Project

General

Profile

tickets #113048

Suspicious activity with member email domain

Added by Mir_ppc 7 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Email
Target version:
-
Start date:
2022-06-25
Due date:
% Done:

100%

Estimated time:

Description

So i noticed i got a strange email in my spam inbox related to my opensuse membership email.  Pasted down below is the raw output from the email in question.
Not sure what is up with it.
Patrick Finie
Received: from 10.253.231.19
by atlas208.free.mail.gq1.yahoo.com with HTTPS; Fri, 24 Jun 2022 02:19:17 +0000
Return-Path: <>
X-Originating-Ip: [195.135.221.158]
Received-SPF: none (domain of mx2.opensuse.org does not designate permitted sender hosts)
Authentication-Results: atlas208.free.mail.gq1.yahoo.com;
dkim=unknown;
spf=none smtp.mailfrom=mx2.opensuse.org;
dmarc=fail(p=NONE) header.from=hp0.mv9.eming.cfd;
X-Apparently-To: maninredd@yahoo.com; Fri, 24 Jun 2022 02:19:17 +0000
X-YMailAVSC: U1bRUbQ3bBuJN5egX1DPsb1UCjwlX5umUfLPcmlYIBGUVY7
vwDeZq5zn509Q624LEzkMmA8xYdYGKlHAWQbmkhDC3Qm8oz5QJWiHmRzcZjB
8.RRXcaAFp3HQ3WtgbSrBxTgg.acxiJX7QGXimnzCaJbLwvD7UupjvWSB0bu
5Uma0Fav1FgVlVTa0dAZoAooDJ_WTlgnwc_Kw6Yw.cEyUy_UMIFkfD_9vb45
SbtSPsWWR31EcHtjbaScBwPVIKdf0U_v2N.VEQvt8PfA24CY1Giy54QMCGpB
GSaZEwQOpt89KvbtwaWjA_CqR7fYgLHRkAtdkKyrqv0cCLhNCZTUz_q8gV3j
JEBEqlADCJj4-
X-YMailISG: XyVq5lsWLDsyzjbl1ZqhnimjHdcCblaUBCa4qHAGKDPa1hI0
warJsh8m0lZn.POXzOUoTWxNf.HGDfZ9A5GNiCtG00rYOLmCGCAghyyCgsxg
VHGkdPFJDMGeEPJNAmUxIbSD3Rrr0bg2O8kwsxQKp7PDlMW5w8.gN0IsDU0y
Tptj_cC2n0RJjrmk4vvRgaw3MQkiHpCRE8JXGFYo3HLQXxWsvnHMRBhM6P2c
zBgzsJc_ijlrXz7R9wIvv.kfdNwbXSmLYi3X6CiZU1zQa.htcCpelVlcr7Gn
Oqv7noHMwhMbtA8D1MKwMlo1EdSdtEtjnTUrqK1U8TyYGr7sLygs.wZkErMO
YdsMQG4W7UFz8Pq0F4CcaNUyq0QpGUx0uxGOyYHNRUKchmgrqo2ndzIALffU
tX3gIdYaL0t02IeG2rjv2Jogu776mgA3akUW3wTOoV3zFU1bo.MFT9VftDa7
lbw8ZlVoC97lbudRb7o5USiunYgo1EMo.UrePaZ5mSQMbqxrEWlFMHexYWzM
pyUSX0kK5htQ_LLNJNNXvRQ0v4P9n74WbQYc01rcojCSFHYH1wGdQVu2DNHa
21.D0Bv7F4XEajcIzb5bGsxWz6XmhWSDmFxnSZqsJunliE72AxksBhgzD.Z
XXRUd_ddh1nOjc48zIrNgxif2L4I5XyxDst_gUTE5lWsynr8AEWwVGPOMKv6
nVst1M7WXCCpB0DqFDpz6c77EPDinXQhQ9IHWUNWiPoSFYke79JBxNyMORtS
GiVR1sgVFMiL6MvRUC_TzIxSrq4b1u4Mj.SGvdES0w8DBA9pQmwbDCt6fk5.
FIsTjKyac6JqVxYGgaAd.rGudJ7OcVJHdUUxezjaW8g8W8Pkm5PiBXbOMY6j
V8jD0gV7r.CBvmNiDqZTPVUCis.yFF3ThOU.SEILkWox9ZZywkIO0Hg2FHDm
KJBZTjbOqtf3XhPD.AX00oVa9S0AGt7m9c.ZMimKW7EQqJ0FEgMtC7YviiB7
PU3kOxS0P.BmNO_deKwcN10ZXHWy3qNvouMTXSNPb43.kYLXdaPiWszkTZgq
.f7Zg6jjAfnGA4mKY0VEYtJlnIvvCm1FIk3GdcJf4y7F57wZTHRZRNZcDcaR
x6YpZbOEyeAp0y6wg_LKFsu_7xvjry2rUDbBI5K_2
_8ZhPw6ktIkSwddaBJ
4Nd9F7grn3h5icBp1F60vIp8hVWMEaDslcXs2btYJNXz8SOp8TTKO.wnPCoJ
LApfdtwayyXDyRJvVR0-
Received: from 195.135.221.158 (EHLO mx2.opensuse.org)
by 10.253.231.19 with SMTPs
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
Fri, 24 Jun 2022 02:19:17 +0000
Received: from mx2.opensuse.org (localhost [127.0.0.1])
by mx2.opensuse.org (Postfix) with ESMTP id 8B3469ED
for ; Fri, 24 Jun 2022 02:19:12 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on
mx2.infra.opensuse.org
X-Spam-Level: ****
X-Spam-Status: No, score=4.9 required=5.0 tests=FROM_FMBLA_NEWDOM,FSL_BULK_SIG,
MISSING_MID,PYZOR_CHECK,RCVD_IN_ZEN_BLOCKED_OPENDNS,RDNS_NONE,
T_SCC_BODY_TEXT_LINE,URIBL_DBL_BLOCKED_OPENDNS autolearn=disabled
version=3.4.5
X-Spam-Virus: No
X-Greylist: delayed 3570 seconds by postgrey-1.37 at mx2; Fri, 24 Jun 2022 02:19:12 UTC
Received: from hp0.mv9.eming.cfd (unknown [157.245.79.92])
(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx2.opensuse.org (Postfix) with ESMTPS
for ; Fri, 24 Jun 2022 02:19:12 +0000 (UTC)
Date: Thu, 23 Jun 2022 21:19:12 -0500
From: postmaster@hp0.mv9.eming.cfd
Subject: Delivery report
To: mir_ppc@opensuse.org
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="report62B51F20@hp0.mv9.eming.cfd"
Content-Length: 1409

--report62B51F20@hp0.mv9.eming.cfd
Content-Type: text/plain

Hello, this is the mail server on hp0.mv9.eming.cfd.

I am sending you this message to inform you on the delivery status of a
message you previously sent. Immediately below you will find a list of
the affected recipients; also attached is a Delivery Status Notification
(DSN) report in standard format, as well as the headers of the original
message.

delivery failed; will not continue trying

--report62B51F20@hp0.mv9.eming.cfd
Content-Type: message/delivery-status

Reporting-MTA: dns;hp0.mv9.eming.cfd
X-PowerMTA-VirtualMTA: pmta-vmta0
Received-From-MTA: dns;j2se-extendrd.naturescar.com (185.222.58.55)
Arrival-Date: Thu, 23 Jun 2022 18:17:33 -0500

Final-Recipient: rfc822;mir_ppc@opensuse.org
Action: failed

Remote-MTA: dns;mx1.opensuse.org (195.135.221.175)
Diagnostic-Code: smtp;550 5.7.1 Spam identified (14.0/5.0)
X-PowerMTA-BounceCategory: spam-related

--report62B51F20@hp0.mv9.eming.cfd
Content-Type: text/rfc822-headers

From: "Do not ignore"
To: mir_ppc@opensuse.org
Subject: Clock-in and Clock-out from mir_ppc@opensuse.org
Date: 24 Jun 2022 01:17:33 +0200
Message-ID: 20220624011733.00F134989F71CC0A@opensuse.org
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

--report62B51F20@hp0.mv9.eming.cfd--

History

#1 Updated by malcolmlewis 7 months ago

Mir_ppc wrote:

So i noticed i got a strange email in my spam inbox related to my opensuse membership email.  Pasted down below is the raw output from the email in question.
Not sure what is up with it.
Patrick Finie

Hi
FWIW, I got the same, it's spam....

#2 Updated by pjessen 7 months ago

  • Category set to Email
  • Assignee set to pjessen
  • Private changed from Yes to No

A quick browse through, and I would say it looks like someone tried to use your email address for spamming. I'll take a closer look tomorrow.

#3 Updated by pjessen 7 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Yes, it looks like someone sent a load of spam to various opensuse addresses. Nothing much we can do about that :-(

Also available in: Atom PDF