Examples of junk emails arising from faulty server config.

Server configuration needs careful attention by ISPs
The history of the following email is that a virus sent out a message on a zombie computer from a forged email address. The receiving server did not detect the message as spam and, in typical cases, send out a "no user here" message or a "Disc Full" message. It sends it out, not to the zombie computer that sent the message but to our server which is nothing to do with it. If our server sent out a message in reply, mailloops would follow and more junk emails be sent throughout the internet. This has an effect on internet resources, bnot the least of which is the energy consumption of server farms leading to global warming.

A properly set up server does not respond to junk emails. The AntEspam filters can assist in this process.

Flipside thought - examination of these emails tell us something about the source of spam and thereby give us clues in the fight against spam

At AntEspam.co.uk we have compiled our own filters to deal with such messages on our systems but if you are running a standard configuration of Spam Assassin Tim Jackson is the current expert on false virus notification messages and his configuration file is available on his site. 
X-ClientAddr: 65.243.234.36
Received: from md1.itwsourcing.com (mail.itwsourcing.com [65.243.234.36])
     by srv01.info-world.com (8.11.6/8.11.6) with ESMTP id j17Fn9E27940
     for kmocmhe@sister-hazel.com; Mon, 7 Feb 2005 15:49:09 GMT
Received: from md1.itwsourcing.com (localhost)
     by md1.itwsourcing.com (MOS 3.4.4-GR)
     with internal id DCQ11024;
     Mon, 7 Feb 2005 09:38:45 -0600 (CST)
Date: Mon, 7 Feb 2005 09:38:45 -0600 (CST)
From: Mail Delivery Subsystem MAILER-DAEMON@md1.itwsourcing.com
Message-Id: 200502071538.DCQ11024@md1.itwsourcing.com
To: kmocmhe@sister-hazel.com
MIME-Version: 1.0
Subject: {Bad Spam?} Returned mail: Unable to deliver mail
Auto-Submitted: auto-generated (failure)
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=705.9, required 8,
     ALMOSTRUBBISH -1.00, APPLES3 4.00, APPLES4 4.00, APPLES5 2.00,
     APPLESA 0.01, APPLESB 0.01, APPLESC 0.01, APPLESD 8.00,
     APPLESX1 27.00, APPLESX5 1.00, APPLESX6 1.00, APPLESZ5 1.00,
     ASPACC -0.01, BLOCKPLUS 130.00, COMPLETERUBBISH 1.00,
     DELETEAFTER 20.01, DELETEREMAINDER 0.01, DIFFAPPLE1 0.01,
     DINSPECT 0.01, FAILURE_NOTICE_1 -0.12, MAILER_DAEMON 2.00,
     NOTHINGIN 20.00, OUTPHAZE 1.00, OUTPHAZORED 66.00, OUTSHINE 1.00,
     REALLYNOTHINGIN 300.00, REALLYXNOTHINGIN 5.00, SUPERBLACKITS 105.00,
     VTEST1 6.00, XNOTHINGIN 1.00, score 1.00)
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss

The original message was received at Mon, 7 Feb 2005 09:38:15 -0600 (CST)
from adsl-68-72-92-58.dsl.chcgil.ameritech.net [68.72.92.58]



Received: from adsl-68-72-92-58.dsl.chcgil.ameritech.net (adsl-68-72-92-58.dsl.chcgil.ameritech.net [68.72.92.58])
     by md1.itwsourcing.com (MOS 3.4.4-GR)
     with SMTP id DCQ10749;
     Mon, 7 Feb 2005 09:38:11 -0600 (CST)
Received: from judy.webhost4.alterusa.com
     id CFB61264DE; Mon, 07 Feb 2005 21:29:37 +0600
Received: by dependent.webhost9.starnetusa.net (Postfix, from userid 050)
     id CFB66394DE; Mon, 07 Feb 2005 12:31:37 -0300
Date: Mon, 07 Feb 2005 21:33:37 +0600
Message-Id: 21831130090241.CFB7196DE@amity.starnetusa.net
To: tjscr217@pmifeg.com
Subject: don`t be a moron Clement


Subject:   don`t be a moron Clement
Date:   Mon, February 7, 2005 15:33
To:   tjscr217@pmifeg.com
Priority:   Normal
No further content . . .
Here's the new version of the cheating wives spam. The spammers are trying to convert the spam to something that tries to look like ham but our PASSIONFRUIT filters PHAZORED it without needing adjustment. 
X-ClientAddr: 211.227.105.228
Received: from cantillon.demon.co.uk ([211.227.105.228])
Message-ID: AJGGIGGKPCDOGFGGJOPICHEIALAB.d_d_staffordgd@arved.de
From: "Demetrius D. Stafford" d_d_staffordgd@arved.de
Subject: {Spam?} other people in your area that want to cheat
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=27.5, required 8,
     ALMOSTRUBBISH -1.00, ASPACC -0.01, ASPACE -0.01, ASSURD 1.00,
     BASE64_ENC_TEXT 5.50, BASSURD1 5.00, BODY_WORDS 7.50,
     CHERRY4 -18.00, CHERRY5 -19.00, CHERRYY2 -30.00,
     DELETEREMAINDER 0.01, HTML_10_20 1.36, HTML_MESSAGE 0.10,
     INSPECT2 0.01, MIME_HTML_ONLY 1.00, MSGID_GOOD_EXCHANGE -5.00,
     NEWCH2a -2.00, NEWNEG2 0.01, NEWPIP1 0.01, ORANGE2 1.00,
     ORANGEER 0.01, OUTCHERRY2 30.00, OUTCHEVAL 30.00, OUTNUMBER 1.00,
     OUTPHAZE 1.00, PASSIONATC 1.00, PASSIONATE 1.00, PASSIONFRUIT 1.00,
     PIPS2 3.00, PROBPLUS -10.00, SPAMMERFRUITS 1.00, WIDOWER 20.00,
     score 1.00)
X-www.antespam.co.uk-SpamScore: sssssssssssssssssssssssssss

Hello, come to the world's largest adlullt datti1ng place.  You're going to find
people here that are looking for just about everything.  Wives that need to find
secret people to hook up with.  People that are looking for alternative lifestyle
type things.  Women that want to try aye null ex.  Women that want to be
domininiatted by men and so on.  Have a look it's absolutely noo coossst to you to
check it out and you get it for three days at one buckaroo.
Here's another junk email, nothing to do with anything sent from our server. Responsible ISPs should use spam filtering to prevent junk admin message emails going out. 

Return-Path: Postmaster@mail.nifty.ne.jp
X-ClientAddr: 192.47.24.155
Received: from ums5.nifty.ne.jp (ums5.nifty.ne.jp [192.47.24.155])
Received: (from root@localhost)
     by ums5.nifty.ne.jp id BAA26824;
     Tue, 8 Feb 2005 01:08:20 +0900 (JST)
From: Postmaster@mail.nifty.ne.jp
Message-Id: 200502071608.BAA26824@ums5.nifty.ne.jp
Date: Tue, 08 Feb 2005 01:08:20 +0900
Subject: {Bad Spam?} Returned mail: GFA00772 did not receive a mail
To: RRPWXSWYCWJ@sister-hazel.com
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=686.4, required 8,
     ALMOSTRUBBISH -1.00, APPLES2 2.00, APPLES5 2.00, APPLES6 10.00,
     APPLES7b 7.00, APPLESA 0.01, APPLESB 0.01, APPLESC 0.01,
     APPLESD 8.00, APPLESX4 5.00, APPLESX5 1.00, APPLESX6 1.00,
     APPLESY2 26.00, APPLESZ5 1.00, BLOCKPLUS 130.00,
     COMPLETERUBBISH 1.00, DELETEAFTER 20.01, DELETEREMAINDER 0.01,
     DIFFAPPLE1 0.01, DINSPECT 0.01, FAILURE_NOTICE_1 -0.12,
     NOTHINGIN 20.00, NO_REAL_NAME 1.50, OUTNUMBER 1.00, OUTPHAZE 1.00,
     OUTPHAZORED 66.00, OUTSHINE 1.00, PHAZING 70.00,
     REALLYNOTHINGIN 300.00, REALLYXNOTHINGIN 5.00, VTEST1 6.00,
     XNOTHINGIN 1.00, score 1.00)
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss


----- Unsent reason follows -----
GFA00772 could not receive a mail that you had sent.
GFA00772 is not acceping any mail.

----- Unsent message follows -----
Return-Path: RRPWXSWYCWJ@sister-hazel.com
Date: Mon, 07 Feb 2005 08:01:43 -0800
From: "Tyrone Ballard" RRPWXSWYCWJ@sister-hazel.com
Reply-To: "Tyrone Ballard" RRPWXSWYCWJ@sister-hazel.com
To: "Dus" dus@niftyserve.or.jp
Subject: Jeanine
Received: from 202.248.44.120 ([211.223.186.173])
        by ums530.nifty.ne.jp with SMTP id j17G2v8M002195;
        Tue, 8 Feb 2005 01:03:01 +0900
Message-Id: 200502071603.j17G2v8M002195@ums530.nifty.ne.jp
X-Message-Info: E23JIH88TXfn6kdZOLealVU191BEQ792bioUFZrfW1
Received: from 136.224.148.244 by ip-225-4-5-42.vmh.RRPWXSWYCWJ@sister-hazel.c
om (AppleMailServer 68.4.0.9) id 2844784662 via NDR; Mon, 07 Feb 2005 08:01:43
 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--5807953138022644054"

----- Message body suppressed -----
Here's another where all this bouncing was caused by the recipient system being unable to rely confidently upon its X-Spam system. AntEspam filters would have made the difference. . . 
X-ClientAddr: 64.78.59.236
Received: from postfixr.intermedia.net (postfixr.intermedia.net [64.78.59.236])
Received: from postfix6.intermedia.net ([64.78.61.227]) by postfixr.intermedia.net with Microsoft SMTPSVC(5.0.2195.6713);
     Mon, 7 Feb 2005 12:43:56 -0800
Received: by postfix6.intermedia.net (Postfix)
     id D40F9375E6; Mon, 7 Feb 2005 12:43:56 -0800 (PST)
Date: Mon, 7 Feb 2005 12:43:56 -0800 (PST)
From: MAILER-DAEMON@postfix6.intermedia.net (Mail Delivery System)
Subject: {Bad Spam?} Undelivered Mail Returned to Sender
To: ktoqi@sister-hazel.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
     boundary="55363375AC.1107809036/postfix6.intermedia.net"
Message-Id: 20050207204356.D40F9375E6@postfix6.intermedia.net
X-OriginalArrivalTime: 07 Feb 2005 20:43:56.0985 (UTC) FILETIME=[BE875A90:01C50D55]
X-www.antespam.co.uk-Information: Please see www.antespam.co.uk for more information
X-www.antespam.co.uk-MScan: Not scanned: please visit www.antespam.co.uk for details
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=502.9, required 8,
     ALMOSTALLRUBBISH 1.00, ALMOSTRUBBISH -1.00, APPLES2 2.00,
     APPLES3 4.00, APPLES4 4.00, APPLES7b 7.00, APPLESA 0.01,
     APPLESC 0.01, APPLESX1 27.00, APPLESX2 27.00, APPLESX3 20.00,
     APPLESX6 1.00, APPLESZ5 1.00, BODY_LOTS_OF_WORDS 7.50, CHERRY3 -3.00,
     COMBAST 50.00, COMBINATION5 50.00, COMBINATIONL4 33.00,
     COMBINATIONY4 10.00, COMPLETERUBBISH 1.00, DELETABLE 1.00,
     DELETEAFTER 20.01, DELETENEXT 20.01, DELETEREMAINDER 0.01,
     DINSPECT 0.01, ENGLISHSENDER -10.00, INSPECT3 0.01, LETTOMETER 35.00,
     MAILER_DAEMON 2.00, MILDBAST3 30.00, NEARLYALLRUBBISH 1.00,
     NEWAPPLES 0.40, NEWID 1.00, NEWNEG2 0.01, NEWNEG3 9.00, NEWPIP1 0.01,
     NEWVIRUS1 1.00, ORANGE2 1.00, ORANGE4 2.00, ORANGEER 0.01,
     PIPS2 3.00, PRODUCT -27.00, SUPERBLACKITS 105.00, VTEST1 6.00,
     WIDOW 20.00, WIDOW3a 45.00, X_ORIG -5.00, score 1.00)
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss


This is the Postfix program at host postfix6.intermedia.net.

I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to 

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                        The Postfix program

papapump@optperformance.com: host mail.optperformance.com[206.40.48.151]
    said: 550 5.1.1 papapump@optperformance.com is not a valid mailbox (in
    reply to RCPT TO command)

rjbaty@optperformance.com: host mail.optperformance.com[206.40.48.151] said:
    550 5.1.1 rjbaty@optperformance.com is not a valid mailbox (in reply to
    RCPT TO command)

snbs12a@optperformance.com: host mail.optperformance.com[206.40.48.151] said:
    550 5.1.1 snbs12a@optperformance.com is not a valid mailbox (in reply to
    RCPT TO command)

spruce9@optperformance.com: host mail.optperformance.com[206.40.48.151] said:
    550 5.1.1 spruce9@optperformance.com is not a valid mailbox (in reply to
    RCPT TO command)

ssirles@optperformance.com: host mail.optperformance.com[206.40.48.151] said:
    550 5.1.1 ssirles@optperformance.com is not a valid mailbox (in reply to
    RCPT TO command)

stinie7@optperformance.com: host mail.optperformance.com[206.40.48.151] said:
    550 5.1.1 stinie7@optperformance.com is not a valid mailbox (in reply to
    RCPT TO command)

susanna_koepsel@optperformance.com: host
    mail.optperformance.com[206.40.48.151] said: 550 5.1.1
    susanna_koepsel@optperformance.com is not a valid mailbox (in reply to
    RCPT TO command)

tictoc15@optperformance.com: host mail.optperformance.com[206.40.48.151]
    said: 550 5.1.1 tictoc15@optperformance.com is not a valid mailbox (in
    reply to RCPT TO command)

Here's the original spam email:

Received: from localhost (postfix6.intermedia.net [127.0.0.1])
     by postfix6.intermedia.net (Postfix) with ESMTP id 55363375AC;
     Mon, 7 Feb 2005 12:43:56 -0800 (PST)
Received: from postfix6.intermedia.net ([127.0.0.1])
     by localhost (postfix6.intermedia.net [127.0.0.1]) (amavisd-new, port 10024)
     with ESMTP id 09503-10; Mon, 7 Feb 2005 12:43:54 -0800 (PST)
Received: from AMontpellier-152-1-6-245.w81-251.abo.wanadoo.fr (AMontpellier-152-1-6-245.w81-251.abo.wanadoo.fr [81.251.160.245])
     by postfix6.intermedia.net (Postfix) with SMTP id 4DEDB375C0;
     Mon, 7 Feb 2005 12:43:45 -0800 (PST)
Received: from televise.anu.viola.au ([75.221.216.253] helo=anu.vote.au)
     by smtp0.brian.co with esmtp
     id 1A5Ys6-347184-19
Message-ID: NCBwilliamsburgurgentAKEOAA.cowpunch.cheryl@cde.Com>
Sender: freeradius-devel-ktoqi@sister-hazel.com
X-Mailman-Version: 2.0.1
Date: Mon, 07 Feb 2005 14:37:31 -0600
From: "Roger Brooks" ktoqi@sister-hazel.com
To: papapump@optperformance.com
Subject: [SPAM] New Drug store Chester
X-Spam-Status: Yes, hits=14.145 tagged_above=-999 required=3
     tests=FORGED_RCVD_HELO, HELO_DYNAMIC_IPADDR, INFO_TLD, RCVD_IN_NJABL_DUL,
     RCVD_IN_SORBS_DUL, URIBL_AB_SURBL, URIBL_OB_SURBL, URIBL_SBL, URIBL_SC_SURBL,
     URIBL_WS_SURBL
X-Spam-Level: **************
X-Spam-Flag: YES


Refill Notification Ref: WQ-314471907701321

Dear papapump@optperformance.com,

Our automated system has identified that you most likely are ready to refill your
recent online pharmaceutical order.

To help you get your needed supply, we have sent this reminder notice.

Please use the refill system http://poise.m3dspective.info/?wid=100069 to obtain
your item in the quickest possible manner.

Thank you for your time and we look forward to assisting you.

Sincerely,

Roger Brooks




demiscible iq drug dsr aunt gx slosh kf afghan eic baptiste hy golly ktj accountant
qg june awj ossify vf
wrapup bk christendom ukz cleft naa furthermore kf georgetown isv repugnant fhx yak
nsk earsplitting jx

With sophistication beyond any other anti-spam system we check incoming email for over 10,000 criteria to give the best possible accuracy


CONTACT US

Unsurpassed Spam blocking for any email address published on a webpage. Monitored spam-bin minimises risks of losing wanted emails. Don't trust services where you do not know what mails you are losing! Don't trust anti-spam software which has to be downloaded onto your computer.

EMAIL BEFORE SPAM - ANTE-SPAM!

We aim to stop spam without stopping your business. If you don't have the services of an antispam spam blocking system, you are likely to waste hours per day in due course, viewing and deleting spam. The headache you will have, together with the speed at which you have to delete hundreds of emails, will mean that you delete your wanted emails by mistake. We block them before they get to you and we do so in a careful manner unlike any other anti-spam service.
Many anti-spam spam remedy services are crude and are capable of losing valuable business communications. Many people say "I don't need it - I have installed Product X on my computer" . . . but the reality is that if your existing solution is going to be effective for you, you'll have to waste thousands of hours re-inventing the wheel. Is your time you'll waste worth less than £70 per year?

In contrast to one-solution-fits all software you install on your machine or worse, buy from an ISP, we tailor our spam remedy service to the needs of our individual clients and our results benefit from years of research. You do not need to download software on your computer: we block the spam at our server.

ORDERING THE SERVICE

How much? Just £70 per year ($130 or 110EU) per address protected. Discounts for multiple addresses. Pay with Paypal, cheque or bank transfer.
We do the work to help you get on with your work.

If you want to buy maintained filter service to run on your version of SpamAssassin, please enquire: guide £4000 to £30,000 depending on the size of your organisation. They can save you this in problems your server will encounter running Bayes and large databases - and is much more accurate!
CONTACT US

script type="text/javascript">