[discuss] ❣some new stuff
Carlos Afonso
ca at cafonso.ca
Tue May 23 10:55:02 UTC 2017
Incredible. This spam is appearing in nearly every mailman service I am
aware of (including ISOC's lists). It seems a vulnerability in the mail
agent which seems unable to handle this kind of spoofing (or missing
some anti-spoofing config). It happens in our lists here at Nupef as well.
Most of these are coming from Vietnam's terminal broadband addresses. I
assume they do not block port 25 for end users.
Below is the full header source of the spam. As the domain 1net.org is
under APNIC, I am also copying to Arth.
frt rgds
--c.a.
On 23-05-17 07:31, paf wrote:
>From - Tue May 23 07:44:58 2017
X-Account-Key: account1
X-UIDL: 0002fe7154ffae3d
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <discuss-bounces at 1net.org>
Delivered-To: ca at cafonso.ca
Received: from localhost (localhost [127.0.0.1])
by email.nupef.org.br (Postfix) with ESMTP id 08EDA14A674
for <ca at cafonso.ca>; Tue, 23 May 2017 07:32:35 -0300 (BRT)
X-Virus-Scanned: Debian amavisd-new at email.nupef.org.br
X-Spam-Flag: NO
X-Spam-Score: 1.495
X-Spam-Level: *
X-Spam-Status: No, score=1.495 tagged_above=1 required=4.5
tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001,
HTML_IMAGE_ONLY_24=1.618, HTML_IMAGE_RATIO_02=0.437,
HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347,
T_RP_MATCHES_RCVD=-0.01, URI_TRY_3LD=0.001]
autolearn=no autolearn_force=no
Received: from email.nupef.org.br ([127.0.0.1])
by localhost (email.nupef.org.br [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id FNl4YrmHzOoV for <ca at cafonso.ca>;
Tue, 23 May 2017 07:32:31 -0300 (BRT)
Received: from 1net-mail.1net.org (1net-mail.1net.org
[IPv6:2a01:7e00::f03c:91ff:fedb:250a])
by email.nupef.org.br (Postfix) with ESMTPS id 0CA20148749
for <ca at cafonso.ca>; Tue, 23 May 2017 07:32:30 -0300 (BRT)
Received: from localhost ([::1] helo=1net-mail.1net.org)
by 1net-mail.1net.org with esmtp (Exim 4.80.1)
(envelope-from <discuss-bounces at 1net.org>)
id 1dD76s-0003zu-Pe; Tue, 23 May 2017 10:32:14 +0000
Received: from [14.176.142.144] (helo=static.vnpt.vn)
by 1net-mail.1net.org with esmtp (Exim 4.80.1)
(envelope-from <qaukb at static.vnpt.vn>) id 1dD76o-0003zT-WA
for discuss at 1net.org; Tue, 23 May 2017 10:32:13 +0000
From: "paf" <paf at frobbit.se>
To: "discuss" <discuss at 1net.org>
Date: Tue, 23 May 2017 06:31:48 -0400
Message-ID: <1753787746.20170523133148 at frobbit.se>
MIME-Version: 1.0
X-1net-SpamScore: 21.3 (+++++++++++++++++++++)
Subject: [discuss] =?utf-8?q?=E2=9D=A3some_new_stuff?=
X-BeenThere: discuss at 1net.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <discuss.1net.org>
List-Unsubscribe: <http://1net-mail.1net.org/mailman/options/discuss>,
<mailto:discuss-request at 1net.org?subject=unsubscribe>
List-Archive: <http://1net-mail.1net.org/pipermail/discuss/>
List-Post: <mailto:discuss at 1net.org>
List-Help: <mailto:discuss-request at 1net.org?subject=help>
List-Subscribe: <http://1net-mail.1net.org/mailman/listinfo/discuss>,
<mailto:discuss-request at 1net.org?subject=subscribe>
Content-Type: multipart/mixed;
boundary="===============3320793257203812010=="
Sender: discuss-bounces at 1net.org
Errors-To: discuss-bounces at 1net.org
--===============3320793257203812010==
Content-Type: multipart/alternative;
boundary="_2C237DC2-DA16-4DDF-A725-EC67FFD0D977_"
--
Carlos A. Afonso
[emails são pessoais exceto quando explicitamente indicado em contrário]
[emails are personal unless explicitly indicated otherwise]
Instituto Nupef - https://nupef.org.br
CGI.br - http://cgi.br
ISOC-BR - https://isoc.org.br
More information about the discuss
mailing list