Opened 8 years ago

Last modified 8 years ago

#1792 new task

SCAM on postgis-users

Reported by: strk Owned by: sac@…
Priority: normal Milestone:
Component: SysAdmin Keywords: spam, scam, phishing


We just received a SCAM mail on the postgis-users mailing lits.

The mail had the From of a trusted user, but looking at the headers the message arrived from an unusual place:

 Received: from (unknown []) 
  by (Postfix) with SMTP id A668A60BF3CA
  for <>; Wed, 14 Sep 2016 21:30:19 -0700 (PDT) 

The usual provenance of this user's mail is:

 Received: from ( [])
  by (Postfix) with ESMTPS id C070B614774A  
  for <>; Wed, 11 May 2016 05:16:43 -0700 (PDT)

The user come from Norway, while the SCAM mail IP is reported to be in Morocco:

Is there a policy to block source IPs for mailman, or should it be done at the IP filter level ?

Change History (7)

comment:1 by nicklas, 8 years ago

It is my name that is used. I am not sure what to do. I have changed from I am now using as mail host. But this happened also before the switch.

If those emails don't come from any of my machines or phone or my mail host, then I guess I cannot block them either?

I can change my address and use nicklas@… instead of nicklas.aven@…, then it is easier for osgeo to block.

Any hints on what is happening and what I can do is appreciated. "I" have been spamming more than OSGEO lately.

comment:2 by strk, 8 years ago

Component: Systems AdminMailing Lists
Owner: changed from sac@… to jsanz

Moving under the "Mailing Lists" component, in case the lists admin has ideas on how to deal with this (maybe refuse mail from IP addresses not having a valid reverse-lookup?)

Nicklas, I guess one thing you could do if you are in control of the "" domain is define a sender policy for it, specifying which IPs would be allowed to send mail in that name (see The rest I think would be up to the OSGeo mail service, to refuse mail coming from non-trusted sources...

Changing mail seems premature, the moderation bit should just give us an idea about whether or not the attacker is going to use your email further (for the kind of attack, it may be a one-shot).

comment:3 by strk, 8 years ago

Keywords: spam scam phishing added

comment:4 by jsanz, 8 years ago

Sandro sorry, this is beyond my mailman skills I'm afraid, no idea on how to help. Probably better to reassign to SAC, maybe more capable people than me can help on this.

comment:5 by strk, 8 years ago

Component: Mailing ListsSystems Admin
Owner: changed from jsanz to sac@…

comment:6 by nicklas, 8 years ago

Hopefully this problem is over.

Now there should be a SPF-record enabled at my domain that is supposed to stop those spam mails.

comment:7 by strk, 8 years ago

I don't know if the OSGeo mailing list server does check for SPF records though. Does anyone else do ?

Note: See TracTickets for help on using tickets.