> Hello, > > Today a spam message from livingsocial.com got through. It was sent to > a > honey pot address (e.g. not used for legitimate mail). I don't even > have > an account with livingsocial.com. This spam message would have been > caught had SA not credited it -5 points with two RP rules: > > RCVD_IN_RP_CERTIFIED=-3 > RCVD_IN_RP_SAFE=-2 > > I've overridden the scores for the above tests in my SA configuration, > but wanted to report this so it might benefit others. > > Thanks, > Alain
I have this in my local.cf: score RCVD_IN_RP_CERTIFIED -0.5 score RCVD_IN_RP_SAFE -0.001 Besides, I don't really like these whitelisting services. I even changed the sign to scores related to one of them... ;) Giampaolo > > P.S. Here's the spam message: > > Return-Path: <repl...@bounces.livingsocial.com> > Received: from [REMOVED] ([unix socket]) > by [REMOVED] (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; > Sat, 27 Apr 2013 01:48:01 -0700 > X-Sieve: CMU Sieve 2.2 > Received: from localhost (localhost [127.0.0.1]) > by [REMOVED] (Postfix) with ESMTP id 51ED157ADB > for <[REMOVED]>; Sat, 27 Apr 2013 01:48:01 -0700 (PDT) > X-Virus-Scanned: Debian amavisd-new at [REMOVED] > X-Spam-Flag: NO > X-Spam-Score: -2.277 > X-Spam-Level: > X-Spam-Status: No, score=-2.277 required=4 tests=[BAYES_05=-3, > DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, > MIME_HTML_ONLY_MULTI=0.001, MPART_ALT_DIFF=0.79, MXCOW_SPAMTRAP=4.1, > RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_RP_CERTIFIED=-3, > RCVD_IN_RP_SAFE=-2, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, > T_DKIM_INVALID=0.01] autolearn=no > Received: from [REMOVED] ([127.0.0.1]) > by localhost ([REMOVED] [127.0.0.1]) (amavisd-new, port 10024) > with ESMTP id 9d1f7y+swmdQ for <[REMOVED]>; > Sat, 27 Apr 2013 01:47:57 -0700 (PDT) > Received: from mta-34c9.livingsocial.com (mta-34c9.livingsocial.com > [199.91.52.201]) > by [REMOVED] (Postfix) with ESMTP id 3F84757ADA > for <[REMOVED]>; Sat, 27 Apr 2013 01:47:57 -0700 (PDT) > DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=ls3; > d=livingsocial.com; > h=Date:List-Unsubscribe:from:To:Message-ID:Subject:MIME- > Version:Content-Type; > bh=MeSEhi/r/Te6TwcICMCrN+cn7RI=; > b=q6eqSXDJtFSpF31Wb9TlDte5QIjEuc7Kxjo56psPTu6fKHshnyyzsyzJz38BRtdXAzOl+ > dwcKzst > 9L2zaRYhdF+WXOSy0IKdZyedIjJ7qxiCCoJ37/uv64ky4EzSy1X7s10n9s0j4G/kpZN3Z2e > 1z5uo > 3f/CDVsk2IJReXPVnC0= > Received: from app-mail02.iad.livingsocial.net (172.17.4.94) by > mta-34c9.livingsocial.com id hfe8bq1ilg0v for <[REMOVED]>; Sat, 27 Apr > 2013 08:45:22 +0000 (envelope-from <repl...@bounces.livingsocial.com>) > Date: Sat, 27 Apr 2013 08:45:22 +0000 > X-MSFBL: > c3BtdHJwQGFrNGxpZmUuY29tQGJpbmRpbmdAYmluZGluZ19ncm91cEBnX044VlVKMThGQjB > FTTc0OEJVVlA5VlVQNDlRMkgwODRJUEMzUUZQMlRJUjVUR0VUSjVKVUc9PT09 > X-score: 1 > X-Ls-Send-Id: > g_N8VUJ18FB0EM748BUVP9VUP49Q2H084IPC3QFP2TIR5TGETJ5JUG==== > X-Mailer: Syringe 1.0.0 > List-Unsubscribe: > <mailto:unsubscribe- > g_N8VUJ18FB0EM748BUVP9VUP49Q2H084IPC3QFP2TIR5TGETJ5JUG====@bounces.livi > ngsocial.com> > from: LivingSocial <upda...@livingsocial.com> > To: [REMOVED] > Message-ID: > <898585605.1019.1367052321169.JavaMail.dobby@app- > mail02.iad.livingsocial.net> > Subject: An important update on your LivingSocial.com account > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_Part_1017_1518702247.1367052321167" > reply_to: norepl...@livingsocial.com > x-avocado-domain: hungrymachine.com > x-ls-priority: whale > > ------=_Part_1017_1518702247.1367052321167 > Content-Type: text/html; charset=utf-8 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";> > <html> > <head> > <title>Important Information</title> > <style type="text/css"> > body { width: 100% !important; } > .appleDevice a, .ii a, .ReadMsgBody a {color:#1D81C1; text- > decoration:none;} > #header img {color:#f1c52c;} > /* mobile styles */ > @media only screen and (max-device-width: 480px) { > table[class="container"], > table[class="main_container"], > td[class="main_content"], td[class="main_content"] p, > td[class="footer_container"], td[class="footer_content"] { width: 100% > !important;} > > td[class="inner_container"] { padding: 10px 0px !important;} > > td[class="main_content"], td[class="main_content"] p { font-size: 24px > !important;} > td[class="header_headline"] { font-size: 30px !important;} > td[class="footer_content"], td[class="footer_content"] p { font-size: > 16px !important;} > > /* deal info blocks */ > td[class="deal_image_container"] { width: 130px !important;} > td[class="deal_info_container"] { padding-right: 10px !important; > padding-left: 10px !important; width: 100% !important; } > img[class="deal_image"] { height: 186px !important; width: 130px > !important; } > a[class="deal_merchant"] { font-size: 24px !important; } > span[class="deal_title"] {font-size: 20px !important; } > p[class="deal_description"] { font-size: 18px !important; } > > td[class="button_container"] { height: 60px !important; margin: 10px > 0px > 0px 0px !important; width: 100% !important; } > td[class="button"] { > background-color: #58cef9 !important; > background-image: -webkit-gradient(linear, left top, left bottom, > color-stop(0%, #58cef9), color-stop(100%, #3eabd6)) !important; > background-image: -webkit-linear-gradient(top, #58cef9, #3eabd6) > !important; > background-image: -moz-linear-gradient(top, #58cef9, #3eabd6) > !important; > background-image: -ms-linear-gradient(top, #58cef9, #3eabd6) > !important; > background-image: -o-linear-gradient(top, #58cef9, #3eabd6) !important; > background-image: linear-gradient(top, #58cef9, #3eabd6) !important; > -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; > -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; > -ms-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; > -o-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; > box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.4) !important; > -webkit-border-radius: 4px !important; > -moz-border-radius: 4px !important; > -ms-border-radius: 4px !important; > -o-border-radius: 4px !important; > border-radius: 4px !important; > border: 1px solid #298eb6 !important; > color: white !important; > display: inherit !important; > display: -moz-inline-box !important; > -moz-box-orient: vertical !important; > display: inline-block !important; > font: 22px/100% "arial rounded mt bold", helvetica, arial, sans-serif > !important; > line-height: 18px !important; > padding: 10px 15px !important; > outline: none !important; > text-align: center !important; > text-decoration: none !important; > text-transform: lowercase !important; > vertical-align: baseline !important; > zoom: 1 !important; > *display: inline !important; > *margin-left: .3em !important; > *vertical-align: auto !important; > } > > div[class="online-redemption"] { width: 98% !important; } > div[class="online-redemption"] div[class="or_deal_img_title"] { margin: > 0px; padding: 0px; } > div[class="online-redemption"] div[class="or_deal_image_container"] { > display: none !important; } > div[class="online-redemption"] div[class="or_deal_image_container"] > img[class="deal_image"] { display: none !important; } > div[class="online-redemption"] div[class="or_deal_img_title"] > div[class="or_deal_title"] h2 { font-size: 24px !important; > margin-bottom: 5px !important; } > div[class="online-redemption"] div[class="or_deal_img_title"] > div[class="expiration-notice"] { font-size: 14px !important; } > > div[class="online-redemption"] ol[class="or_redemption_instructions"] { > margin-left: 10px !important; } > div[class="online-redemption"] ol[class="or_redemption_instructions"] > li[class="instruction_steps"] { margin-bottom: 10px !important;} > div[class="online-redemption"] ol[class="or_redemption_instructions"] > li[class="instruction_steps"] img { max-width: 300px !important; > margin: > 0px !important; padding: 15px 0px !important;} > div[class="online-redemption"] > div[class="or_redemption_code_container"] > h3 { font-size: 20px !important; } > div[class="online-redemption"] > div[class="or_redemption_code_container"] > div[class="or_redemption_code"] { margin: 0px !important; padding: 5px > 0px !important;} > div[class="online-redemption"] > div[class="or_redemption_code_container"] > h2 { font-size: 20px !important; padding-left: 0px !important;} > } > > </style> > </head> > <body style="padding: 0; margin: 0; background-color: #262626;"> > <table bgcolor="#262626" border="0" cellspacing="0" cellpadding="0" > id="newsletter" width="100%"> > <tbody> > <tr> > <td style="padding-top: 10px; vertical-align: top;"> > <table align="center" border="0" cellspacing="0" cellpadding="0" > width="600" class="container"> > <tbody> > <tr> > <td class="inner_container" style="padding-top: 10px; padding-right: > 10px; padding-bottom: 10px; padding-left: 10px; vertical-align: top;"> > <table border="0" cellspacing="0" cellpadding="0" width="600" > class="main_container"> > <tbody> > <tr> > <td colspan="2" width="600" align="center" > style="color:#f0f0f0;font-family:helvetica,arial,sans-serif;font- > size:11px"><p > style="margin:0px;padding:0px 0px 10px 0px;color:#999999"> LivingSocial > Account Update <br /><span style="font-style:italic">You are receiving > this message based on your relationship with LivingSocial, even though > you may have previously unsubscribed. If you have unsubscribed you will > not receive any other messages from us.</span></p></td> > </tr> > <tr> > <td id="header" style="vertical-align: bottom; padding-bottom:10px;"> > <img > src="http://a4.ak.lscdn.net/imgs/8b538ad9-933a-41d8-89fb-59570b5e4f9d"; > style="border:none;" alt="LivingSocial" width="112" height="42" /> > </td> > </tr> > <tr> > <td class="header_headline" style="color: #ffffff; font-family: 'Arial > Rounded MT Bold', Helvetica, Arial, sans-serif; font-size: 40px; > font-weight: bold;"> </td> > </tr> > <tr> > <td bgcolor="#ffffff" class="main_content" style="border: 1px solid > #d6d6d6; color: #666666; font-family: Helvetica, Arial, sans-serif; > font-size: 14px; padding:20px; vertical-align: top;"> > <table width="600" border="0" cellpadding="0" cellspacing="0"> > <tbody> > <tr> > <td colspan="2" valign="top" style="padding-right: 20px;"> <p > style="font-family: 'arial rounded mt bold', helvetica, arial, > sans-serif; margin-top: 0px; color: #262626; font-size: 18px;"> > IMPORTANT INFORMATION<br /></p> <p style="color: #373332; font-family: > helvetica, arial, sans-serif; font-size: 12px; line-height: > 140%;">LivingSocial recently experienced a cyber-attack on our computer > systems that resulted in unauthorized access to some customer data from > our servers. We are actively working with law enforcement to > investigate > this issue. </p> <p style="color: #373332; font-family: helvetica, > arial, sans-serif; font-size: 12px; line-height: 140%;">The information > accessed includes names, email addresses, date of birth for some users, > and encrypted passwords -- technically 'hashed' and 'salted' passwords. > We never store passwords in plain text.</p> <p style="color: #373332; > font-family: helvetica, arial, sans-serif; font-size: 12px; line- > height: 14 > 0%;">Two things you should know: </p> > <ol style="color: #373332; font-family: helvetica, arial, sans-serif; > font-size: 12px; line-height: 140%;"> > <li>The database that stores customer credit card information was not > affected or accessed.</li> > <li>If you connect to LivingSocial using Facebook Connect, your > Facebook > credentials were not compromised.</li> > </ol> <span style="color: #373332; font-family: helvetica, arial, > sans-serif; font-size: 12px; line-height: 140%;">You do not need to > take > any action at this time, but we wanted to be sure you were fully > informed of what happened.</span><p></p> <p style="color: #373332; > font-family: helvetica, arial, sans-serif; font-size: 12px; line- > height: > 140%;"><strong>The security of your information is our > priority.</strong> We always strive to ensure the security of our > customer information, and we are redoubling efforts to prevent any > issues in the future.</p> <p style="color: #373332; font-family: > helvetica, arial, sans-serif; font-size: 12px; line-height: > 140%;">Please note that LivingSocial will never ask you directly for > personal or account information in an email. We will always direct you > to the LivingSocial website - and require you to login - before making > any changes to your account. Please disregard any emails claiming to be > from LivingSocial that requ > est such information or direct you to a website that asks for such > information.</p> <p style="color: #373332; font-family: helvetica, > arial, sans-serif; font-size: 12px; line-height: 140%;">If you have > additional questions about this process, the "Create New > Password" button on LivingSocial.com will direct you to a page > that > has instructions on creating a new password and answers to frequently > asked questions. </p> <p style="color: #373332; font-family: helvetica, > arial, sans-serif; font-size: 12px; line-height: 140%;">We are sorry > this incident occurred, and we look forward to continuing to introduce > you to new and exciting things to do in your community.</p> <p > style="color: #373332; font-family: helvetica, arial, sans-serif; > font-size: 12px; line-height: 140%;">Sincerely, <br />Tim > O'Shaughnessy, > CEO</p> </td> > </tr> > </tbody> > </table> </td> > </tr> > </tbody> > </table> <br /> > <table width="600" class="footer_container"> > <tbody> > <tr> > <td class="footer_content" style="font-size: 10px; > padding:20px;font-family: Helvetica, Arial, sans-serif; color:#d1d1d1; > text-align:center;"> <p style="margin-bottom:10px;"> This message was > sent by LivingSocial, 1445 New York Ave NW, Suite 200, Washington, DC > 20005. </p> <p style="margin-bottom: 0"> You are receiving this email > because you have an existing relationship with > http://www.livingsocial.com/. </p> </td> > </tr> > </tbody> > </table> > <!-- end footer_container --> </td> > </tr> > </tbody> > </table> > <!-- end container --> </td> > </tr> > </tbody> > </table> > <img height="0" width="0" border="0" alt="" > src="http://t.livingsocial.com/track/g_N8VUJ18FB0EM748BUVP9VUP49Q2H084I > PC3QFP2TIR5TGETJ5JUG====" > /> > </body> > </html> > ------=_Part_1017_1518702247.1367052321167--
