| Current Path : /home/ift/mails/16/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : //home/ift/mails/16/1481589375.zrspam.164814_2016_12_13 |
From xhrvwskmwk@elnuevoparquet.com Tue Dec 13 01:36:15 2016
Return-Path: <xhrvwskmwk@elnuevoparquet.com>
X-Original-To: tjungblut@ift-informatik.de
Delivered-To: tjungblut@ift-informatik.de
Received: by ift-informatik.de (Postfix, from userid 5555)
id 3DE703752561F; Tue, 13 Dec 2016 01:36:15 +0100 (CET)
Received: from localhost by h2486555.stratoserver.net
with SpamAssassin (version 3.4.0);
Tue, 13 Dec 2016 01:36:15 +0100
From: "Ashley Person" <xhrvwskmwk@elnuevoparquet.com>
To: "Tobias.jungblut" <tobias.jungblut@ift-informatik.de>
Subject: *****SPAM***** Infections are doomed.
Date: Mon, 12 Dec 2016 23:34:13 -0100
Message-Id: <94k429r9tc9a$rq2f04k5$og1224w4@DITL50>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
h2486555.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: ***************************
X-Spam-Status: Yes, score=27.2 required=5.0 tests=BAYES_99,DIGEST_MULTIPLE,
FROM_LOCAL_NOVOWEL,HELO_DYNAMIC_IPADDR,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,
RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,
RCVD_IN_MSPIKE_L5,RCVD_IN_PBL,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_DUL,
RCVD_IN_XBL,RDNS_DYNAMIC,URIBL_BLOCKED,URIBL_JP_SURBL autolearn=spam
autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_584F427F.A4BFFF6E"
This is a multi-part message in MIME format.
------------=_584F427F.A4BFFF6E
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "h2486555.stratoserver.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Defend yourself with best antibiotics! Find them in our online
shop! Buy at our pharmacy! [...]
Content analysis details: (27.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: 6url.ru]
1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: 6url.ru]
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[79.138.33.168 listed in zen.spamhaus.org]
3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[79.138.33.168 listed in psbl.surriel.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?79.138.33.168>]
2.4 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
[79.138.33.168 listed in bl.mailspike.net]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[79.138.33.168 listed in bl.score.senderscore.com]
1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[79.138.33.168 listed in bb.barracudacentral.org]
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[79.138.33.168 listed in dnsbl.sorbs.net]
1.0 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.3 DIGEST_MULTIPLE Message hits more than one network digest check
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
2.0 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_584F427F.A4BFFF6E
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from h79-138-33-168.cust.se.alltele.net (h79-138-33-168.cust.se.alltele.net [79.138.33.168])
by ift-informatik.de (Postfix) with SMTP id 0E5CB3752561E
for <tobias.jungblut@ift-informatik.de>; Tue, 13 Dec 2016 01:36:12 +0100 (CET)
X-Message-Info: TKQPaAM77fEHfGd588m2+KPZLl0aVYPQ
Received: from mail252.xch.echosphere.cotmail.com ([67.140.254.174]) by ei38-d3.echosphere.cotmail.com with Microsoft SMTPSVC(5.0.2195.6824);
Tue, 13 Dec 2016 02:36:13 +0200
Received: from TYKE20 (c142.118.32.216.rviod5.uwg.echosphere.cotmail.com [152.152.183.149])
by mail211.xta.echosphere.cotmail.com (75.48.9g5/7.04.2) with SMTP id u0X23Vy38352;
Tue, 13 Dec 2016 06:33:13 +0600
Message-ID: <94k429r9tc9a$rq2f04k5$og1224w4@DITL50>
From: "Ashley Person" <xhrvwskmwk@elnuevoparquet.com>
To: "Tobias.jungblut" <tobias.jungblut@ift-informatik.de>
References: <Law6-Q96AeeuMqgwG5Z456205r9@echosphere.cotmail.com>
Subject: Infections are doomed.
Date: Mon, 12 Dec 2016 23:34:13 -0100
MIME-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit
Defend yourself with best antibiotics! Find them in our online shop!<br>
<a href="http://6url.ru/jvzZ"style="color:#0B7303;">Buy at our pharmacy!</a>
------------=_584F427F.A4BFFF6E--