've checked and yahoo.com is not on our whitelist.
Anyone have any ideas please or had the same, would appreciate some help.
Thanks
|
|
|
|
|
RE: Yahoo.com not being filtered - 25.Jul.2005 12:41:00 AM
|
|
|
Landofbo
Posts: 9
Joined: 15.Mar.2005
From: Bath, UK
Status: offline
|
This is a sample of the messages we are receiving which are not being tagged as SPAM...I've taken out our address but not the senders!
-----Original Message-----
From: Fish [mailto:amanda@yahoo.com]
Sent: 25 January 2005 17:31
To: *************************
Subject: All love enhancers on one portal!
One Time DISC0UNT 0RDER for V1@GRA, C1al1s!
V1@GRA DISC0UNT 0RDER
T0DAY Its only $0.95 per dose.
Generic Vi@gra, 24 x 100mg
Regular Tabs (48 dozes)
Only $ 46.00
NEW PRODUCT 1:
Generic Viagra, 24 x 100mg
Soft Tabs (48 dozes) What is Soft Tabs?
Only $ 60.00
NEW PRODUCT 2:
Generic C1al1s, 10 x 20mg
Tadalafil What is Soft C1al1s?
Only $ 68.00
Special offer! These prices are valid until 10th of December !
V1@GRA DISC0UNT 0RDER
|
|
|
|
|
RE: Yahoo.com not being filtered - 25.Jul.2005 2:13:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
Hi,
Are you able to see these mails passing through the GFI monitor?
Are these mails HTML mails?
|
|
|
|
|
RE: Yahoo.com not being filtered - 25.Jul.2005 2:20:00 AM
|
|
|
Landofbo
Posts: 9
Joined: 15.Mar.2005
From: Bath, UK
Status: offline
|
Hi
It does go through the monitor - just checked back and found it - although it does say "item processing unseccessful; item will not be modified"
They are HTML emails.
Thanks
|
|
|
|
|
RE: Yahoo.com not being filtered - 26.Jul.2005 8:23:00 AM
|
|
|
jgs@ppgms.com
Posts: 1
Joined: 25.Jul.2005
From: Roseland, NJ
Status: offline
|
Same problem here. Occasionally pulled by the Bayesian filter, but not all of the time(?)
Just began about a week ago, have tried multiple techniques and did indeed check the Whitelist.
Must be some spoofing going on at some level (ndr's come back undeliverable, mailbox unknown, but that goes without saying at this point!)
I have kept a few intact if GFI would like to examine the headers, or log activity.
Jason
|
|
|
|
|
RE: Yahoo.com not being filtered - 26.Jul.2005 9:40:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
Hi,
Please send a copy of the mails and a set of troubleshooter files to support@gfi.com. Reference the url of this thread in your mail.
|
|
|
|
|
RE: Yahoo.com not being filtered - 26.Jul.2005 11:30:00 PM
|
|
|
Landofbo
Posts: 9
Joined: 15.Mar.2005
From: Bath, UK
Status: offline
|
Copy of mails and troubleshooter data sent to support as requested, thanks.
|
|
|
|
|
RE: Yahoo.com not being filtered - 28.Jul.2005 3:31:00 AM
|
|
|
Landofbo
Posts: 9
Joined: 15.Mar.2005
From: Bath, UK
Status: offline
|
Since upgrading to v11 (Was v10 before) and using SURBL these seem to be getting flagged up now...
|
|
|
|
|
RE: Yahoo.com not being filtered - 3.Aug.2005 4:32:00 AM
|
|
|
dfehr_fga
Posts: 22
Joined: 22.Jun.2004
Status: offline
|
Is there any fix for this for those of us using 10.1?
|
|
|
|
|
RE: Yahoo.com not being filtered - 29.Aug.2005 3:34:00 AM
|
|
|
-JD-
Posts: 6
Joined: 28.Aug.2005
Status: offline
|
Since august 11th, we seem to have the same problem. A user has received over 220 messages all of the supposibly coming from yahoo.com.
Header inspection show that they originate from various PCs so I can't block them at the server by denying the IP.
The only similarity among the messages are that they all come from yahoo.com and each have exactly 11 random caracters as the user [Ex: zrhvshhpixj@yahoo.com]. Is there any whay to block all emails that come from yahoo.com and have 11 caracters as the user name. Something like a blacklist entry of the type ???????????@yahoo.com
I have kept all of these e-mails if tech supports needs them
|
|
|
|
|
RE: Yahoo.com not being filtered - 31.Aug.2005 3:01:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
-JD-,
Can you send us a copy of these mails, compressed to a zip file?
Please send also a set of troubleshooter files to support@gfi.com and reference the url of this thread.
|
|
|
|
|
RE: Yahoo.com not being filtered - 1.Sep.2005 12:30:00 PM
|
|
|
ther
Posts: 9
Joined: 15.Jun.2005
Status: offline
|
I am also getting these spam messages. Most of them are lewd and pornographic in nature.
The weird thing is sometimes they aren't even seen by the ME software, ie, no record of the email in the MEINXXXXXX.log file.
When looking at the header, it looks different as well.
|
|
|
|
|
RE: Yahoo.com not being filtered - 2.Sep.2005 3:00:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
ther,
What is the version of MailEssentials you are using?
Do the headers of the mails show that the mails are passing through the MailEssentials machine?
|
|
|
|
|
RE: Yahoo.com not being filtered - 2.Sep.2005 4:21:00 AM
|
|
|
ther
Posts: 9
Joined: 15.Jun.2005
Status: offline
|
quote:
Originally posted by Patrizia:
ther,
What is the version of MailEssentials you are using?
Do the headers of the mails show that the mails are passing through the MailEssentials machine?
I am using version 9.0 build 20040315.
The headers "show" that email is being passed through the GFI ME machine (just like all other emails).
I've copied below an example of the headers (with some domain names & email addresses changed):
==============================
Received: from gfime.domain.com (gfime [192.168.0.114]) by exchange.domain.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id RNM0HQ7Z; Sun, 28 Aug 2005 01:29:53 -0700
x-gfi-me-message-id: <7D581C11FF1332013400000104@gfime>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Received: from mail.domain.com ([219.232.34.10]) by gfime.domain.com with Microsoft SMTPSVC(5.0.2195.6713); Sun, 28 Aug 2005 01:31:15 -0700
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
From: fyllpogshwi@yahoo.com
To: johndoe@domain.com
Content-Type: text/html;
charset="iso-8859-1"
Subject: NEW HIGH QUALITY INCEST SITE!
==============================
What is strange is that fact that it has these lines:
x-gfi-me-message-id: <7D581C11FF1332013400000104@gfime>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Usually, the "Received: from" are right after the other.
Also note that the IP address 219.232.34.10 is not mine.
|
|
|
|
|
RE: Yahoo.com not being filtered - 8.Sep.2005 12:17:00 AM
|
|
|
Nicks
Posts: 2771
Joined: 17.Mar.2003
Status: offline
|
If when you check the GFI Monitor, you see "Item Processing Unsuccesful", that would mean that one of the MailEssentials plug-ins has failed to process the message. When this occurs, MailEssentials will just let the email through unscanned.
In any case, when you encounter similiar problems, it is best that you send us a copy of the message, and a set of troubleshooting files to support@gfi.com, so we can investigate further.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
