[Systems] Fwd: Re: [Sonic #7314311] [ABUSE] E-mail spam alert (23739548 from 192.184.220.214) re Good Day

Chihurumnaya Ibiam ibiamchihurumnaya at gmail.com
Sat Oct 28 13:48:34 EDT 2023

Previous message (by thread): [Systems] Fwd: Re: [Sonic #7314311] [ABUSE] E-mail spam alert (23739548 from 192.184.220.214) re Good Day
Next message (by thread): [Systems] Fwd: Re: [Sonic #7314311] [ABUSE] E-mail spam alert (23739548 from 192.184.220.214) re Good Day
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Changed the password and restarted the containers and nginx.

-- 

Ibiam Chihurumnaya
ibiamchihurumnaya at gmail.com




On Sat, Oct 28, 2023 at 6:35 PM Chihurumnaya Ibiam <
ibiamchihurumnaya at gmail.com> wrote:

> Nope, there's no root password.
>
> Although weblate itself has a trivial password, I'll change it and update
> the docker environment file.
>
> --
>
> Ibiam Chihurumnaya
> ibiamchihurumnaya at gmail.com
>
>
>
>
> On Sat, Oct 28, 2023 at 6:06 PM Bernie Innocenti <bernie at codewiz.org>
> wrote:
>
>> Then it's possible that they guessed the root password.
>>
>> Was it something trivial or predictable, like "weblate" or "sugarlabs"?
>>
>>
>> On October 28, 2023 4:49:26 PM UTC, Alex Perez <aperez at alexperez.com>
>> wrote:
>>
>>> It is definitely listening on a public port, but it is not an open relay:
>>>
>>>
>>>
>>> Bernie Innocenti wrote on 10/28/23 9:34 AM:
>>>
>>> Ibiam, is the SMTP server on weblate listening on a public port?
>>>
>>>
>>> On October 28, 2023 3:22:31 PM UTC, Alex Perez <aperez at alexperez.com>
>>> <aperez at alexperez.com> wrote:
>>>
>>>> FYI. The e-mail being sent from weblate appears to be incorrectly
>>>> configured. I don't have time to deal with this in a timely manner, but
>>>> perhaps someone else does.  The recipient, johnl at iecc.com, reported
>>>> they received a message from our weblate host, which they reported as spam.
>>>>
>>>>
>>>> -------- Forwarded Message --------
>>>> Subject: Re: [Sonic #7314311] [ABUSE] E-mail spam alert (23739548 from
>>>> 192.184.220.214) re Good Day
>>>> Date: Fri, 27 Oct 2023 16:43:16 -0700
>>>> From: Sonic Abuse <abuse at sonic.net> <abuse at sonic.net>
>>>> To: aperez at alexperez.com
>>>>
>>>> Hello,
>>>> Recently a message was sent from your mailbox "root at weblate.sugarlabs.org" <root at weblate.sugarlabs.org> and one of the receipts has reported it as spam. I have included the original headers below.
>>>> If you sent this email, and you believe it was marked as spam incorrectly, you may want to contact the recipient.
>>>> However if you did not send this email, it is likely that your mailbox was compromised and needs to be secured.
>>>> If you have any questions, you can respond to this email or contact our customer support department.
>>>>
>>>> --1698095665.7060_boundary
>>>> Content-Type: message/feedback-report
>>>>
>>>> Feedback-Type: abuse
>>>> User-Agent: mspam/1.3
>>>> Version: 1
>>>> Source-IP: 192.184.220.214
>>>> Original-Rcpt-To: johnl at iecc.com
>>>> Received-Date: 23 Oct 2023 05:57:47 -0000
>>>>
>>>> --1698095665.7060_boundary
>>>> Content-Type: message/rfc822
>>>> Content-Disposition: inline; filename="23739548.eml"
>>>>
>>>> Return-Path: <root at weblate.sugarlabs.org> <root at weblate.sugarlabs.org>
>>>> X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on gal.iecc.com
>>>> X-Spam-Flag: YES
>>>> X-Spam-Level: ****************
>>>> X-Spam-Status: Yes, score=16.6 required=4.4 tests=ADVANCE_FEE_3_NEW_FRM_MNY,
>>>> 	BAYES_50,DEAR_BENEFICIARY,FILL_THIS_FORM,FILL_THIS_FORM_LONG,
>>>> 	FORM_FRAUD_5,FREEMAIL_FORGED_REPLYTO,HK_SCAM,HTML_MESSAGE,
>>>> 	LOTS_OF_MONEY,MIME_HTML_ONLY,MIXED_HREF_CASE,MONEY_ATM_CARD,
>>>> 	MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO,SPF_HELO_PASS,SPF_PASS
>>>> 	autolearn=spam autolearn_force=no version=4.0.0
>>>> X-Spam-Report:
>>>> 	* -0.0 SPF_PASS SPF: sender matches SPF record
>>>> 	* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
>>>> 	*  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
>>>> 	*      [score: 0.4611]
>>>> 	*  1.6 DEAR_BENEFICIARY BODY: Dear Beneficiary:
>>>> 	*  0.0 HTML_MESSAGE BODY: HTML included in message
>>>> 	*  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
>>>> 	*  2.0 MIXED_HREF_CASE Has href in mixed case
>>>> 	*  1.1 HK_SCAM No description available.
>>>> 	*  0.0 LOTS_OF_MONEY Huge... sums of money
>>>> 	*  2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
>>>> 	*  0.0 FILL_THIS_FORM Fill in a form with personal information
>>>> 	*  2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
>>>> 	*  2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
>>>> 	*  1.0 MONEY_ATM_CARD Lots of money on an ATM card
>>>> 	*  2.1 MONEY_FRAUD_5 Lots of money and many fraud phrases
>>>> 	*  1.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of money
>>>> 	*  0.4 FORM_FRAUD_5 Fill a form and many fraud phrases
>>>> Delivered-To: johnl at iecc.com
>>>> Received: (qmail 24861 invoked from network); 23 Oct 2023 05:57:47 -0000
>>>> Authentication-Results: iecc.com; spf=pass spf.mailfrom=root at weblate.sugarlabs.org spf.helo=weblate.sugarlabs.org smtp.remote-ip="192.184.220.214"; dmarc=pass header.from=weblate.sugarlabs.org polrec.p=quarantine polrec.pct=5
>>>> Received: from weblate.sugarlabs.org (weblate.sugarlabs.org [192.184.220.214])
>>>>   by mail1.iecc.com ([64.57.183.56])
>>>>   with ESMTPS via TCP (port 51298/25) id 720822916
>>>>   tls TLS1_3_ECDHE_RSA_AES_256_GCM_AEAD; 23 Oct 2023 05:57:47 -0000
>>>> Received: from weblate.sugarlabs.org (60-251-35-90.hinet-ip.hinet.net [60.251.35.90])
>>>> 	(Authenticated sender: root)
>>>> 	by weblate.sugarlabs.org (Postfix) with ESMTPSA id 879DA68732
>>>> 	for <johnl at iecc.com> <johnl at iecc.com>; Sun, 22 Oct 2023 22:50:32 -0700 (PDT)
>>>> Reply-To: olivera4good at gmail.com
>>>> From: Info <root at weblate.sugarlabs.org> <root at weblate.sugarlabs.org>
>>>> To: johnl at iecc.com
>>>> Subject: Good Day
>>>> Date: 23 Oct 2023 13:50:34 +0800
>>>> Message-ID: <20231023135034.F8EDC8E49D7FE2C7 at weblate.sugarlabs.org> <20231023135034.F8EDC8E49D7FE2C7 at weblate.sugarlabs.org>
>>>> MIME-Version: 1.0
>>>> Content-Type: text/html;
>>>> 	charset="iso-8859-1"
>>>> Content-Transfer-Encoding: quoted-printable
>>>> X-DCC-iecc-Metrics: gal.iecc.com 1107; Body=1 Fuz1=1 Fuz2=1
>>>> X-Tag: tagged by spamassassin
>>>>
>>>> Logan P.
>>>> support at sonic.net                                         Sonic LLC
>>>> Sonic.net Support                                           2260 Apollo Way
>>>> 1.855.394.0100 (Tech Support)                       Santa Rosa, CA 95407
>>>> 1.707.547.2199 (FAX)                                      http://sonic.com/support
>>>>
>>>> --
>>> Sent with K-9 Mail.
>>>
>>>
>>> --
>> Sent with K-9 Mail.
>> _______________________________________________
>> Systems mailing list
>> Systems at lists.sugarlabs.org
>> http://lists.sugarlabs.org/listinfo/systems
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20231028/50d9acbb/attachment.htm>

Previous message (by thread): [Systems] Fwd: Re: [Sonic #7314311] [ABUSE] E-mail spam alert (23739548 from 192.184.220.214) re Good Day
Next message (by thread): [Systems] Fwd: Re: [Sonic #7314311] [ABUSE] E-mail spam alert (23739548 from 192.184.220.214) re Good Day
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list