[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17855 [Flashproxy]: flashproxy-reg-email detected as Kelihos botnet spam by the CBL (Composite Blocking List)
#17855: flashproxy-reg-email detected as Kelihos botnet spam by the CBL (Composite
Blocking List)
------------------------+---------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Flashproxy | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------+---------------------
Comment (by dcf):
Someone called Andy at the CBL says:
Fix the EHLO to be something that matches the rest of the infrastructure
and you shouldn't have any further listings from us.
Here's an SMTP transcript of a flashproxy-reg-email session. The reason we
use `[127.0.0.1]` is we don't know our own IP address until we receive one
of the "at your service" lines. We could easily modify the second EHLO
line (after STARTTLS) but not so easily the first. If you don't force an
IP address, Python smtplib will do something stupid like guess the local
hostname with
[https://docs.python.org/2/library/socket.html#socket.getfqdn
socket.getfqdn].
{{{
â EHLO [127.0.0.1]
â 250-mx.google.com at your service, [69.164.193.231]
â 250-SIZE 35882577
â 250-8BITMIME
â 250-STARTTLS
â 250-ENHANCEDSTATUSCODES
â 250-PIPELINING
â 250-CHUNKING
â 250 SMTPUTF8
â STARTTLS
â 220 2.0.0 Ready to start TLS
â ehlo [127.0.0.1]
â 250-mx.google.com at your service, [69.164.193.231]
â 250-SIZE 35882577
â 250-8BITMIME
â 250-ENHANCEDSTATUSCODES
â 250-PIPELINING
â 250-CHUNKING
â 250 SMTPUTF8
â mail FROM:<flashproxyreg.a@xxxxxxxxx> size=439
â 250 2.1.0 OK xp4si3037295pab.1 - gsmtp
â rcpt TO:<flashproxyreg.a@xxxxxxxxx>
â 250 2.1.5 OK xp4si3037295pab.1 - gsmtp
â data
â 354 Go ahead xp4si3037295pab.1 - gsmtp
â To: flashproxyreg.a@xxxxxxxxx
â From: nobody@localhost
â Subject: client reg d60094a2a9
â
â
CaNRg3izH9hQttn8w+1ud2I4eJRas32izai/fgWWKkLSU4eYk8nOdZcXMxtqNfFRn+4JftiHQanl
â
qbS6b2yxJ2ygpGasldKm+m3suJx0+0Dm8EOKAZZMkjqTb048a/iSZyxyiuBFa1oaLig8Y+AO9KE4
â
UI2Mniq4rQL1QeUEOl35L3TqFvEPe/5e2tHUKbVP8mSclCKqEzcgNvYxgOj2zPUnNRdmhHEBJ85w
â
Ryrwim83tFGUcjSDFeYpNwNWvIH5ZigeY31O46iuT0cQV9EYa68Ldo/ZYUsscyRs+AMJJsFzBBhx
â nEPsQTgGoy8Pk+IjxEVCJdA8Htp81n/IeXyNDQ==
â
â .
â 250 2.0.0 OK 1449981129 xp4si3037295pab.1 - gsmtp
â quit
â 221 2.0.0 closing connection xp4si3037295pab.1 - gsmtp
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17855#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs