Forums & Blog

We are now getting loads of this type of spam :-

the best solution for growth

do it better

make your friend bigger.

These are the headers 

Microsoft Mail Internet Headers Version 2.0
Received: from mail pickup service by ourserver.ourdomain.com with Microsoft SMTPSVC; Fri, 14 Mar 2008 13:12:45 -0400
thread-index: AciF9p7vhsWYX829Tc62nUSHCBsbcQ==
Cc:
Bcc:
Return-Path: <dfocjet@ourdomain.com>
Date: Fri, 14 Mar 2008 13:12:45 -0400
From: "Clinton" <dfocjet@ourdomain.com>
Message-ID: <0F3892C219094182B3EA932CD790C95D@ourdomain.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: "Bette" <monica@ourdomain.com>
X-Mailer: Microsoft CDO for Exchange 2000
Subject: the best solution for growth
Content-Type: text/plain;
    format=flowed;
    charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Content-Class: urn:content-classes:message
Importance: normal
X-SmarterMail-Spam: SpamAssassin 26.5 [raw: 10.6], SPF_None
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4133
X-OriginalArrivalTime: 14 Mar 2008 17:12:45.0702 (UTC) FILETIME=[9F0E4260:01C885F6]

Microsoft Mail Internet Headers Version 2.0
Received: from mail pickup service by ourserver.ourdomain.com with Microsoft SMTPSVC; Fri, 14 Mar 2008 11:08:50 -0400
thread-index: AciF5U8j/EojqOAzQIuxHU+Oyyd80w==
Cc:
Return-Path: <qc@ourdomain.com>
Bcc:
Date: Fri, 14 Mar 2008 11:08:50 -0400
Message-ID: <C4FFBF8B7E2A436880754BD9D47E79C1@ourdomain.com>
From: "Esther" <qc@ourdomain.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
X-Mailer: Microsoft CDO for Exchange 2000
To: "Estella" <editors@ourdomain.com>
Subject: make your friend bigger
Content-Type: text/plain;
    format=flowed;
    charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4133
X-SmarterMail-Spam: Bayesian Filtering, SpamAssassin 46.25 [raw: 18.5], SPF_None, SpamCop, SpamHaus ZEN
X-OriginalArrivalTime: 14 Mar 2008 15:08:50.0385 (UTC) FILETIME=[4F42EC10:01C885E5]

What methods can we use to block these from end users ?
 

KPITConsulting:

X-SmarterMail-Spam: Bayesian Filtering, SpamAssassin 46.25 [raw: 18.5], SPF_None, SpamCop, SpamHaus ZEN

Well, it triggered your bayesian filter, a score of 18.5 in SA, SpamCop, and SpamHaus.....I'd say it should be filtered as SPAM for those reasons. 

 Actually these headers are from the the webmail on the server, might be more useful.

Return-Path: <b@ourdomain.com>
Received: from UnknownHost [125.185.67.134] by ourdomain.com with SMTP;
   Fri, 14 Mar 2008 08:38:52 -0400
Received: from [125.185.67.134] (port=9341 helo=125.185.67.134)
        by mail.ourdomain.com with esmtp 
        id d79188-9824cb-aa
        for admin@ourdomain.com; Fri, 14 Mar 2008 21:39:01 +0900
X-Original-To: admin@ourdomain.com
Delivered-To: admin@ourdomain.com
Message-ID: <4a6d01c8861b$d15f93c0$8643b97d@ourdomain.com>
From: "Antony" <b@ourdomain.com>
To: "Carole" <admin@ourdomain.com>
Subject: make your friend bigger
Date: Fri, 14 Mar 2008 21:39:01 +0900
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_4A6D_01C885D0.6183AB90"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3028
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-SmarterMail-Spam: Reverse DNS Lookup, SpamAssassin 22.75 [raw: 9.1], SPF_None, SpamCop, SpamHaus ZEN

 There is 1 domain on this server and I had changed to "Use default spam settings"

This however, seemed to turn off all spam filtering instead of taking the filtering set at the server level.

has anyone else seen this ?

I turned it back on again. 

You could set up a content filter at the domain level to check for these specific email headers, or if you have access to the system admin area you can try checking out the multiple antispam options available to you. (custom headers, smtp blocked senders, or even blacklist).

Do you have greylisting enabled? These are all things that could help you prevent spam.