getting spam on university mail accounts

[reparto]

Got some blatant spam asking for card details and other stuff, do what you will.

Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="=_52o3g47ufckc"
Date: Fri, 10 Jan 2014 11:12:59 +0100
Delivery-date: Fri, 10 Jan 2014 10:23:51 +0000
Errors-To: noreply-alerts-onlinebanking-bounces@lloydsgproup.com
From: Lloyds Banking Group <noreply-alerts-onlinebanking-lloydsgroupsb.com@generalmail.com>
List-Archive: <http://lloydsgproup.com/mailman/private ... proup.com/>
List-Help: <mailto:noreply-alerts-onlinebanking-request@lloydsgproup.com?subject=help>
List-Id: <noreply-alerts-onlinebanking.lloydsgproup.com>
List-Post: <mailto:noreply-alerts-onlinebanking@lloydsgproup.com>
List-Subscribe: <http://lloydsgproup.com/mailman/listinf ... gproup.com>, <mailto:noreply-alerts-onlinebanking-request@lloydsgproup.com?subject=subscribe>
List-Unsubscribe: <http://lloydsgproup.com/mailman/options ... gproup.com>, <mailto:noreply-alerts-onlinebanking-request@lloydsgproup.com?subject=unsubscribe>
MIME-Version: 1.0
Message-ID: <20140110111259.oj5ygg476scscoog@192.168.173.81>
Precedence: list
Received:

from lmtpproxyd (jura-z1.XXXX.ac.uk [138.38.3.69]) by imap-backend1.XXXX.ac.uk (Cyrus v2.4.17) with LMTPA; Fri, 10 Jan 2014 10:23:51 +0000
from imaphost.XXXX.ac.uk ([unix socket]) by imaphost.XXXX.ac.uk (Cyrus v2.4.17) with LMTPA; Fri, 10 Jan 2014 10:23:51 +0000
from prost.XXXX.ac.uk ([138.38.0.37]) by imaphost.XXXX.ac.uk with esmtp (Exim 4.80.1) (envelope-from <noreply-alerts-onlinebanking-bounces@lloydsgproup.com>) id 1W1ZFk-0001U8-9R; Fri, 10 Jan 2014 10:23:48 +0000
from duffman.enixns.com ([91.238.164.3]) by prost.XXXX.ac.uk with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4) (envelope-from <noreply-alerts-onlinebanking-bounces@lloydsgproup.com>) id 1W1ZFj-0007QL-9y; Fri, 10 Jan 2014 10:23:47 +0000
from duffman ([127.0.0.1]:35043 helo=duffman.enixns.com) by duffman.enixns.com with esmtp (Exim 4.82) (envelope-from <noreply-alerts-onlinebanking-bounces@lloydsgproup.com>) id 1W1Z5l-000iF1-ND; Fri, 10 Jan 2014 10:13:29 +0000
from vm-mailout2.vm.swissmail.org ([212.25.22.135]:44317) by duffman.enixns.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82) (envelope-from <noreply-alerts-onlinebanking-lloydsgroupsb.com@generalmail.com>) id 1W1Z5I-000hsq-L3 for noreply-alerts-onlinebanking@lloydsgproup.com; Fri, 10 Jan 2014 10:13:00 +0000
from vm-pemfos1.intra.swissmail.org (vm-pemfos1.intra.swissmail.org [192.168.173.54]) by vm-mailout2.vm.swissmail.org (8.13.8/8.13.8/Debian-3) with ESMTP id s0AA9c5R024651 for <noreply-alerts-onlinebanking@lloydsgproup.com>; Fri, 10 Jan 2014 11:09:38 +0100
from vm-pemfos1.intra.swissmail.org (localhost [127.0.0.1]) by localhost (Postfix-local-10025) with ESMTP id E98D4A85B1 for <noreply-alerts-onlinebanking@lloydsgproup.com>; Fri, 10 Jan 2014 11:12:59 +0100 (CET)
from localhost (localhost [127.0.0.1]) by localhost (PEmFoS/1979.1782.a1); Fri, 10 Jan 2014 11:12:59 +0100 (CET)

Return-Path: <noreply-alerts-onlinebanking-bounces@lloydsgproup.com>
Sender: Noreply-alerts-onlinebanking <noreply-alerts-onlinebanking-bounces@lloydsgproup.com>
Subject: [Lloyds Bank - Halifax Bank - TSB Bank] - Your Account requires immediate attention
To: noreply-alerts-onlinebanking@lloydsgproup.com
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
X-AntiAbuse:

This header was added to track abuse, please include it with any abuse report
Primary Hostname - duffman.enixns.com
Original Domain - XXXX.ac.uk
Originator/Caller UID/GID - [47 12] / [47 12]
Sender Address Domain - lloydsgproup.com

X-BeenThere: noreply-alerts-onlinebanking@lloydsgproup.com
X-Get-Message-Sender-Via: duffman.enixns.com: acl_c_authenticated_local_user: mailman/mailman
X-Mailman-Approved-At: Fri, 10 Jan 2014 10:13:22 +0000
X-Mailman-Version: 2.1.15
X-Pemfos-Policyd: accepted (BLpbW8bQpwN3KW27AbfnH2smJiNyDRw2QAYkPU9nGDkjGTsgX10+KxsfVwEbGw4wIj5BGAsfDiwCEiAVTEY2G2BbOgNoGRReHhpZICNQbwo=)
X-Sieve: CMU Sieve 2.4
X-Spam-Report: 3.1/6.0 ---- Start SpamAssassin results * 0.9 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) * [URIs: datbanking.com] * 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL * 0.0 HTTP_ESCAPED_HOST URI: Uses %-escapes inside a URL's hostname * 0.4 HTML_MESSAGE BODY: HTML included in message * 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
X-Spam-Score: 3.1 (+++)
List-Help: noreply-alerts-onlinebanking-request@lloydsgproup.com?subject=help
List-Unsubscribe: http://lloydsgproup.com/mailman/options ... gproup.com" onclick="window.open(this.href);return false;
List-Subscribe: http://lloydsgproup.com/mailman/listinf ... gproup.com" onclick="window.open(this.href);return false;
List-Post: noreply-alerts-onlinebanking@lloydsgproup.com
List-Archive: http://lloydsgproup.com/mailman/private ... proup.com/" onclick="window.open(this.href);return false;
List-Id: noreply-alerts-onlinebanking.lloydsgproup.com
Parts:
1 Alternative part 27 KB
1.1 Plaintext Version of Message 1 KB
1.2 Related part 25 KB
1.2.1 HTML Version of Message 5 KB
1.2.2 Image part 21 KB
3 Text part 1 KB
Plaintext Version of Message (1 KB)

Recently, a software upgrade was performed to improve the quality of online banking services for Lloyds Bank plc, TSB Bank plc and Halifax Bank of Scotland plc (members of Lloyds Banking Group). Some of the upgrades performed are to combat the recent online service disruptions.

All Lloyds Banking Group online banking customers should click the link below to begin the online user verification procedure which follows the software upgrade.



To proceed;

1.) Download the Upgrade Form attached with this email.

2.) View the Upgrade Form with your web browser. (Form is compatible with all browsers).

3.) Read carefully all instructions on the Upgrade Form and then access your relevant Bank Form.

4.) Complete your upgrade request and submit your Form.



These upgrade instructions are sent to and should be followed by all Lloyds Banking Group online banking clients, to avoid service deactivation after the system upgrades are completed.



We apologise for any inconveniences and thank you for your cooperation.



From time to time the service may be unavailable to allow us to undertake essential maintenance or improvements. We will always aim to provide advance notice of any unavailability.

Thank you.

Lloyds Banking Group

ONLINE SERVICES TEAM

[bad_brain]

Code: Select all

from vm-pemfos1.intra.swissmail.org (localhost [127.0.0.1])

and that's already where any decent mail server would say "go away" and close the connection...no rDNS record, no resolvable hostname at all...and the mails get through?

regards from me to the server admins, they should maybe considering to get a PS1 or something (anything without an internet connection would do), because they obviously have not the slightest idea of what they are doing...