[discuss] ❣some new stuff

Carlos Afonso ca at cafonso.ca
Tue May 23 13:30:41 UTC 2017


:-)

fraternal regards

--c.a.

On 23-05-17 09:51, Olivier MJ Crépin-Leblond wrote:
> Dear Carlos,
> 
> if SPF was strictly enforced, like what Google does these days, this
> basic junk spam wouldn't make it anywhere.
> 
> The problem is that we're designing all of these wonderful ways to clean
> our mailboxes from junk, yet we do not practice what we preach, nor do
> we make full use of what we have designed.
> 
> I too have seen this spam on so many poorly run mailman mailing lists.
> Funny to see that it's Patrik's address that was spoofed, Frobbit being
> such a "full featured" domain with SPF, DNSSEC etc.
> 
> Time for a "spring clean" campaign.
> 
> Kindest regards,
> 
> Olivier
> 
> On 23/05/2017 12:55, Carlos Afonso wrote:
>> Incredible. This spam is appearing in nearly every mailman service I am
>> aware of (including ISOC's lists). It seems a vulnerability in the mail
>> agent which seems unable to handle this kind of spoofing (or missing
>> some anti-spoofing config). It happens in our lists here at Nupef as well.
>>
>> Most of these are coming from Vietnam's terminal broadband addresses. I
>> assume they do not block port 25 for end users.
>>
>> Below is the full header source of the spam. As the domain 1net.org is
>> under APNIC, I am also copying to Arth.
>>
>> frt rgds
>>
>> --c.a.
>>
>> On 23-05-17 07:31, paf wrote:
>> >From - Tue May 23 07:44:58 2017
>> X-Account-Key: account1
>> X-UIDL: 0002fe7154ffae3d
>> X-Mozilla-Status: 0001
>> X-Mozilla-Status2: 00000000
>> X-Mozilla-Keys:
>>
>> Return-Path: <discuss-bounces at 1net.org>
>> Delivered-To: ca at cafonso.ca
>> Received: from localhost (localhost [127.0.0.1])
>> 	by email.nupef.org.br (Postfix) with ESMTP id 08EDA14A674
>> 	for <ca at cafonso.ca>; Tue, 23 May 2017 07:32:35 -0300 (BRT)
>> X-Virus-Scanned: Debian amavisd-new at email.nupef.org.br
>> X-Spam-Flag: NO
>> X-Spam-Score: 1.495
>> X-Spam-Level: *
>> X-Spam-Status: No, score=1.495 tagged_above=1 required=4.5
>> 	tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001,
>> 	HTML_IMAGE_ONLY_24=1.618, HTML_IMAGE_RATIO_02=0.437,
>> 	HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347,
>> 	T_RP_MATCHES_RCVD=-0.01, URI_TRY_3LD=0.001]
>> 	autolearn=no autolearn_force=no
>> Received: from email.nupef.org.br ([127.0.0.1])
>> 	by localhost (email.nupef.org.br [127.0.0.1]) (amavisd-new, port 10024)
>> 	with ESMTP id FNl4YrmHzOoV for <ca at cafonso.ca>;
>> 	Tue, 23 May 2017 07:32:31 -0300 (BRT)
>> Received: from 1net-mail.1net.org (1net-mail.1net.org
>> [IPv6:2a01:7e00::f03c:91ff:fedb:250a])
>> 	by email.nupef.org.br (Postfix) with ESMTPS id 0CA20148749
>> 	for <ca at cafonso.ca>; Tue, 23 May 2017 07:32:30 -0300 (BRT)
>> Received: from localhost ([::1] helo=1net-mail.1net.org)
>> 	by 1net-mail.1net.org with esmtp (Exim 4.80.1)
>> 	(envelope-from <discuss-bounces at 1net.org>)
>> 	id 1dD76s-0003zu-Pe; Tue, 23 May 2017 10:32:14 +0000
>> Received: from [14.176.142.144] (helo=static.vnpt.vn)
>> 	by 1net-mail.1net.org with esmtp (Exim 4.80.1)
>> 	(envelope-from <qaukb at static.vnpt.vn>) id 1dD76o-0003zT-WA
>> 	for discuss at 1net.org; Tue, 23 May 2017 10:32:13 +0000
>> From: "paf" <paf at frobbit.se>
>> To: "discuss" <discuss at 1net.org>
>> Date: Tue, 23 May 2017 06:31:48 -0400
>> Message-ID: <1753787746.20170523133148 at frobbit.se>
>> MIME-Version: 1.0
>> X-1net-SpamScore: 21.3 (+++++++++++++++++++++)
>> Subject: [discuss] =?utf-8?q?=E2=9D=A3some_new_stuff?=
>> X-BeenThere: discuss at 1net.org
>> X-Mailman-Version: 2.1.12
>> Precedence: list
>> List-Id: <discuss.1net.org>
>> List-Unsubscribe: <http://1net-mail.1net.org/mailman/options/discuss>,
>> 	<mailto:discuss-request at 1net.org?subject=unsubscribe>
>> List-Archive: <http://1net-mail.1net.org/pipermail/discuss/>
>> List-Post: <mailto:discuss at 1net.org>
>> List-Help: <mailto:discuss-request at 1net.org?subject=help>
>> List-Subscribe: <http://1net-mail.1net.org/mailman/listinfo/discuss>,
>> 	<mailto:discuss-request at 1net.org?subject=subscribe>
>> Content-Type: multipart/mixed;
>> boundary="===============3320793257203812010=="
>> Sender: discuss-bounces at 1net.org
>> Errors-To: discuss-bounces at 1net.org
>>
>> --===============3320793257203812010==
>> Content-Type: multipart/alternative;
>>         boundary="_2C237DC2-DA16-4DDF-A725-EC67FFD0D977_"
>>
>>
> 
> -- 
> Olivier MJ Crépin-Leblond, PhD
> http://www.gih.com/ocl.html
> 

-- 

Carlos A. Afonso
[emails são pessoais exceto quando explicitamente indicado em contrário]
[emails are personal unless explicitly indicated otherwise]

Instituto Nupef - https://nupef.org.br
CGI.br - http://cgi.br
ISOC-BR - https://isoc.org.br





More information about the discuss mailing list