[Board] Have the OSGeo mail servers been compromised?

Jeff McKenna jmckenna at gatewaygeomatics.com
Mon Jul 31 11:03:02 PDT 2017

I noticed a similar message on the OSGeo-Africa list, supposedly sent by 
Gavin (not an @osgeo.org account): 


On 2017-07-31 2:44 PM, Jorge Sanz wrote:
> I'm receiving some mailman rejection notices from announce and
> belgium, but many others accepted (even they ended up in my spam
> folder).
> For example, there is a message sent on my behalf to the Argentina
> list: https://lists.osgeo.org/pipermail/argentina/2017-July/002322.html
> Looks like it's related with the aliases system that we use like mine
> "jsanz at osgeo.org"
> Attaching screenshot and adding in CC the SAC list.
> On 31 July 2017 at 19:31, Andrea Aime <andrea.aime at geo-solutions.it> wrote:
>> Hi,
>> I just received three mails from apparently legit mail addresses, Frank W.,
>> Jeff and Arnulf,
>> all reporting a Amazon security issue and asking me to connect to some
>> decently
>> well made fake amazon site to verify my credentials. The title is "Important
>> Notice To All Amazon Customers"
>> and they were all sent to the board list.
>> I don't think the people involved have all been compromised at the same
>> time, it seems
>> more likely that OSGeo mail servers where hacked, or something similar...
>> The interesting bit is that since I know those people, the messages did not
>> get into the
>> spam folder. Don't trust those mails!
>> --
>> Regards,
>> Andrea Aime
>> ==
>> GeoServer Professional Services from the experts! Visit http://goo.gl/it488V
>> for more information.
>> ==
>> Ing. Andrea Aime
>> @geowolf
>> Technical Lead
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> 55054  Massarosa (LU)
>> phone: +39 0584 962313
>> fax: +39 0584 1660272
>> mob: +39  339 8844549
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>> Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i
>> file/s allegato/i sono da considerarsi strettamente riservate. Il loro
>> utilizzo è consentito esclusivamente al destinatario del messaggio, per le
>> finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio
>> senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia
>> via e-mail e di procedere alla distruzione del messaggio stesso,
>> cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo
>> anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per
>> finalità diverse, costituisce comportamento contrario ai principi dettati
>> dal D.Lgs. 196/2003.
>> The information in this message and/or attachments, is intended solely for
>> the attention and use of the named addressee(s) and may be confidential or
>> proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender does
>> not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility  for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>> _______________________________________________
>> Board mailing list
>> Board at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/board

More information about the Board mailing list