[SAC] [OSGeo] #1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or board

OSGeoTrac · August 26, 2015, 6:28am

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+-------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
Envelope-To: bartvde@osgis.nl
X-Antiabuse: This header was added to track abuse, please include it with
any abuse report
X-Antiabuse: Primary Hostname - mx12.loverhearts.com
X-Antiabuse: Original Domain - osgis.nl
X-Antiabuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-Antiabuse: Sender Address Domain - loverhearts.com
In-Reply-To: <473E3550-36FC-4DC9-8B94-8525D50B3588@osgis.nl>
Return-Path: <julie70622@loverhearts.com>
Mime-Version: 1.0
X-Virus-Scanned: Clear (ClamAV 0.98.5/20836/Tue Aug 25 22:51:25 2015)
X-Priority: 3 (Normal)
Message-Id: <22099b5fb5ce1e39b582c36a2fe32ba2@leadrace.biz>
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=loverhearts.com; s=default; h=References:In-Reply-To:Content-Transfer-
Encoding:Content-Type:MIME-Version:To:Reply-To:From:Subject:Date:Message-
ID; bh=/df1EM6z7sse98QYSgU4somupBh2YrDa0q+QG0PINGM=;
b=dJKpHTYTrLPsE/WKyfd9Hu5lWTksz3C+VAiMUbODP45bVTBxFkcmhcnQGDqUU2lp/svznK9VZJ1NvCICFX8Vo1oKXBG0MiONWcxOut6kXBqhj60Nh6r2zjWteTTI5iWXpcmQIT4s72fMd9q8ePJlGsa6Arko8Fnj8CXpoOZarxU=;
Delivery-Date: Wed, 26 Aug 2015 05:06:23 +0200
X-Get-Message-Sender-Via: mx12.loverhearts.com: authenticated_id:
julie@loverhearts.com
Content-Transfer-Encoding: quoted-printable
References: <473E3550-36FC-4DC9-8B94-8525D50B3588@osgis.nl>
Content-Type: multipart/mixed;
boundary="_=_swift_v4_1440558369_2afe50087a4c7bdc8af7cefba5fe540b_=_"
X-Spam-Score: 1.6 (+)
Delivered-To: osgisa-bartvde@osgis.nl
Received: from [104.236.255.68] (helo=mx12.loverhearts.com) by www270
.your-server.de with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim
4.80.1) (envelope-from <julie70622@loverhearts.com>) id 1ZUR2Y-0004hm-RO
for bartvde@osgis.nl; Wed, 26 Aug 2015 05:06:23 +0200
Received: from [155.94.64.78] (port=54935 helo=leadrace.biz) by
mx12.loverhearts.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.85) (envelope-from <julie70622@loverhearts.com>) id 1ZUR2N-0006FP-
UP for bartvde@osgis.nl; Tue, 25 Aug 2015 23:06:08 -0400
Re: [OSGeo-Conf] Board Digest, Vol 107, Issue 16

Hey Bart,I am willing to meet up with you just as long as you can prove to
me that you aren't going to do anything crazy. You just need to go along
to this site Unlock phone number Click Here check out my picture and do
the date security verification…then call/text me after that.I've asked you
nicely what I need you to do to ensure my safety.I have a healthy
conscious about meeting a stranger online Bart Eijnden without doing this
first.There has been multiple women attacked and murdered from Bart
Eijndenguys on cl, I can't take risk until u verify. If you can’t do that
simple thing then I’m sure as not going to have s e x with you. I am
sorry. Take care......

Thanks

Julie Anna
Send via iPhone

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · August 26, 2015, 6:29am

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+--------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by bartvde):

Is this e-mail address subscribed to any of those lists by any chance? Or
what else might be going on?

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · August 26, 2015, 6:44am

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+--------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Description changed by warmerdam:

Old description:

Envelope-To: bartvde@osgis.nl
X-Antiabuse: This header was added to track abuse, please include it with
any abuse report
X-Antiabuse: Primary Hostname - mx12.loverhearts.com
X-Antiabuse: Original Domain - osgis.nl
X-Antiabuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-Antiabuse: Sender Address Domain - loverhearts.com
In-Reply-To: <473E3550-36FC-4DC9-8B94-8525D50B3588@osgis.nl>
Return-Path: <julie70622@loverhearts.com>
Mime-Version: 1.0
X-Virus-Scanned: Clear (ClamAV 0.98.5/20836/Tue Aug 25 22:51:25 2015)
X-Priority: 3 (Normal)
Message-Id: <22099b5fb5ce1e39b582c36a2fe32ba2@leadrace.biz>
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=loverhearts.com; s=default; h=References:In-Reply-To:Content-Transfer-
Encoding:Content-Type:MIME-Version:To:Reply-To:From:Subject:Date:Message-
ID; bh=/df1EM6z7sse98QYSgU4somupBh2YrDa0q+QG0PINGM=;
b=dJKpHTYTrLPsE/WKyfd9Hu5lWTksz3C+VAiMUbODP45bVTBxFkcmhcnQGDqUU2lp/svznK9VZJ1NvCICFX8Vo1oKXBG0MiONWcxOut6kXBqhj60Nh6r2zjWteTTI5iWXpcmQIT4s72fMd9q8ePJlGsa6Arko8Fnj8CXpoOZarxU=;
Delivery-Date: Wed, 26 Aug 2015 05:06:23 +0200
X-Get-Message-Sender-Via: mx12.loverhearts.com: authenticated_id:
julie@loverhearts.com
Content-Transfer-Encoding: quoted-printable
References: <473E3550-36FC-4DC9-8B94-8525D50B3588@osgis.nl>
Content-Type: multipart/mixed;
boundary="_=_swift_v4_1440558369_2afe50087a4c7bdc8af7cefba5fe540b_=_"
X-Spam-Score: 1.6 (+)
Delivered-To: osgisa-bartvde@osgis.nl
Received: from [104.236.255.68] (helo=mx12.loverhearts.com) by www270
.your-server.de with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim
4.80.1) (envelope-from <julie70622@loverhearts.com>) id 1ZUR2Y-0004hm-RO
for bartvde@osgis.nl; Wed, 26 Aug 2015 05:06:23 +0200
Received: from [155.94.64.78] (port=54935 helo=leadrace.biz) by
mx12.loverhearts.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.85) (envelope-from <julie70622@loverhearts.com>) id 1ZUR2N-
0006FP-UP for bartvde@osgis.nl; Tue, 25 Aug 2015 23:06:08 -0400
Re: [OSGeo-Conf] Board Digest, Vol 107, Issue 16

Hey Bart,I am willing to meet up with you just as long as you can prove
to me that you aren't going to do anything crazy. You just need to go
along to this site Unlock phone number Click Here check out my picture
and do the date security verification…then call/text me after that.I've
asked you nicely what I need you to do to ensure my safety.I have a
healthy conscious about meeting a stranger online Bart Eijnden without
doing this first.There has been multiple women attacked and murdered from
Bart Eijndenguys on cl, I can't take risk until u verify. If you can’t do
that simple thing then I’m sure as not going to have s e x with you. I am
sorry. Take care......

Thanks

Julie Anna
Send via iPhone

New description:

{{{
Envelope-To: bartvde@osgis.nl
X-Antiabuse: This header was added to track abuse, please include it with
any abuse report
X-Antiabuse: Primary Hostname - mx12.loverhearts.com
X-Antiabuse: Original Domain - osgis.nl
X-Antiabuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-Antiabuse: Sender Address Domain - loverhearts.com
In-Reply-To: <473E3550-36FC-4DC9-8B94-8525D50B3588@osgis.nl>
Return-Path: <julie70622@loverhearts.com>
Mime-Version: 1.0
X-Virus-Scanned: Clear (ClamAV 0.98.5/20836/Tue Aug 25 22:51:25 2015)
X-Priority: 3 (Normal)
Message-Id: <22099b5fb5ce1e39b582c36a2fe32ba2@leadrace.biz>
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=loverhearts.com; s=default; h=References:In-Reply-To:Content-Transfer-
Encoding:Content-Type:MIME-Version:To:Reply-To:From:Subject:Date:Message-
ID; bh=/df1EM6z7sse98QYSgU4somupBh2YrDa0q+QG0PINGM=;
b=dJKpHTYTrLPsE/WKyfd9Hu5lWTksz3C+VAiMUbODP45bVTBxFkcmhcnQGDqUU2lp/svznK9VZJ1NvCICFX8Vo1oKXBG0MiONWcxOut6kXBqhj60Nh6r2zjWteTTI5iWXpcmQIT4s72fMd9q8ePJlGsa6Arko8Fnj8CXpoOZarxU=;
Delivery-Date: Wed, 26 Aug 2015 05:06:23 +0200
X-Get-Message-Sender-Via: mx12.loverhearts.com: authenticated_id:
julie@loverhearts.com
Content-Transfer-Encoding: quoted-printable
References: <473E3550-36FC-4DC9-8B94-8525D50B3588@osgis.nl>
Content-Type: multipart/mixed;
boundary="_=_swift_v4_1440558369_2afe50087a4c7bdc8af7cefba5fe540b_=_"
X-Spam-Score: 1.6 (+)
Delivered-To: osgisa-bartvde@osgis.nl
Received: from [104.236.255.68] (helo=mx12.loverhearts.com) by www270
.your-server.de with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim
4.80.1) (envelope-from <julie70622@loverhearts.com>) id 1ZUR2Y-0004hm-RO
for bartvde@osgis.nl; Wed, 26 Aug 2015 05:06:23 +0200
Received: from [155.94.64.78] (port=54935 helo=leadrace.biz) by
mx12.loverhearts.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.85) (envelope-from <julie70622@loverhearts.com>) id 1ZUR2N-0006FP-
UP for bartvde@osgis.nl; Tue, 25 Aug 2015 23:06:08 -0400
Re: [OSGeo-Conf] Board Digest, Vol 107, Issue 16

Hey Bart,I am willing to meet up with you just as long as you can prove to
me that you aren't going to do anything crazy. You just need to go along
to this site Unlock phone number Click Here check out my picture and do
the date security verification…then call/text me after that.I've asked you
nicely what I need you to do to ensure my safety.I have a healthy
conscious about meeting a stranger online Bart Eijnden without doing this
first.There has been multiple women attacked and murdered from Bart
Eijndenguys on cl, I can't take risk until u verify. If you can’t do that
simple thing then I’m sure as not going to have s e x with you. I am
sorry. Take care......

Thanks

Julie Anna
Send via iPhone
}}}

--

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · August 26, 2015, 6:46am

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+--------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by warmerdam):

Bart,

I'm not seeing any sign of someone from loverhearts.com signed up to this
list. I'm not sure about how to do a cross-list search. The email
headers don't seem to suggest the email went through OSGeo mail servers,
so it would appear they are just doing a minimal masquerade as being from
our list by spoofing the subject line.

I'm not sure that we can do anything about this.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · August 26, 2015, 3:10pm

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+--------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by msmitherdc):

I just got a similar kind of message as Bart when replying to a board
motion.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532#comment:4>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · August 26, 2015, 3:47pm

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+--------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by jmckenna):

If you do a "whois" on the loverhearts domain you can see the email
address connected to it, and then do a Google search and you can see that
this person is attached to many scams. (that address is not a member of
the board or conference-dev lists)

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532#comment:5>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · August 26, 2015, 5:15pm

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+--------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by EliL):

Replying to [comment:3 warmerdam]:
> Bart,
>
> I'm not seeing any sign of someone from loverhearts.com signed up to
this list. I'm not sure about how to do a cross-list search. The email
headers don't seem to suggest the email went through OSGeo mail servers,
so it would appear they are just doing a minimal masquerade as being from
our list by spoofing the subject line.
>
> I'm not sure that we can do anything about this.

Is the list of subscribers an appropriate number? I would expect both the
Board and Conference list to have fewer than 200 members, most of which
would be recognizable email addresses. And probably not too many recent
subscription joins.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · August 26, 2015, 5:23pm

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+--------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by EliL):

This may also just be a temporary clever (subject line matching) result of
our public archives that will work itself out as email providers stop
letting matching subject lines through. A minimal look at the content of
the email makes it quite clearly spam.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532#comment:7>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · August 26, 2015, 6:00pm

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+--------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by jmckenna):

I don't see anyone suspicious. Other than 0az(dot)post(at)blogger(dot)com
which I guess is valid.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532#comment:8>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · August 27, 2015, 8:12pm

#1532: getting spam sexual e-mail which seems to be replies from osgeo-conf or
board
---------------------------+--------------------
Reporter: bartvde | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by neteler):

Ok I also got one now and checked on mail.osgeo.org:

{{{
mail:/var/log# grep 104.236.231.253 mail.log
Aug 27 10:42:06 mail postfix/smtpd[18471]: warning: hostname
mx1.meetmeloves.com does not resolve to address 104.236.231.253
Aug 27 10:42:06 mail postfix/smtpd[18471]: connect from
unknown[104.236.231.253]
Aug 27 10:42:06 mail postgrey[2048]: action=greylist, reason=new,
client_name=unknown, client_address=104.236.231.253,
sender=bouncereply+neteler=osgeo.org@meetmeloves.com,
recipient=neteler@osgeo.org
Aug 27 10:42:06 mail postfix/smtpd[18471]: NOQUEUE: reject: RCPT from
unknown[104.236.231.253]: 450 4.2.0 <neteler@osgeo.org>: Recipient address
rejected: Greylisted, see
http://postgrey.schweikert.ch/help/osgeo.org.html;
from=<bouncereply+neteler=osgeo.org@meetmeloves.com>
to=<neteler@osgeo.org> proto=ESMTP helo=<mx1.meetmeloves.com>
Aug 27 10:42:06 mail postfix/smtpd[18471]: disconnect from
unknown[104.236.231.253]
Aug 27 11:18:38 mail postfix/smtpd[20621]: warning: hostname
mx1.meetmeloves.com does not resolve to address 104.236.231.253
Aug 27 11:18:38 mail postfix/smtpd[20621]: connect from
unknown[104.236.231.253]
Aug 27 11:18:38 mail postgrey[2048]: action=pass, reason=triplet found,
delay=2192, client_name=unknown, client_address=104.236.231.253,
sender=bouncereply+neteler=osgeo.org@meetmeloves.com,
recipient=neteler@osgeo.org
Aug 27 11:18:38 mail postfix/smtpd[20621]: D2F2D842B:
client=unknown[104.236.231.253]
Aug 27 11:18:39 mail postfix/smtpd[20621]: disconnect from
unknown[104.236.231.253]

mail:/var/log# nslookup 104.236.231.253
Server: 140.211.166.130
Address: 140.211.166.130#53
Non-authoritative answer:
253.231.236.104.in-addr.arpa name = mx1.meetmeloves.com.
}}}

Whois: http://bgp.he.net/dns/meetmeloves.com#_whois

I don't know if it is worthwhile to contact there abuse address mentioned
therein.
They'll change name/address anyway...

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1532#comment:9>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.