#1792: SCAM on postgis-users
---------------------------+-------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
We just received a SCAM mail on the postgis-users mailing lits.
The mail had the From of a trusted user, but
looking at the headers the message arrived from
an unusual place:
{{{
Received: from srvzimbra.fstbm.ac.ma (unknown [196.200.177.4])
by lists.osgeo.org (Postfix) with SMTP id A668A60BF3CA
for <postgis-users@lists.osgeo.org>; Wed, 14 Sep 2016 21:30:19 -0700
(PDT)
}}}
The usual provenance of this user's mail is:
{{{
Received: from halon3.space2u.com (halon3.space2u.com [194.237.215.136])
by lists.osgeo.org (Postfix) with ESMTPS id C070B614774A
for <postgis-users@lists.osgeo.org>; Wed, 11 May 2016 05:16:43 -0700
(PDT)
}}}
The user come from Norway, while the SCAM mail IP is reported to be
in Morocco: http://anti-hacker-alliance.com/index.php?ip=196.200.177.6
Is there a policy to block source IPs for mailman, or should it be done at
the IP filter level ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1792>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1792: SCAM on postgis-users
---------------------------+--------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by nicklas):
It is my name that is used. I am not sure what to do.
I have changed from space2u.com I am now using greengeeks.com as mail
host. But this happened also before the switch.
If those emails don't come from any of my machines or phone or my mail
host, then I guess I cannot block them either?
I can change my address and use nicklas@jordogskog.no instead of
nicklas.aven@jordogskog.no, then it is easier for osgeo to block.
Any hints on what is happening and what I can do is appreciated. "I" have
been spamming more than OSGEO lately.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1792#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1792: SCAM on postgis-users
---------------------------+--------------------
Reporter: strk | Owner: jsanz
Type: task | Status: new
Priority: normal | Milestone:
Component: Mailing Lists | Resolution:
Keywords: |
---------------------------+--------------------
Changes (by strk):
* owner: sac@… => jsanz
* component: Systems Admin => Mailing Lists
Comment:
Moving under the "Mailing Lists" component, in case the lists admin has
ideas on how to deal with this (maybe refuse mail from IP addresses not
having a valid reverse-lookup?)
Nicklas, I guess one thing you could do if you are in control of the
"jordogskog.no" domain is define a sender policy for it, specifying which
IPs would be allowed to send mail in that name (see
https://en.wikipedia.org/wiki/Sender_Policy_Framework). The rest I think
would be up to the OSGeo mail service, to refuse mail coming from non-
trusted sources...
Changing mail seems premature, the moderation bit should just give us an
idea about whether or not the attacker is going to use your email further
(for the kind of attack, it may be a one-shot).
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1792#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1792: SCAM on postgis-users
----------------------------------+--------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: spam, scam, phishing |
----------------------------------+--------------------
Changes (by strk):
* owner: jsanz => sac@…
* component: Mailing Lists => Systems Admin
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1792#comment:5>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1792: SCAM on postgis-users
----------------------------------+--------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: spam, scam, phishing |
----------------------------------+--------------------
Comment (by nicklas):
Hopefully this problem is over.
Now there should be a SPF-record enabled at my domain that is supposed to
stop those spam mails.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1792#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1792: SCAM on postgis-users
----------------------------------+--------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: spam, scam, phishing |
----------------------------------+--------------------
Comment (by strk):
I don't know if the OSGeo mailing list server does check for SPF records
though.
Does anyone else do ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1792#comment:7>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.