HEX
Server: Apache
System: Linux zacp120.webway.host 4.18.0-553.50.1.lve.el8.x86_64 #1 SMP Thu Apr 17 19:10:24 UTC 2025 x86_64
User: govancoz (1003)
PHP: 8.3.26
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/govancoz/mail/.spam/new/
Upload Files
File: /home/govancoz/mail/.spam/new/1711599389.M437097P2319462.zacp120.ve.host,S=4662,W=4751
Return-Path: <noreply@govan.co.za>
Delivered-To: govancoz+spam@zacp120.ve.host
Received: from zacp120.ve.host
	by zacp120.ve.host with LMTP
	id KDifGR3vBGZmZCMAvcbEzQ
	(envelope-from <noreply@govan.co.za>)
	for <govancoz+spam@zacp120.ve.host>; Thu, 28 Mar 2024 06:16:29 +0200
Return-path: <noreply@govan.co.za>
Envelope-to: cheryl@govan.co.za
Delivery-date: Thu, 28 Mar 2024 06:16:29 +0200
Received: from [194.169.175.144] (port=52593 helo=govan.co.za)
	by zacp120.ve.host with esmtp (Exim 4.96.2)
	(envelope-from <noreply@govan.co.za>)
	id 1rphBj-009jU2-0L
	for cheryl@govan.co.za;
	Thu, 28 Mar 2024 06:16:29 +0200
From: noreply@govan.co.za
To: cheryl@govan.co.za
Date: 27 Mar 2024 21:15:43 -0700
Message-ID: <20240327211543.5F4E57BEEB849939@govan.co.za>
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: Yes, score=23.7
X-Spam-Score: 237
X-Spam-Bar: +++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "zacp120.ve.host",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Dear cheryl, Your account cheryl@govan.co.za will expire
   today. In order to avoid disruption to your website, email, and any other
   associated services. Follow instruction below to resolve now. RESOLVE ISSUE
    NOW 
 Content analysis details:   (23.7 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  3.6 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                             [194.169.175.144 listed in zen.spamhaus.org]
  4.7 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
  1.5 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  1.5 SPF_HELO_SOFTFAIL      SPF: HELO does not match SPF record (softfail)
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  2.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                             [cf: 100]
  1.7 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: govan.co.za]
  0.0 URIBL_PH_SURBL         Contains an URL listed in the PH SURBL blocklist
                             [URIs: amdev.ca]
  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
                             bl.spamcop.net
             [Blocked - see <https://www.spamcop.net/bl.shtml?194.169.175.144>]
  1.3 RCVD_IN_VALIDITY_RPBL  RBL: Relay in Validity RPBL,
                             https://senderscore.org/blocklistlookup/
                           [194.169.175.144 listed in bl.score.senderscore.com]
  2.0 RDNS_NONE              Delivered to internal network by a host with no rDNS
  0.2 KAM_DMARC_NONE         DKIM has Failed or SPF has failed on the message
                             and the domain has no DMARC policy
  0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                             Alignment
  0.0 FSL_BULK_SIG           Bulk signature with no Unsubscribe
  2.0 MIXED_HREF_CASE        Has href in mixed case
  1.3 TO_NO_BRKTS_NORDNS_HTML To: lacks brackets and no rDNS and HTML
                             only
X-Spam-Flag: YES
Subject:  ***SPAM***  Critical security alert for govan.co.za

<HTML><HEAD>
<META content=3D"text/html; charset=3Dwindows-1252" http-equiv=3DContent-Ty=
pe>
<META name=3DGENERATOR content=3D"MSHTML 11.00.10570.1001"></HEAD>
<BODY>
<H3 align=3Dleft>Dear &nbsp;<FONT color=3Dblue><FONT color=3D#000000>cheryl=
,</FONT> </FONT><BR><BR>Your account <FONT color=3D#4e34cb>cheryl@govan.co.=
za</FONT> will expire today. In order to avoid disruption to your website, =
email, and any other associated services. Follow&nbsp; instruction below to=
 resolve now. <BR><BR><A href=3D"https://dev.amdev.ca/papb/General 2022/ind=
ex.html#cheryl@govan.co.za"><U><SPAN style=3D"BACKGROUND-COLOR: #ffff00"><F=
ONT color=3D#0101df>RESOLVE ISSUE NOW</FONT> </SPAN></U></A><BR><BR>
Sincerely, <BR><BR><FONT color=3D#0404b4><FONT color=3D#000000>&copy; govan=
=2Eco.za Security Team</FONT></H3></FONT></FONT>
<H3>&nbsp;</H3></BODY></HTML>
@ Telegram