[SAC] [OSGeo] #1792: SCAM on postgis-users
OSGeo
trac_osgeo at osgeo.org
Thu Sep 15 01:00:49 PDT 2016
#1792: SCAM on postgis-users
---------------------------+-------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
We just received a SCAM mail on the postgis-users mailing lits.
The mail had the From of a trusted user, but
looking at the headers the message arrived from
an unusual place:
{{{
Received: from srvzimbra.fstbm.ac.ma (unknown [196.200.177.4])
by lists.osgeo.org (Postfix) with SMTP id A668A60BF3CA
for <postgis-users at lists.osgeo.org>; Wed, 14 Sep 2016 21:30:19 -0700
(PDT)
}}}
The usual provenance of this user's mail is:
{{{
Received: from halon3.space2u.com (halon3.space2u.com [194.237.215.136])
by lists.osgeo.org (Postfix) with ESMTPS id C070B614774A
for <postgis-users at lists.osgeo.org>; Wed, 11 May 2016 05:16:43 -0700
(PDT)
}}}
The user come from Norway, while the SCAM mail IP is reported to be
in Morocco: http://anti-hacker-alliance.com/index.php?ip=196.200.177.6
Is there a policy to block source IPs for mailman, or should it be done at
the IP filter level ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1792>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list