Opened 9 years ago
Closed 3 years ago
#1532 closed task (worksforme)
getting spam sexual e-mail which seems to be replies from osgeo-conf or board
| Reported by: | bartvde | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description (last modified by )
Envelope-To: bartvde@osgis.nl X-Antiabuse: This header was added to track abuse, please include it with any abuse report X-Antiabuse: Primary Hostname - mx12.loverhearts.com X-Antiabuse: Original Domain - osgis.nl X-Antiabuse: Originator/Caller UID/GID - [47 12] / [47 12] X-Antiabuse: Sender Address Domain - loverhearts.com In-Reply-To: <473E3550-36FC-4DC9-8B94-8525D50B3588@osgis.nl> Return-Path: <julie70622@loverhearts.com> Mime-Version: 1.0 X-Virus-Scanned: Clear (ClamAV 0.98.5/20836/Tue Aug 25 22:51:25 2015) X-Priority: 3 (Normal) Message-Id: <22099b5fb5ce1e39b582c36a2fe32ba2@leadrace.biz> X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=loverhearts.com; s=default; h=References:In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Subject:Date:Message-ID; bh=/df1EM6z7sse98QYSgU4somupBh2YrDa0q+QG0PINGM=; b=dJKpHTYTrLPsE/WKyfd9Hu5lWTksz3C+VAiMUbODP45bVTBxFkcmhcnQGDqUU2lp/svznK9VZJ1NvCICFX8Vo1oKXBG0MiONWcxOut6kXBqhj60Nh6r2zjWteTTI5iWXpcmQIT4s72fMd9q8ePJlGsa6Arko8Fnj8CXpoOZarxU=; Delivery-Date: Wed, 26 Aug 2015 05:06:23 +0200 X-Get-Message-Sender-Via: mx12.loverhearts.com: authenticated_id: julie@loverhearts.com Content-Transfer-Encoding: quoted-printable References: <473E3550-36FC-4DC9-8B94-8525D50B3588@osgis.nl> Content-Type: multipart/mixed; boundary="_=_swift_v4_1440558369_2afe50087a4c7bdc8af7cefba5fe540b_=_" X-Spam-Score: 1.6 (+) Delivered-To: osgisa-bartvde@osgis.nl Received: from [104.236.255.68] (helo=mx12.loverhearts.com) by www270.your-server.de with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.80.1) (envelope-from <julie70622@loverhearts.com>) id 1ZUR2Y-0004hm-RO for bartvde@osgis.nl; Wed, 26 Aug 2015 05:06:23 +0200 Received: from [155.94.64.78] (port=54935 helo=leadrace.biz) by mx12.loverhearts.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.85) (envelope-from <julie70622@loverhearts.com>) id 1ZUR2N-0006FP-UP for bartvde@osgis.nl; Tue, 25 Aug 2015 23:06:08 -0400 Re: [OSGeo-Conf] Board Digest, Vol 107, Issue 16 Hey Bart,I am willing to meet up with you just as long as you can prove to me that you aren't going to do anything crazy. You just need to go along to this site Unlock phone number Click Here check out my picture and do the date security verification…then call/text me after that.I've asked you nicely what I need you to do to ensure my safety.I have a healthy conscious about meeting a stranger online Bart Eijnden without doing this first.There has been multiple women attacked and murdered from Bart Eijndenguys on cl, I can't take risk until u verify. If you can’t do that simple thing then I’m sure as not going to have s e x with you. I am sorry. Take care...... Thanks Julie Anna Send via iPhone
Change History (10)
comment:1 by , 9 years ago
comment:2 by , 9 years ago
| Description: | modified (diff) |
|---|
follow-up: 6 comment:3 by , 9 years ago
Bart,
I'm not seeing any sign of someone from loverhearts.com signed up to this list. I'm not sure about how to do a cross-list search. The email headers don't seem to suggest the email went through OSGeo mail servers, so it would appear they are just doing a minimal masquerade as being from our list by spoofing the subject line.
I'm not sure that we can do anything about this.
comment:4 by , 9 years ago
I just got a similar kind of message as Bart when replying to a board motion.
comment:5 by , 9 years ago
If you do a "whois" on the loverhearts domain you can see the email address connected to it, and then do a Google search and you can see that this person is attached to many scams. (that address is not a member of the board or conference-dev lists)
comment:6 by , 9 years ago
Replying to warmerdam:
Bart,
I'm not seeing any sign of someone from loverhearts.com signed up to this list. I'm not sure about how to do a cross-list search. The email headers don't seem to suggest the email went through OSGeo mail servers, so it would appear they are just doing a minimal masquerade as being from our list by spoofing the subject line.
I'm not sure that we can do anything about this.
Is the list of subscribers an appropriate number? I would expect both the Board and Conference list to have fewer than 200 members, most of which would be recognizable email addresses. And probably not too many recent subscription joins.
comment:7 by , 9 years ago
This may also just be a temporary clever (subject line matching) result of our public archives that will work itself out as email providers stop letting matching subject lines through. A minimal look at the content of the email makes it quite clearly spam.
comment:8 by , 9 years ago
I don't see anyone suspicious. Other than 0az(dot)post(at)blogger(dot)com which I guess is valid.
comment:9 by , 9 years ago
Ok I also got one now and checked on mail.osgeo.org:
mail:/var/log# grep 104.236.231.253 mail.log Aug 27 10:42:06 mail postfix/smtpd[18471]: warning: hostname mx1.meetmeloves.com does not resolve to address 104.236.231.253 Aug 27 10:42:06 mail postfix/smtpd[18471]: connect from unknown[104.236.231.253] Aug 27 10:42:06 mail postgrey[2048]: action=greylist, reason=new, client_name=unknown, client_address=104.236.231.253, sender=bouncereply+neteler=osgeo.org@meetmeloves.com, recipient=neteler@osgeo.org Aug 27 10:42:06 mail postfix/smtpd[18471]: NOQUEUE: reject: RCPT from unknown[104.236.231.253]: 450 4.2.0 <neteler@osgeo.org>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/osgeo.org.html; from=<bouncereply+neteler=osgeo.org@meetmeloves.com> to=<neteler@osgeo.org> proto=ESMTP helo=<mx1.meetmeloves.com> Aug 27 10:42:06 mail postfix/smtpd[18471]: disconnect from unknown[104.236.231.253] Aug 27 11:18:38 mail postfix/smtpd[20621]: warning: hostname mx1.meetmeloves.com does not resolve to address 104.236.231.253 Aug 27 11:18:38 mail postfix/smtpd[20621]: connect from unknown[104.236.231.253] Aug 27 11:18:38 mail postgrey[2048]: action=pass, reason=triplet found, delay=2192, client_name=unknown, client_address=104.236.231.253, sender=bouncereply+neteler=osgeo.org@meetmeloves.com, recipient=neteler@osgeo.org Aug 27 11:18:38 mail postfix/smtpd[20621]: D2F2D842B: client=unknown[104.236.231.253] Aug 27 11:18:39 mail postfix/smtpd[20621]: disconnect from unknown[104.236.231.253] mail:/var/log# nslookup 104.236.231.253 Server: 140.211.166.130 Address: 140.211.166.130#53 Non-authoritative answer: 253.231.236.104.in-addr.arpa name = mx1.meetmeloves.com.
Whois: http://bgp.he.net/dns/meetmeloves.com#_whois
I don't know if it is worthwhile to contact there abuse address mentioned therein. They'll change name/address anyway...
Is this e-mail address subscribed to any of those lists by any chance? Or what else might be going on?