[CentOS] please block user

Wed Aug 26 18:11:21 UTC 2015

On Wed, August 26, 2015 12:55 pm, James A. Peltier wrote:
>
>
> ----- Original Message -----
> | -----BEGIN PGP SIGNED MESSAGE-----
> | Hash: SHA1
> |
> | On 25/08/15 23:09, Fabian Arrotin wrote:
> | > On 25/08/15 20:39, Alice Wonder wrote:
> | >> julie70773 [at] loverhearts.com
> | >
> | >> Responded off-list to message on the list, spam with content
> | >> that is not suitable for minors.
> | >
> | >> It is possible subscribed under different address.
> | >
> | >> IP of offending spam :
> | >
> | >> Received: from mx2.loverhearts.com (mx2.loverhearts.com
> | >> [45.55.128.151]) (using TLSv1.2 with cipher

As you see from this your header spam was not delivered through centos
mail list, but comes from one of the IPs of digitalocean.com IP block:
45.55.0.0/16. As Fabian told centos mail list server admins contacted
digitalocean.com about abuse (even though indirect, but with apparent
misuse of centos list servers for collecting e-mails of posters). And the
moment I received my copy of this spam _after_ Fabian mentioned they
contacted digitalocean.com, I just blocked mail from their block of IP
addresses (45.55.0.0/16) on my servers as digitalocean apparently didn't
react to abuse notice promptly. Others may want to do the same, thus we
will pass the message with all seriousness to digitalocean.com.

Just my $0.02

Valeri

> | >> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client
> | >> certificate requested) by mail.domblogger.net (Postfix) with
> | >> ESMTPS id C4871C5B for <alice at domblogger.net>; Tue, 25 Aug 2015
> | >> 18:29:11 +0000 (UTC)
> | >
> | > Thanks for the notification, and for not having forwarded the mail
> | > to the list (which some people did on other lists ...) Please note
> | > that such user (or multiple ones from that domain) isn't/aren't
> | > subscribed to the list. In fact, I see a bunch of mails rejected at
> | > our level, from that domain, but from a *bunch* of different IP
> | > addresses, and so directly bounced back .. It seems someone/some
> | > bot is tracking the mail lists and answering to both the reply-to
> | > *and* the originator (but bounced by mailman, so no mail on the
> | > list[s])
> | >
> | > Under investigation to see how to help stopping the flood, even if
> | > not originating from/passing through the centos.org servers ...
> | >
> |
> | Just a quick status update : we've identified (from the mails
> | bounced/rejected by our server) 14 IPs addresses used to send those
> | mails. All those IPs are originating from DigitalOcean, so we reported
> | the abuse so that they can investigate on their side.
> |
> | Cheers,
> |
> | - --
> | Fabian Arrotin
> | The CentOS Project | http://www.centos.org
> | gpg key: 56BEC54E | twitter: @arrfab
> | -----BEGIN PGP SIGNATURE-----
> | Version: GnuPG v2.0.22 (GNU/Linux)
> |
> | iEYEARECAAYFAlXdWL0ACgkQnVkHo1a+xU4ylgCfcJcHdOw1vhUtmfUYiFWpefji
> | yhcAnRChmlbYNG8efqx9uZZCrOWpqtD1
> | =VvHI
> | -----END PGP SIGNATURE-----
> | _______________________________________________
> | CentOS mailing list
> | CentOS at centos.org
> | http://lists.centos.org/mailman/listinfo/centos
> |
>
> I told my wife (yes awkward) that I thought that the list would be
> removing content of this type (images), since likely it is of little value
> to the list for helping people.  I was shocked (for many reasons) that it
> is not.
>
> --
> James A. Peltier
> IT Services - Research Computing Group
> Simon Fraser University - Burnaby Campus
> Phone   : 604-365-6432
> Fax     : 778-782-3045
> E-Mail  : jpeltier at sfu.ca
> Website : http://www.sfu.ca/itservices
> Twitter : @sfu_rcg
> Powering Engagement Through Technology
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++