This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

spam from random Hotmail addresses

Hello everyone,
I have a problem I can 't seem to figure out.

I have a user that got two email today like this one below

From: Futrell Torina 

Date: October 14, 2013 at 2:17:46 PM EDT

To: Brian ***XX From: Futrell Torina 

Date: October 14, 2013 at 2:17:46 PM EDT

To: Brian ***XX 

Subject: Re[:P]ool Cover Technician (East Side)

Feeling bad to e-mail ya out of nowhere however truly Im thinking about

meeting. In case you are experience bored to death let me know. 

You can 24 7 find me on my profile. There is not any charge to become 

listed on thus yep, would like to talk with you! I have tons of images of us

on the to suit your needs, I think you will always be impressed! xoxo

below this were two nasty selfie pictures.

The email was sent to a common email for our company similar to info@example.com that this user monitors.

the other one is almost exactly the same but with a different hotmail account and a different link "http://tongueo.org "

How do I stop this from happening again?? I can't block all of hotmail!!

and the smtp logs shows they came from two separate servers..

the links all go to the same place eventually, but it goes to a facebook account first, then jumps to "bahoo.be"...Which is some live girls video chat site.

I have added some expressions to the "expressions filter list" but that's all I can think of...

any ideas would be greatly appreciated!
thanks
bill12780

This thread was automatically locked due to age.

Parents

0 BAlfson over 11 years ago

The proxy won't find that. No one can help you without the lines from the SMTP log file related to one off those emails. Even then, your best bet is probably to change the email address.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 bill12780 over 11 years ago in reply to BAlfson

Hello Bob,
I missed your message telling me were to find the smtp log you would like to see.

Here is what I "believe" to be the log entry for the email we received today(monday).

2013:10:21-04:36:08 sophos-1 exim-in[28925]: 2013-10-21 04:36:08 [157.55.2.22] F= R= Verifying recipient address with callout
2013:10:21-04:36:09 sophos-1 exim-in[28925]: 2013-10-21 04:36:09 1VYCqG-0007WX-2b ctasd reports 'Unknown' RefID:str=0001.0A020207.52650399.016C,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2013:10:21-04:36:10 sophos-1 exim-in[28925]: 2013-10-21 04:36:10 1VYCqG-0007WX-2b Greylisting: Greylisted 157.55.2.22
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [1\24] 2013-10-21 04:36:10 1VYCqG-0007WX-2b H=dub0-omc3-s13.dub0.hotmail.com [157.55.2.22]:13590 F= temporarily rejected after DATA: Temporary local problem, please try again!
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [2\24] Envelope-from:
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [3\24] Envelope-to:
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [4\24] P Received: from dub0-omc3-s13.dub0.hotmail.com ([157.55.2.22]:13590)
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [5\24] by mail.poolcovers.com with esmtp (Exim 4.76)
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [6\24] (envelope-from )
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [7\24] id 1VYCqG-0007WX-2b
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [8\24] for servicein@poolcovers.com; Mon, 21 Oct 2013 04:36:09 -0600
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [9\24] P Received: from DUB125-W33 ([157.55.2.7]) by dub0-omc3-s13.dub0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [10\24] Mon, 21 Oct 2013 03:36:06 -0700
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [11\24]   X-CTCH-RefID: str=0001.0A020207.52650399.016C,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [12\24]   X-TMN: [NV713AOHGn+rJ0gReVneo+WZRLHeo0rd]
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [13\24]   X-Originating-Email: [geozht@hotmail.com]
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [14\24] I Message-ID:
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [15\24] * Return-Path: geozht@hotmail.com
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [16\24]   Content-Type: multipart/mixed;
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [17\24] boundary="_c87e7f4b-6cb2-4b4f-82d8-80c9803df393_"
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [18\24] F From: Traverso Windon
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [19\24] T To:
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [20\24]   Subject: re:re[:P]ool Cover Technician (East Side)
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [21\24]   Date: Mon, 21 Oct 2013 10:36:06 +0000
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [22\24]   Importance: Normal
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [23\24]   MIME-Version: 1.0
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [24/24]   X-OriginalArrivalTime: 21 Oct 2013 10:36:06.0499 (UTC) FILETIME=[59365330:01CECE49]
2013:10:21-04:36:10 sophos-1 exim-in[28925]: 2013-10-21 04:36:10 SMTP connection from dub0-omc3-s13.dub0.hotmail.com [157.55.2.22]:13590 closed by QUIT

If you can see anything in this we can try, I am willing to give it a shot. Otherwise, I may just do what you said and change the email address.

Thank you Bob for your patience and help..

Bill12780
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 bill12780 over 11 years ago in reply to BAlfson

Hello Bob,
I missed your message telling me were to find the smtp log you would like to see.

Here is what I "believe" to be the log entry for the email we received today(monday).

2013:10:21-04:36:08 sophos-1 exim-in[28925]: 2013-10-21 04:36:08 [157.55.2.22] F= R= Verifying recipient address with callout
2013:10:21-04:36:09 sophos-1 exim-in[28925]: 2013-10-21 04:36:09 1VYCqG-0007WX-2b ctasd reports 'Unknown' RefID:str=0001.0A020207.52650399.016C,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2013:10:21-04:36:10 sophos-1 exim-in[28925]: 2013-10-21 04:36:10 1VYCqG-0007WX-2b Greylisting: Greylisted 157.55.2.22
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [1\24] 2013-10-21 04:36:10 1VYCqG-0007WX-2b H=dub0-omc3-s13.dub0.hotmail.com [157.55.2.22]:13590 F= temporarily rejected after DATA: Temporary local problem, please try again!
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [2\24] Envelope-from:
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [3\24] Envelope-to:
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [4\24] P Received: from dub0-omc3-s13.dub0.hotmail.com ([157.55.2.22]:13590)
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [5\24] by mail.poolcovers.com with esmtp (Exim 4.76)
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [6\24] (envelope-from )
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [7\24] id 1VYCqG-0007WX-2b
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [8\24] for servicein@poolcovers.com; Mon, 21 Oct 2013 04:36:09 -0600
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [9\24] P Received: from DUB125-W33 ([157.55.2.7]) by dub0-omc3-s13.dub0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [10\24] Mon, 21 Oct 2013 03:36:06 -0700
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [11\24]   X-CTCH-RefID: str=0001.0A020207.52650399.016C,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [12\24]   X-TMN: [NV713AOHGn+rJ0gReVneo+WZRLHeo0rd]
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [13\24]   X-Originating-Email: [geozht@hotmail.com]
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [14\24] I Message-ID:
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [15\24] * Return-Path: geozht@hotmail.com
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [16\24]   Content-Type: multipart/mixed;
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [17\24] boundary="_c87e7f4b-6cb2-4b4f-82d8-80c9803df393_"
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [18\24] F From: Traverso Windon
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [19\24] T To:
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [20\24]   Subject: re:re[:P]ool Cover Technician (East Side)
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [21\24]   Date: Mon, 21 Oct 2013 10:36:06 +0000
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [22\24]   Importance: Normal
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [23\24]   MIME-Version: 1.0
2013:10:21-04:36:10 sophos-1 exim-in[28925]: [24/24]   X-OriginalArrivalTime: 21 Oct 2013 10:36:06.0499 (UTC) FILETIME=[59365330:01CECE49]
2013:10:21-04:36:10 sophos-1 exim-in[28925]: 2013-10-21 04:36:10 SMTP connection from dub0-omc3-s13.dub0.hotmail.com [157.55.2.22]:13590 closed by QUIT

If you can see anything in this we can try, I am willing to give it a shot. Otherwise, I may just do what you said and change the email address.

Thank you Bob for your patience and help..

Bill12780
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 bill12780 over 11 years ago in reply to bill12780

any idea at all before I simply just kill this email??

any help is appreciated!
thanks
bill
Cancel
Vote Up 0 Vote Down

Cancel