On Fri, August 8, 2008 10:22, Ashish Yadav wrote:
Strange, I didn't sent the original mail.
Indeed, you didn't.
These are (part of) the mail headers of the troll:
----------
X-Virus-Scanned: by amavisd-new at relay2.suse.de
X-Spam-Score: 0.687
X-Spam-Level:
X-Spam-Status: No, score=0.687 tagged_above=-20 required=5
tests=[BAYES_50=0.001, SPF_NEUTRAL=0.686]
Received: from manxnetsf02.manx.net (outbound.manx.net [213.137.31.12])
by mx1.suse.de (Postfix) with ESMTP id 4BC834181E
for ; Fri, 8 Aug 2008 09:31:54 +0200 (CEST)
Received: from adsl87.254.75.83.manx.net (EHLO Siouxsie) ([87.254.75.83])
by manxnetsf02.manx.net (MOS 3.8.7a FastPath queued)
with ESMTP id CTZ40378;
Fri, 08 Aug 2008 08:31:53 +0100 (BST)
From: ashishyadav26@gmail.com
To: opensuse@opensuse.org
Date: 8 Aug 2008 08:31:18 +0100
Subject: [opensuse] Vista
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <200808080731.CTZ40378@manxnetsf02.manx.net>
----------
These are (part of) your mail headers:
----------
X-Virus-Scanned: by amavisd-new at relay1.suse.de
X-Spam-Score: -2.111
X-Spam-Level:
X-Spam-Status: No, score=-2.111 tagged_above=-20 required=5
tests=[BAYES_05=-1.11, MY_SUSE=-1, SPF_PASS=-0.001]
Received: from rv-out-0506.google.com (rv-out-0506.google.com
[209.85.198.237])
by mx1.suse.de (Postfix) with ESMTP id 9B5A441614
for ; Fri, 8 Aug 2008 10:22:54 +0200 (CEST)
Received: by rv-out-0506.google.com with SMTP id k40so857184rvb.11
for ; Fri, 08 Aug 2008 01:22:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:date:from:to
:subject:in-reply-to:mime-version:content-type
:content-transfer-encoding:content-disposition:references;
bh=SYxGdsVIk5wyA+EAE+UPP7cvaoZND4B1kVmEwG74UHU=;
b=vezsFDzJ7QgZ6jv9sIcoCBX4Se3M42F6XXpUU4tHtLf0//Bxh5mCEUW9oYocJGINx/
HjR4OtMbimb56V5FOA3L8gsro3MOlgOyBRM2eCbJxjYiORgT30kFFi/fxo/wC+7EYNJi
lg/Gbc7j0e3ab9fzQfP7af9Z9D4A4wTMCSq1o=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:date:from:to:subject:in-reply-to:mime-version
:content-type:content-transfer-encoding:content-disposition
:references;
b=eOAiacWBwZmgpQ001nVbY83CD+lNrDW0T36j5BsabJQhQEmIL3Ea6oVccIkc4ImT57
Jz6Jhfio+L7SuzEroS9ybC/ETBmp2Un7sYuNk0PSQ3s8kRceZLBlW10w9YHlAOLO+zn+
PS/1gi+NiQ2QzJ4IR6he9EXwvPHiXxQHQNnDg=
Received: by 10.140.139.3 with SMTP id m3mr1276261rvd.44.1218183773434;
Fri, 08 Aug 2008 01:22:53 -0700 (PDT)
Received: by 10.140.133.8 with HTTP; Fri, 8 Aug 2008 01:22:53 -0700 (PDT)
Message-ID:
Date: Fri, 8 Aug 2008 13:52:53 +0530
From: "Ashish Yadav"
To: opensuse@opensuse.org
Subject: Re: [opensuse] Vista
In-Reply-To: <60fb01490808080036o7d07d756m4c2695b15c32c7e4@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <200808080731.CTZ40378@manxnetsf02.manx.net>
<60fb01490808080036o7d07d756m4c2695b15c32c7e4@mail.gmail.com>
----------
Main differences: the sending server and the spam score (SPF records).
This probably means that someone at adsl87.254.75.83.manx.net is spoofing
your email address. You may know that email spoofing is trivial, I'll try
to send a proof-of-concept email from my own box, forging your email
address.
I suggest you report the abuse at manx.net. It's probably a very bored and
sad person who is doing this. Cutting off his internet connection won't
help much, he will just switch to another provider.
This is the transcript of the telnet session:
amedee@intrepid { ~ }$ telnet mx1.suse.de 25
Trying 195.135.220.2...
Connected to mx1.suse.de.
Escape character is '^]'.
220 mx1.suse.de ESMTP Postfix (2.1.1)
EHLO amedee.be
250-mx1.suse.de
250-PIPELINING
250-SIZE 50000000
250-ETRN
250-STARTTLS
250 8BITMIME
MAIL FROM: ashishyadav26@gmail.com
250 Ok
RCPT TO: opensuse@opensuse.org
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: ashishyadav26@gmail.com
Subject: Email spoofing
This email is a proof-of-concept to show how easy it is to forge an email
address.
The sender appears to be ashishyadav26@gmail.com, but in fact the email
was sent from my own server, intrepid.warp.be.
Check the email headers for more details.
.
250 Ok: queued as 76AFF416CB
QUIT
221 Bye
Connection closed by foreign host.
--
Amedee
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org
