9.706 - anti-spam engine changed to SASI

Well, i have issues as described in this thread:

https://community.sophos.com/utm-firewall/f/mail-protection-smtp-pop3-antispam-and-antivirus/128493/no-mails-in-mail-manager-since-update-9-706-9

more and more spam passing by and is sryl annoying !

Hi WolfgangS,

I'd suggest opening a support case with the original spam sample email in .eml format for further investigation. 

Thanks,

I can't open a case, because i am a homeuser.

I can't open a case, because i am a homeuser.

Hi WolfgangS,

Would it be possible for you to share those samples emails and smptd logs via personal message? I will report them to the Sophos LAB on behalf of you. 

Thanks,

The spam in question is within the thread mentioned. see link above.

Here we got some more Spam that's comming thru and this one is Bank Phising and not very funny :

2021:07:21-08:36:50 matrix exim-in[21713]: [1\63] 2021-07-21 08:36:50 1m65qb-0005eD-1y H=m239-7.eu.mailgun.net [185.250.239.7]:61738 X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<bounce+49b234.36bd12-admin=domainname.de@outbound-mg-eu.sportlink-clubsites.nl> temporarily rejected after DATA: Temporary local problem, please try again!
2021:07:21-08:36:50 matrix exim-in[21713]: [2\63] Envelope-from: <bounce+49b234.36bd12-admin=domainname.de@outbound-mg-eu.sportlink-clubsites.nl>
2021:07:21-08:36:50 matrix exim-in[21713]: [3\63] Envelope-to: <user@domain.de>
2021:07:21-08:36:50 matrix exim-in[21713]: [4\63] P Received: from m239-7.eu.mailgun.net ([185.250.239.7]:61738)
2021:07:21-08:36:50 matrix exim-in[21713]: [5\63] by mail.hostname.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2021:07:21-08:36:50 matrix exim-in[21713]: [6\63] (Exim 4.94.2)
2021:07:21-08:36:50 matrix exim-in[21713]: [7\63] (envelope-from <bounce+49b234.36bd12-admin=domainname.de@outbound-mg-eu.sportlink-clubsites.nl>)
2021:07:21-08:36:50 matrix exim-in[21713]: [8\63] id 1m65qb-0005eD-1y
2021:07:21-08:36:50 matrix exim-in[21713]: [9\63] for user@domain.de; Wed, 21 Jul 2021 08:36:49 +0200
2021:07:21-08:36:50 matrix exim-in[21713]: [10\63] X-SASI-Hits: BODYTEXTH_SIZE_3000_MORE 0.000000, BODY_SIZE_10000_PLUS 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [11\63] CTE_BASE64 0.000000, CTYPE_JUST_HTML 0.847999, DKIM_ALIGNS 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [12\63] DKIM_SIGNATURE 0.000000, FONT_STYLE_0PT 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [13\63] FROM_NAME_ONE_WORD 0.050000, HREF_LABEL_TEXT_NO_URI 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [14\63] HREF_LABEL_TEXT_ONLY 0.000000, HTML_50_70 0.100000, KNOWN_MTA_TFX 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [15\63] LINK_TO_IMAGE 0.000000, LIST_HEADER 0.000000, MISSING_HEADERS 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [16\63] SENDER_NO_AUTH 0.000000, SINGLE_HREF_URI_IN_BODY 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [17\63] SUPERLONG_LINE 0.050000, SXL_IP_TFX_WM 0.000000, TO_MALFORMED 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [18\63] URI_ENDS_IN_HTML 0.000000, URI_WITH_PATH_ONLY 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [19\63] UTF8_SUBJ_OBFU 0.100000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [20\63] __BODY_TEXT_X4 0.000000, __CT 0.000000, __CTE 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [21\63] __CTYPE_HTML 0.000000, __CTYPE_IS_HTML 0.000000, __DKIM_ALIGNS_1 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [22\63] __DKIM_ALIGNS_2 0.000000, __FRAUD_INTRO 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [23\63] __FRAUD_MONEY_CURRENCY 0.000000, __FRAUD_MONEY_CURRENCY_EURO 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [24\63] __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [25\63] __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_MSGID 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [26\63] __HAS_SENDER 0.000000, __HREF_LABEL_TEXT 0.000000, __HTML_AHREF_TAG 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [27\63] __HTML_BAD_END 0.000000, __HTML_TAG_CENTER 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [28\63] __HTML_TAG_IMG_X2 0.000000, __HTML_TAG_TABLE 0.000000, __HTTPS_URI 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [29\63] __IMG_THEN_TEXT 0.000000, __MAL_TELEKOM_FROM_NAME 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [30\63] __MAL_TELEKOM_URI_LABEL 0.000000, __MIME_HTML 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [31\63] __MIME_HTML_ONLY 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [32\63] __MIME_VERSION 0.000000, __PHISH_PHRASE2 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [33\63] __PHISH_SPEAR_GREETING 0.000000, __PHISH_SPEAR_STRUCTURE_1 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [34\63] __SANE_MSGID 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_END2 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [35\63] __SUBJ_HIGHBIT 0.000000, __TAG_EXISTS_HTML 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [36\63] __URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [37\63] __URI_NOT_IMG 0.000000, __URI_NO_MAILTO 0.000000, __URI_NO_WWW 0.000000,
2021:07:21-08:36:50 matrix exim-in[21713]: [38\63] __URI_NS 0.000000, __URI_WITH_PATH 0.000000, __UTF8_SUBJ 0.000000
2021:07:21-08:36:50 matrix exim-in[21713]: [39\63] X-SASI-Probability: 12%
2021:07:21-08:36:50 matrix exim-in[21713]: [40\63] X-SASI-RCODE: 200
2021:07:21-08:36:50 matrix exim-in[21713]: [41\63] X-SASI-Version: Antispam-Engine: 4.1.4, AntispamData: 2021.7.21.60915
2021:07:21-08:36:50 matrix exim-in[21713]: [42\63] DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed;
2021:07:21-08:36:50 matrix exim-in[21713]: [43\63] d=outbound-mg-eu.sportlink-clubsites.nl; q=dns/txt; s=email;
2021:07:21-08:36:50 matrix exim-in[21713]: [44\63] t=1626849409; h=From: Subject: Content-Transfer-Encoding: MIME-Version:
2021:07:21-08:36:50 matrix exim-in[21713]: [45\63] Content-Type: Date: Message-Id: Sender;
2021:07:21-08:36:50 matrix exim-in[21713]: [46\63] bh=MBWEIS6gaqSZMw7oEFrGg8ffeVDk4zClNVDbyRk7RHY=; b=KY22tMfOEHHwA2MWa+SXBa5Qmm2lA83cE6rTu7+pUUc8N4JUT0sYnkcRT7HYvW3dnu0fmD6g
2021:07:21-08:36:50 matrix exim-in[21713]: [47\63] LAVsEMslsedztOxsA/qjGqBunE2ujPMu4+oCKNTYNK0D82umbYN+5oiP85aXpXfEgNhTcUeH
2021:07:21-08:36:50 matrix exim-in[21713]: [48\63] AXmN7ait3hkqUwvgKawrrmiv9Qo=
2021:07:21-08:36:50 matrix exim-in[21713]: [49\63] X-Mailgun-Sending-Ip: 185.250.239.7
2021:07:21-08:36:50 matrix exim-in[21713]: [50\63] X-Mailgun-Sid: WyIzZmVlNyIsICJhZG1pbkBtaW5kc2V0LmRlIiwgIjM2YmQxMiJd
2021:07:21-08:36:50 matrix exim-in[21713]: [51\63] P Received: from [0.0.147.115] (<unknown> [193.32.164.27]) by
2021:07:21-08:36:50 matrix exim-in[21713]: [52\63] smtp-out-n02.prod.eu-central-1.postgun.com with SMTP id
2021:07:21-08:36:50 matrix exim-in[21713]: [53\63] 60f7c080e8fa35afb770266d (version=TLS1.2,
2021:07:21-08:36:50 matrix exim-in[21713]: [54\63] cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Wed, 21 Jul 2021 06:36:48
2021:07:21-08:36:50 matrix exim-in[21713]: [55\63] GMT
2021:07:21-08:36:50 matrix exim-in[21713]: [56\63] S Sender: postmaster@outbound-mg-eu.sportlink-clubsites.nl
2021:07:21-08:36:50 matrix exim-in[21713]: [57\63] I Message-Id: <20210721063648.e8e679633bf32405@outbound-mg-eu.sportlink-clubsites.nl>
2021:07:21-08:36:50 matrix exim-in[21713]: [58\63] Date: Wed, 21 Jul 2021 06:36:48 +0000
2021:07:21-08:36:50 matrix exim-in[21713]: [59\63] Content-Type: text/html; charset="utf-8"
2021:07:21-08:36:50 matrix exim-in[21713]: [60\63] MIME-Version: 1.0
2021:07:21-08:36:50 matrix exim-in[21713]: [61\63] Content-Transfer-Encoding: base64
2021:07:21-08:36:50 matrix exim-in[21713]: [62\63] Subject: =?utf-8?q?Unberechtigte_Lastschriften_zur=C3=BCckbuchen?=
2021:07:21-08:36:50 matrix exim-in[21713]: [63/63] F From: Volksbank <postmaster@outbound-mg-eu.sportlink-clubsites.nl>
2021:07:21-08:36:50 matrix exim-in[21713]: 2021-07-21 08:36:50 SMTP connection from m239-7.eu.mailgun.net [185.250.239.7]:61738 closed by QUIT