[opensuse-factory] virus sent by opensuse.org?
Hi, I received two emails (today and yesterday), both with a .doc attachment, which is marked as virus by Gmail. I deleted the first one, the second is send from scanner@opensuse.org. The title is "Scan from KM1650" Can anyone tell me what is it? Marguerite -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 02/11/2016 10:11 AM, Marguerite Su wrote:
Hi,
I received two emails (today and yesterday), both with a .doc attachment, which is marked as virus by Gmail.
I deleted the first one, the second is send from scanner@opensuse.org. The title is "Scan from KM1650"
Can anyone tell me what is it?
Probably forged. Did you check the raw headers? Regards, Lew -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, Feb 12, 2016 at 2:17 AM, Lew Wolfgang
Probably forged. Did you check the raw headers?
http://paste.opensuse.org/58091645 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello, Am Freitag, 12. Februar 2016, 02:20:28 CET schrieb Marguerite Su:
On Fri, Feb 12, 2016 at 2:17 AM, Lew Wolfgang
wrote: Probably forged. Did you check the raw headers?
Let me quote the relevant parts: (with your mail addresses masked to
prevent more spam)
Received: from mx2.suse.de (mx2.suse.de. [195.135.220.15])
by mx.google.com with ESMTPS id c21si37138677wmd.111.2016.02.11.03.00.02
for
(version=TLS1 cipher=AES128-SHA bits=128/128);
Thu, 11 Feb 2016 03:00:02 -0800 (PST)
So yes, this was sent via the SUSE mailserver, which received it from:
Received: from 189.dedicated2.sinet.com.kh (unknown [203.217.169.189])
by mx2.suse.de (Postfix) with ESMTP id 4B6ACAC8E
for
Bleibt die Frage offen, wieso jemand kein Antialiasing hat. Vielleicht hat er's nicht verdient? :-) [> Christian Boltz und Ratti in fontlinge-devel]
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thursday 2016-02-11 20:27, Christian Boltz wrote:
Am Freitag, 12. Februar 2016, 02:20:28 CET schrieb Marguerite Su:
On Fri, Feb 12, 2016 at 2:17 AM, Lew Wolfgang
wrote: Probably forged. Did you check the raw headers?
Let me quote the relevant parts: (with your mail addresses masked to prevent more spam)
For the gutter. The kiddie scripts will s{ \[AT\] }{@}, or <at>, or whatever else and just try again, because trying is cheap.
From: scanner@opensuse.org To: marguerite [AT] opensuse.org
Needless to say that the "From" is forged ;-)
SPF *cough* *cough* -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 11 Feb 2016, at 22:05, Jan Engelhardt
wrote: From: scanner@opensuse.org To: marguerite [AT] opensuse.org
Needless to say that the "From" is forged ;-)
SPF *cough*
Come up with the TXT record that actually blocks all forged addresses but allows all legit users to keep using their email address - and keep in mind that opensuse.org does not offer an smtp server. SPF is pretty useless there. Dominique-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 12/02/16 08:22, Dominique Leuenberger wrote:
On 11 Feb 2016, at 22:05, Jan Engelhardt
wrote: From: scanner@opensuse.org To: marguerite [AT] opensuse.org
Needless to say that the "From" is forged ;-) SPF *cough* Come up with the TXT record that actually blocks all forged addresses but allows all legit users to keep using their email address - and keep in mind that opensuse.org does not offer an smtp server.
SPF is pretty useless there.
SURELY, the question to be asked and answered here is WHY did the opensuse server pass on the virus document instead of quarantining those 2 e-mails? BC -- Using openSUSE 13.2, KDE 4.14.9 & kernel 4.4.1-4 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2016-02-13 at 15:13 +1100, Basil Chupin wrote:
On 12/02/16 08:22, Dominique Leuenberger wrote:
On 11 Feb 2016, at 22:05, Jan Engelhardt
wrote: From: scanner@opensuse.org To: marguerite [AT] opensuse.org
Needless to say that the "From" is forged ;-) SPF *cough* Come up with the TXT record that actually blocks all forged addresses but allows all legit users to keep using their email address - and keep in mind that opensuse.org does not offer an smtp server.
SPF is pretty useless there.
Not if SRS is implemented. http://en.wikipedia.org/wiki/Sender_Policy_Framework#FAIL_and_forwarding http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme This was requested of the admins in "tickets #4876" a year ago, with no reply or comment, after it was suggested on the project mail list to do so. http://lists.opensuse.org/opensuse-project/2014-11/msg00094.html
SURELY, the question to be asked and answered here is WHY did the opensuse server pass on the virus document instead of quarantining those 2 e-mails?
Probably because openSUSE mail server does no antivirus checking. This is costly in CPU time (and needs a commercial antivirus for servers, as clamav hit ratio is too bad). People would still complain with both false positives and false negatives. I personally prefer that there is no filtering, because these are often too aggressive and remove wanted posts, with no way to recover them. Notice that being a redirector, it has no storage and can not quarantining emails. That task can better be done by the ISP that gets forwarded those emails, as it happened this time. P.S.: Why is this thread in the factory mail list? :-? - -- Cheers, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlbAlL8ACgkQtTMYHG2NR9V00wCeMdcAU+YUp9AEA6DoF52cFAjY kAcAn2H5DiU82xxqZ9kkv8a6Aj/G8inO =6FSe -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sun, 2016-02-14 at 15:52 +0100, Carlos E. R. wrote:
On Saturday, 2016-02-13 at 15:13 +1100, Basil Chupin wrote:
On 12/02/16 08:22, Dominique Leuenberger wrote:
On 11 Feb 2016, at 22:05, Jan Engelhardt
wrote: From: scanner@opensuse.org To: marguerite [AT] opensuse.org
Needless to say that the "From" is forged ;-) SPF *cough* Come up with the TXT record that actually blocks all forged addresses but allows all legit users to keep using their email address - and keep in mind that opensuse.org does not offer an smtp server.
SPF is pretty useless there.
Not if SRS is implemented.
Still: SPF/SRS combo will only be effective for anything I send from my @opensuse.org address to any other @opensuse.org address where any openSUSE server even has the chance to see it. If I send using my @opensuse.org address to your telefonica.net address directly, with a strict SPF, my mail never ever passes any opensuse infra - as openSUSE does not offer SMTP Servers, I am forced to use my own infrastructure. Hence: SPF is useless for this kind of setup (or one ends up with the usual ~ALL record, which basically allows everything again, taking the full power of SPF away) But this entire discussion should not be here - as it really has nothing to do with Factory/Tumbleweed or ANY openSUSE distribution (released or planned). Cheers, Dominique -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2016-02-15 13:50, Dominique Leuenberger / DimStar wrote:
On Sun, 2016-02-14 at 15:52 +0100, Carlos E. R. wrote:
Not if SRS is implemented.
Still: SPF/SRS combo will only be effective for anything I send from my @opensuse.org address to any other @opensuse.org address where any openSUSE server even has the chance to see it.
If I send using my @opensuse.org address to your telefonica.net address directly, with a strict SPF, my mail never ever passes any opensuse infra - as openSUSE does not offer SMTP Servers, I am forced to use my own infrastructure. Hence: SPF is useless for this kind of setup (or one ends up with the usual ~ALL record, which basically allows everything again, taking the full power of SPF away)
Well, the issue is not you sending posts with your opensuse.org address, but receiving on it. In this case I have been told that SRS+SPF, works. I'm not an expert to discuss the details.
But this entire discussion should not be here - as it really has nothing to do with Factory/Tumbleweed or ANY openSUSE distribution (released or planned).
I agree absolutely, but I'm not the OP. I can not decide moving the thread. It is more of a pain for me, as my messages here are moderated. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Hi On Sat, 13 Feb 2016 15:13:54 +1100 Basil Chupin wrote:
SURELY, the question to be asked and answered here is WHY did the opensuse server pass on the virus document instead of quarantining those 2 e-mails?
Simple reason: the scanner did not detect that virus... :-(
One of the reason why even the best infrastructure should not stop
people from thinking before they click on something.
With kind regards,
Lars
--
Lars Vogdt
participants (9)
-
Basil Chupin
-
Carlos E. R.
-
Christian Boltz
-
Dominique Leuenberger
-
Dominique Leuenberger / DimStar
-
Jan Engelhardt
-
Lars Vogdt
-
Lew Wolfgang
-
Marguerite Su