Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 11018 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with Amazonaws.com spam

tbannar
I have been receiving a lot of spam recently that is being routed via AMAZONAWS.COM.  It is from the same source every time, they just keep changing their domain in the envelope-from header on a daily basis.  I can at least quarantine it by keying on ufhj.com in the expression filter.  Is there are a way to block this?  Is there a way for an expression filtered email to be blocked instead of quarantined?  Below is one of the emails received this morning.  

Received: from ec2-52-89-193-124.us-west-2.compute.amazonaws.com ([52.89.193.124]:37875) by fw.***x.com with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1Zrc5R-0007rq-2z for todd@***xx.com; Wed, 28 Oct 2015 21:33:06 -0400
X-CTCH-RefID: str=0001.0A020204.56317752.00C6,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key; d=kshou8.com; h=To:Subject:Message-ID[:D]ate:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; i=Urania@kshou8.com; bh=6TdqqVoeT6dDeIRvV1mSvmJoFwA=; b=Z8OBeQiuTQLnmbvHTiz26uUk4EQ7HefPeGUHul8BWeR27INyQ6IQDivzmmy42870O3xR0dXmLOOH BQPmpjRHfqzjukYXCRmslQL1tUSeRkjndX02gYcc1IuY2utv1AdHd/Y2wagRRTJZthDoMxxv3HZp U/DTcVAfBTjUEQR9e4A=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key; d=kshou8.com; b=rzd/BHaTt1CC0Fz0YcW0En8G7OLQT/B4lTeIH/Cy+Z0SAzyZEQplG7z+Rmk+4HrhCCc2YHRfdy8f Il4r3gXnOhoYiPgCtrAzl+xNwgte2eK6YUOCX8e9gmV2NMDpaPSoSS5H8XCB2hvSLMF4FO5z+l9J FrDkTGZYEONPLUjoZVE=;
Received: from chloe.ufhj.com (119.28.12.101) by ec2-52-89-193-124.us-west-2.compute.amazonaws.com id h65rl00e97gc for ; Wed, 28 Oct 2015 21:11:04 -0400 (envelope-from )
To: todd@***xx.com
Subject: UGG Australia
Message-ID: 
Return-Path: Naomi@kshou8.com
Date: Thu, 29 Oct 2015 09:11:04 +0800
From: "Ziva" 
Reply-To: Adeline@kshou8.com
MIME-Version: 1.0
X-Mailer-LID: 1
List-Unsubscribe: 
X-Mailer-RecptId: 65378
X-Mailer-SID: 2
X-Mailer-Sent-By: 1
Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_948b25fdc9280c6660853fedb7c3499b"
Content-Transfer-Encoding: 8bit
--b1_948b25fdc9280c6660853fedb7c3499b
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: 8bit

Your email client cannot read this email.
To view it online, please go here:
http://chloe.ufhj.com/iem2/ff5kD65378-Yx6me05b41ec251b94707397be26eb0aba93_jxFi2.lzwt1-f7Py1.html


To stop receiving these
emails:http://chloe.ufhj.com/iem2/UFc7U65378/xiDle05b41ec251b94707397be26eb0aba93/hopd1_sOCE2.html

Powered by Interspire

--b1_948b25fdc9280c6660853fedb7c3499b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 8bit










Unsubscribe
Browser
View







 











 

 

 



 

 

 



 

 

 











Unsubscribe
Browser
View | Report
Spam






Copyright © 2015 cuoboots All Rights Reserved.











 


 
  
   
      

    
     

       
        Powered by Interspire
       
      

     
    
   
  
 



--b1_948b25fdc9280c6660853fedb7c3499b--


This thread was automatically locked due to age.
Parents
  • 0
    What are your spam action and confirmed spam action settings set to?  You can also open up a support case, if you have a paid license.  Sophos can then submit information (X-CTCH-RefID string) to the spam database provider UTM uses (Cyren), or you can send it yourself.

    Reporting False Negatives (Spam mail that was not flagged):

    1. Obtain the message as it was originally received (original headers intact).

    2. Send the message as an attachment to reportfn@blockspam.biz with the following subject line:
    [FN Report][Astaro][Date]

    NOTE: Only the Date block should be modified. Ex: [FN Report][Astaro][mm/dd/yyyy]
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Reply
  • 0
    What are your spam action and confirmed spam action settings set to?  You can also open up a support case, if you have a paid license.  Sophos can then submit information (X-CTCH-RefID string) to the spam database provider UTM uses (Cyren), or you can send it yourself.

    Reporting False Negatives (Spam mail that was not flagged):

    1. Obtain the message as it was originally received (original headers intact).

    2. Send the message as an attachment to reportfn@blockspam.biz with the following subject line:
    [FN Report][Astaro][Date]

    NOTE: Only the Date block should be modified. Ex: [FN Report][Astaro][mm/dd/yyyy]
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Children
No Data
Unfiltered HTML