Viruswelle von "kreditoren at dertour.de"

Max Grobecker max.grobecker at ml.grobecker.info
Mi Dez 9 22:18:52 CET 2015 

Ola!


Am 09.12.2015 um 14:44 schrieb Uwe Drießen:

> Hat mal jemand Header von solchen Mails 
> 
> Bei mich sind scheinbar noch keine in welcher Art auch immer durch Log
> geflogen 

Ich habe hier zwei liegen:


------------------------------------------------------------------------------------------
Return-Path: <MeierHans140 at remont-fotocamer.ru>
Received: from localhost (localhost [127.0.0.1])
	by mx0.301-moved.de (GrobiSuperMail) with ESMTP id 3pFFRD02gFzB11M
	for <x>; Tue,  8 Dec 2015 09:43:51 +0100 (CET)
X-Virus-Scanned: Mailfilter on mx0.301-moved.de
X-Spam-Flag: NO
X-Spam-Score: 2.843
X-Spam-Level: **
X-Spam-Status: No, score=2.843 tagged_above=-99 required=5.3
	tests=[BAYES_00=-1.9, RCVD_IN_BL_SPAMCOP_NET=1.347,
	RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_XBL=0.375, RDNS_NONE=0.793,
	SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mx0.301-moved.de ([127.0.0.1])
	by localhost (mx0.301-moved.de [127.144.138.238]) (amavisd-new, port 10024)
	with ESMTP id NB1c4SfhpVZC for <x>;
	Tue,  8 Dec 2015 09:43:51 +0100 (CET)
Received: from [49.156.156.41] (unknown [49.156.156.41])
	by mx0.301-moved.de (GrobiSuperMail) with ESMTP
	for <x>; Tue,  8 Dec 2015 09:43:27 +0100 (CET)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_922055094809325879614"
Date: Tue, 08 Dec 2015 14:13:31 +0530
From: Hans Meier <MeierHans140 at remont-fotocamer.ru>
To: x
Subject: =?UTF-8?B?UmVjaG51bmcgNDY5NTIzMTUgdm9tIDA3LjEyLjIwMTU=?=
X-Id_client: 85616714
X-Mailer: MIME::Lite 3.027 (F2.77; T1.30; A2.06; B3.08; Q3.08)
X-AV-Checked: clean on av10
Message-Id: <20150812141331.40F4CA786E3 at x>

This is a multi-part message in MIME format.

--_----------=_922055094809325879614
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Hallo,

als Anhang finden Sie die Rechnung 46952315 vom 07.12.2015.

Nettosumme: 325,00
MwSt: 19,00
Bruttosumme: 386,75

Mit freundlichen Grüßen
Hans Meier

------------------------------------------------------------------------------------------




------------------------------------------------------------------------------------------
Return-Path: <SchulteWenzel87353 at tallinnwindowsdoors.ca>
Received: from localhost (localhost [127.0.0.1])
	by mx0.301-moved.de (GrobiSuperMail) with ESMTP id 3pFMLy5s7WzB1Hy
	for <x>; Tue,  8 Dec 2015 14:10:34 +0100 (CET)
X-Virus-Scanned: Mailfilter on mx0.301-moved.de
X-Spam-Flag: NO
X-Spam-Score: 3.382
X-Spam-Level: ***
X-Spam-Status: No, score=3.382 tagged_above=-99 required=5.3
	tests=[BAYES_00=-1.9, RCVD_IN_PBL=3.335, RCVD_IN_XBL=0.375,
	RDNS_NONE=0.793, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mx0.301-moved.de ([127.0.0.1])
	by localhost (mx0.301-moved.de [127.144.138.238]) (amavisd-new, port 10024)
	with ESMTP id AEX9oRCL1QDb for <x>;
	Tue,  8 Dec 2015 14:10:33 +0100 (CET)
Received: from [39.33.33.36] (unknown [39.33.33.36])
	by mx0.301-moved.de (GrobiSuperMail) with ESMTP
	for <x>; Tue,  8 Dec 2015 14:10:25 +0100 (CET)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_427526494477774699324"
Date: Tue, 08 Dec 2015 05:10:21 -0700
From: Wenzel Schulte <SchulteWenzel87353 at tallinnwindowsdoors.ca>
To: x
Subject: =?UTF-8?B?QVc6IEZlaGxlbmRlIFJlY2hudW5n?=
X-Id_client: 10617745
X-Mailer: MIME::Lite 3.027 (F2.77; T1.30; A2.06; B3.08; Q3.08)
X-AV-Checked: clean on av10
Message-Id: <20150812051021.178EB66ADE0 at x>

This is a multi-part message in MIME format.

--_----------=_427526494477774699324
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

    Guten Morgen,
	 

	anbei erhalten Sie die gewünschte Rechnung 50852532.

	 

	Mit freundlichem Gruß

	 

	Wenzel Schulte
	-Aussendienst Backoffice-
	<echte firma> GmbH
	Siemensstr. 23
	D-42551 Velbert
------------------------------------------------------------------------------------------

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 819 bytes
Beschreibung: OpenPGP digital signature
URL         : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20151209/b546e06a/attachment.asc>

Mehr Informationen über die Mailingliste Postfixbuch-users