I got this spammer in China that’s sending me stuff that SS isn’t picking up after asking it to analyze and save in the Blocklist. So I went in to see if I could specifically set something in the corpus.
Return-Path: <firstname.lastname@example.org> Delivered-To: email@example.com Received: from localhost (localhost [127.0.0.1]) by electra.pints.com (Postfix) with ESMTP id 87E161C054AB for <firstname.lastname@example.org>; Fri, 8 Jan 2016 07:10:50 -0500 (EST) X-Virus-Scanned: amavisd-new at pints.com X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end with expected boundary; ; error: unexpected end of parts before epilogue X-Spam-Flag: NO X-Spam-Score: 5.804 X-Spam-Level: ***** X-Spam-Status: No, score=5.804 tagged_above=2 required=19 tests=[BAYES_05=-0.5, DRUGS_ERECTILE=1.994, DRUGS_ERECTILE_OBFU=1.109, HTML_MESSAGE=0.001, INVALID_DATE=1.096, RCVD_IN_RP_RNBL=1.31, RDNS_NONE=0.793, SPF_HELO_FAIL=0.001] autolearn=no Received: from electra.pints.com ([127.0.0.1]) by localhost (electra.pints.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AF6iJXfslXOy for <email@example.com>; Fri, 8 Jan 2016 07:10:50 -0500 (EST) Received: from sex.com (unknown [126.96.36.199]) by electra.pints.com (Postfix) with ESMTP id 471741C0549A for <firstname.lastname@example.org>; Fri, 8 Jan 2016 07:10:47 -0500 (EST) Received: by mx.sex.com (Postfix, from uid 2) id 513EF4AB41D; Fri, Jan 8 2016 11:55:17 +0000 (UTC) To: email@example.com From: firstname.lastname@example.org Subject: Dyna : succcess story MIME-Version: 1.0 Message-Id: <1452254117.513EF4AB41D@mx.sex.com> Content-Type: multipart/alternative; boundary="3B4F067692B-360710452" Date: Fri, Jan 8 2016 11:55:17 +0000 (UTC) --3B4F067692B-360710452 Content-Type: text/plain; charset="iso-8859-1" Help me pls Diianna Back into the youth - only with Vigara Prrooffessioonaal Here: http://www383.House.xn--e1afdb7bg4a.xn--p1ai/ BB Antiochus, Mithridates, Tigranes, and others. Shorty turned on him. UNDERWRITER. One who insures. Assent yourself, and gain the royal will.
I’ve tried using “Received contains” with the value “sex.com”, didn’t work.
I tried “Body contains” with the value “house.xn”, didn’t work.
It’s spoofed from that part forward, so I’m not sure why this isn’t working.
Any advice as to how I can fix this.