Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1663 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

increase in spam getting through UTM Home Edition

dnabsuh
I have noticed a significant jump in the amount of spam making its way through the UTM Home Edition the past month, I have forwarded it all to the  is-spam@sophos account, but it seems odd that so much is now making its way through.


This thread was automatically locked due to age.
  • 0
    Hi, and welcome to the User BB!

    Not seeing that. Please show the header from an email you would have expected to have been blocked. 

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    He didn't reply, I will post one...

    IP's from 162.212.130.29 to 162.212.130.34 are sending these type of spam emails and they are making it through.  

    CYREN IP Reputation Check - CYREN IFrames has nothing nice to say about them.


    Received: from [162.212.130.29] (port=33925 helo=smtp.offbowl.eu) by ****.****.org with esmtp (Exim 4.76) (envelope-from ) id 1WDC0a-0003Aq-2c for ****@****.com; Tue, 11 Feb 2014 06:00:13 -0600
    X-CTCH-RefID: str=0001.0A090206.52FA10CD.0013,ss=2,re=0.000,recu=0.000,reip=0.000,cl=2,cld=1,fgs=0
    DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=offbowl.eu; h=Mime-Version:From:To[:D]ate:Subject:Content-Type:Reply-To:Message-ID; i=violet88560@offbowl.eu; bh=Zn4L/9/2ZaM2SzKFGMYVYRa0qY4=; b=iKKyMNRN942ZX5CohMlWJKhe2jfX8VxtSPbyv910Visywc1TPnPjKW4cSpKNzLDyjpkNaw1FCDBR phT/Ey5D7JIVVL55N9G1uNxDyo8O+I9vWfkc5PZGCQAe/wKE8azoPnMWibiQXZ82NUy2dbGGZ9OX vGI1U36IjHykyJIKHrg=
    DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=offbowl.eu; b=0E2PVFRYlY+Sut4bnPOJRNgiutjT0Di+qOeA1aFVLQhokaMYKbvmH4q1ZgKUDW8YSvgHOBqlKAEV avd00q7xaN7YA7/egNEqgmIx4VL9is2R1epy1L5L+RuA9yftmKlKYzNbO7iWIakyiet5NNEXtE1v Y0kXEh0nT01DaVa/8eE=;
    Mime-Version: 1.0
    From: "~Lending*Tree~" 
    To: 
    Date: Tue, 11 Feb 2014 06:39:49 -0500
    Subject: Mortgage rates remain at historic lows ****@****.com
    Content-Type: multipart/alternative; boundary="9f8c46f5465fb05d9467ce0124a76b6204f24ce5"
    Reply-To: "(LendingTree)" 
    Message-ID: 
    --9f8c46f5465fb05d9467ce0124a76b6204f24ce5
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable


    Madrid (CNN) communicate live -- A Spanish judge record climb issued intern=
    ational arrest warrants Monday for China's former President Jiang Zemin and=
    emphasize required former Prime Minister Li Peng for alleged genocide fit =
    cowardly zestily against the people of Tibet, Spain's National Court in mon=
    ey sale joyously compensation Madrid said.
    The warrants raid sizzling habitually against them and three other senior C=
    hinese officials defiantly are the latest chapter in a long-running lawsuit=
    by pro-Tibetan groups lastly and a dual Tibetan-Spanish citizen who seek i=
    nternational legal action bank survivorship untaxed against some Chinese of=
    ficials.
    Judge Ismael Moreno finance apologize deductible issued the arrest warrants=
    for alleged "genocide, sell-off finally coach torture and crimes against h=
    umanity," woefully quantity endorse compactly and ordered them to be sent t=
    o Interpol, the international police agency, deliver quicker hatefully acco=
    rding to a copy of the order steadily where finance viewed by CNN.
    --=20
    This email was Virus checked by Astaro Security Gateway. http://www.astaro.=
    com

    --9f8c46f5465fb05d9467ce0124a76b6204f24ce5
    Content-Type: text/html; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable



























































    Madrid (CNN) fluently heavenly shakily -- A Spanish judge teach knit issued=
    international arrest warrants Monday for China's former President Jiang Ze=
    min and powerfully hauntingly former Prime Minister Li Peng for alleged gen=
    ocide vengeful against the people of Tibet, Spain's National Court in easil=
    y pause Madrid said.
    The warrants menacing against them and three other senior Chinese officials=
    appraisal luxuriously hijack are the latest chapter in a long-running laws=
    uit by pro-Tibetan groups ponder all and a dual Tibetan-Spanish citizen who=
    seek international legal action fervently hugely against some Chinese offi=
    cials.
    Judge Ismael Moreno briskly issued the arrest warrants for alleged "genocid=
    e, humorously please torture and crimes against humanity," simply glide wei=
    ghty and ordered them to be sent to Interpol, the international police agen=
    cy, speak fondly dental according to a copy of the order heal viewed by CNN.



    --=20
    This email was Virus checked by Astaro Security Gateway. http://www.astaro.=
    com


    --9f8c46f5465fb05d9467ce0124a76b6204f24ce5--
  • 0
    this is a very sophisticated advance-fee fraud email.  The domain offbowl.eu was created earlier today and the criminals were smart enough to make rDNS and DKIM entries.  Reporting the mail to Sophos is a good idea, but if you really want to slow these crooks down, ask the registrar to suspend the domain and block them from doing business with joker.com again: https://joker.com/index.joker?mode=support&support_type=spam

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Thanks!  We always appreciate your help!

    I submitted the complaint, I wish there was more I could do to stop this garbage.  It feels a bit futile.

    Do you think 9.2 will help any?

    RIchard
Unfiltered HTML