~~~ Please read before posting. ~~~

Important: We need your Club Number at a minimum, and as many details as possible.
For further info please read This page before posting.

Sudden spam problem

  • kerint
  • kerint's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 14
  • Thanks: 4

Sudden spam problem

6 years 3 months ago - 6 years 3 months ago
#75194
Hi, our Contact Us is suddenly getting inundated with spam, 3 in the last hour alone, some really gross x rated stuff. I add domains to the black list as they come in (but they are all different, and it's getting time consuming). I added the Spam button to the bottom of each email, and I changed our SpamAssassin threshold to 3 (the most protection possible) to no avail.

1) Is there a way to "check our spam folder" to see if we've missed any legit messages?
2) Is there a way to set specific KEYWORDS instead of just domains or email addresses? Then I could block any emails with any icky terms?
3) Seems like they all end with .icu. Can I somehow add just the extension .icu to the black list?

Kerin
4664 Plaza Toastmasters
plaza.toastmastersclubs.org/
Last edit: 6 years 3 months ago by kerint.
The topic has been locked.
  • Brian
  • Brian's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 10616
  • Thanks: 3569

Re: Sudden spam problem

6 years 3 months ago
#75195
1) there is no spam folder, we do not store any email just forward them.

2) if you look at the email header and look for the originating IP address we can block that.
The topic has been locked.
  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 11526
  • Thanks: 3050

Re: Sudden spam problem

6 years 3 months ago - 6 years 3 months ago
#75196
kerint wrote: 1) Is there a way to "check our spam folder" to see if we've missed any legit messages?

While we do retain spam emails, that retention is strictly for our internal use (for troubleshooting and tweaking of the spam filtering) and those emails are concatentated together in one large text file on the server... no segregation by club number. There is no way for you to inspect what was filtered out at the current time for administration purposes. Perhaps I will add some sort of inspection mechanism in the future but none exists currently.


2) Is there a way to set specific KEYWORDS instead of just domains or email addresses? Then I could block any emails with any icky terms?

We can tweak the spam filter we use for certain keywords, but that is applied globally throughout the system, not just for one club. There is no way for you to access the spam filtering settings directly, and I doubt we would ever allow that.


3) Seems like they all end with .icu. Can I somehow add just the extension .icu to the black list?

I purposely set up the domain syntax for the club blacklists to use complete domain names. It speeds and simplifies processing (simpler pattern matches and domain verification) and is sufficient for the vast majority of use cases.


Kerin
4664 Plaza Toastmasters
plaza.toastmastersclubs.org/
Last edit: 6 years 3 months ago by SteveTheTechie.
The topic has been locked.
  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 11526
  • Thanks: 3050

Re: Sudden spam problem

6 years 3 months ago - 6 years 3 months ago
#75197
Kerin,

If you are unsure how to find the originating IP addresses for the emails, then post the raw email headers here using the <> code icon above the message editor (prevents mangling) and Brian or I can probably help you determine them from the headers.
Last edit: 6 years 3 months ago by SteveTheTechie.
The topic has been locked.
  • kerint
  • kerint's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 14
  • Thanks: 4

Re: Sudden spam problem

6 years 3 months ago - 6 years 3 months ago
#75201
Hi! Thanks for your help. Is this the info you're looking for, or should I copy further down the header? (Or do I have the wrong info altogether?) So I know for the future, which one is the originating IP? Once you tell me this one, I can look for the IP for the others.
Code:
Received: from BN3NAM01HT057.eop-nam01.prod.protection.outlook.com (2603:10b6:3:9a::15) by DM5PR0101MB2988.prod.exchangelabs.com with HTTPS via DM5PR19CA0029.NAMPRD19.PROD.OUTLOOK.COM; Wed, 29 May 2019 22:09:46 +0000 Received: from BN3NAM01FT047.eop-nam01.prod.protection.outlook.com (10.152.66.56) by BN3NAM01HT057.eop-nam01.prod.protection.outlook.com (10.152.66.242) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1922.16; Wed, 29 May 2019 22:09:45 +0000 Authentication-Results: spf=pass (sender IP is 50.19.253.65) smtp.mailfrom=toastmastersclubs.org; outlook.com; dkim=fail (body hash did not verify) header.d=toastmastersclubs.org;outlook.com; dmarc=pass action=none header.from=toastmastersclubs.org; Received-SPF: Pass (protection.outlook.com: domain of toastmastersclubs.org designates 50.19.253.65 as permitted sender) receiver=protection.outlook.com; client-ip=50.19.253.65; helo=toastmastersclubs.org; Received: from toastmastersclubs.org (50.19.253.65) by BN3NAM01FT047.mail.protection.outlook.com (10.152.66.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1922.16 via Frontend Transport; Wed, 29 May 2019 22:09:45 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:1859CB2F0C141C0B1D6E95EC2B9A879CF0DC6132320918E7792CF6F34177D57C;UpperCasedChecksum:285BEC65360600C6811B612B092355314AA2555BC3078D44DB035F3211FD6085;SizeAsReceived:1947;Count:19 Received: from localhost.localdomain (toastmastersclubs.org [127.0.0.1]) by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id x4TM9jWa008511 for <KERIN’S EMAIL@outlook.com>; Wed, 29 May 2019 22:09:45 GMT Message-ID: <201905292209.x4TM9jWa008511@toastmastersclubs.org> Received: from steamjury.icu ([70.96.202.5]) by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id x4TM9dJJ008386 for <OUR CONTACT US EMAIL@toastmastersclubs.org>; Wed, 29 May 2019 22:09:43 GMT DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail; d=steamjury.icu;
Last edit: 6 years 3 months ago by SteveTheTechie.
The topic has been locked.
  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 11526
  • Thanks: 3050

Re: Sudden spam problem

6 years 3 months ago - 6 years 3 months ago
#75202
Yes those are the headers. I threw the code formatting on it for you... much more readable.

[strike]I think Brian should weigh in on this, but I think it may be the 10.152.66.56 or 10.152.66.242 IP Address that is relevant, but I am not sure which the FTH server would actually see on incoming email. (50.19.253.65 is the FTH server)[/strike] Received: from steamjury.icu ([70.96.202.5]) is likely more relevant.

The way I read this is to start at the top for where the email orginated... I believe each "Received: from" is a different server along the "delivery path".

Brian: What do you think?
Last edit: 6 years 3 months ago by SteveTheTechie.
The topic has been locked.
Moderators: BrianJane AtkinsonPamrhtaylor3marc33NotLiablejgavinLcala305peterb323
Time to create page: 0.311 seconds

Copyright © 2025 FreeToastHost 3 Support. All Rights Reserved.