Jump to content


badrihippo

Member Since 10 Jun 2012
Offline Last Active Oct 22 2019 06:21 AM
-----

Posts I've Made

In Topic: Did someone access my email?

22 October 2019 - 06:22 AM

Update: just noticed the "sender does not match SPF record" in the X-Spam-Report!

 

So maybe Tommy's spam filters caught it @mydomain, but then it was auto-forwarded to Gmail with a new SPF record, which did match, so Gmail didn't notice the discrepancy and marked it as properly signed? Is that a possibility?


In Topic: Did someone access my email?

22 October 2019 - 06:19 AM

Thanks. I'm aware of email spoofing, but not sure about the extent to which it could be done.

 

Gmail says "signed by: mydomain.me" in the email details—doesn't that indicate the email actually went through mydomain at some point? Or is there a way to spoof the "signed by" too?

 

I'm pasting the whole header here but it's pretty messy (forwards go from myself@mydomain.me -> myotheremail@gmail.com -> myemail @gmail.com, for some obscure reason which I should probably fix). Not expecting anyone to go through it all, but are there any hints as to how I could make sense of this? I basically want to satisfy myself that everything here can be spoofed.

Delivered-To: myemail@gmail.com
Received: by 2002:a67:e056:0:0:0:0:0 with SMTP id n22csp3631698vsl;
        Sun, 20 Oct 2019 17:00:29 -0700 (PDT)
X-Received: by 2002:a17:90a:b391:: with SMTP id e17mr25748522pjr.132.1571616029662;
        Sun, 20 Oct 2019 17:00:29 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1571616029; cv=pass;
        d=google.com; s=arc-20160816;
        b=d3gg1WpWGBeVN9rRR8GGxlSAKY7RIdBTl7lzfS4mRBP2fXZ1sRne79QHFW2p7XbfIh
         Iir/BhL9aox5JISZTezCHpSIICuF+EBJAyaFXxFvMvY4MqNIe9t963xWvtCGaBTNo4Ne
         hWf3huz6iRo6aWEUVM/9bZlFzo5+EpsD8eDpdiNWlETO98cQ+8KYjK6CvofRQXTUd5rg
         nytjAfRAYSFoW/6r5mfb3BzWCrf6aKv8F4awJuzB6bc/ObEd7j5/QmS/nR7Fp90osVuC
         fnFTwS3WeivXyja3xPHFr080IKX3eILqsIytZInmF/NT91k6LGiI6dlmbMc1aNNcuBc7
         mYxw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=subject:thread-index:content-transfer-encoding:mime-version
         :message-id:date:to:from:dkim-signature:delivered-to;
        bh=86xW1/5gFPKtL1yqGX8BUniDPjrrBK/lP/Gdca3ESBY=;
        b=FHBntMhckROY063EttdiJQmVUNDWlcB3oPuoWdOCqJvTFIwpYJKABPWtUFZbk8UC3j
         3fsDcoEuzLjuDs0JftRbaun3mkbrqWrtJcC59RE2sQhv6GxvNvW5w2TaYutDGQFqyk5T
         odwTWh6SDHDdkU4camntXV1T/5oKEIbea8NbjkF2qLhTSFy/bC6JyBazUgsrTH6vGF/6
         NqavOmoItmE/1HsCxWnAHhb31HU7LdEcMlH9mOo2NgRZkHwoHIjzmZ1ddXaTEEM9IAcs
         5Mzy76jJFdBw9dGphMZSoBqvtdpfwMEUoMr/sFPgufJcvQTgLVbGyHMaF6zd2f/EWKAl
         Lsug==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@mydomain.me header.s=default header.b=Zr2vxWeJ;
       arc=pass (i=1 spf=pass spfdomain=mydomain.me dkim=pass dkdomain=mydomain.me);
       spf=pass (google.com: domain of myotheremail+caf_=myemail=gmail.com@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom="myotheremail+caf_=myemail=gmail.com@gmail.com"
Return-Path: <myotheremail+caf_=myemail=gmail.com@gmail.com>
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41])
        by mx.google.com with SMTPS id k3sor5206526plt.5.2019.10.20.17.00.28
        for <myemail@gmail.com>
        (Google Transport Security);
        Sun, 20 Oct 2019 17:00:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of myotheremail+caf_=myemail=gmail.com@gmail.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mydomain.me header.s=default header.b=Zr2vxWeJ;
       arc=pass (i=1 spf=pass spfdomain=mydomain.me dkim=pass dkdomain=mydomain.me);
       spf=pass (google.com: domain of myotheremail+caf_=myemail=gmail.com@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom="myotheremail+caf_=myemail=gmail.com@gmail.com"
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:delivered-to:dkim-signature:from:to:date
         :message-id:mime-version:content-transfer-encoding:thread-index
         :subject;
        bh=86xW1/5gFPKtL1yqGX8BUniDPjrrBK/lP/Gdca3ESBY=;
        b=tAIh3Wif9WO6z7buxRRtN5R+yZtHg902bDj0qhP+jIadeQOVlQQxiMd1MG0yrhJb4g
         OPWIXRU9E5QC4jQ9ozkYlVXbvFBo32/Mg0rNtt0THLl2te4MwtkOlJdxwi6WRKyJupd4
         yrqrvedMBxrIAmfSmdNpChNa8wjprtUG2w84+KFspbnfRwu22OlyUExyiDYqAUV3byRK
         ktBMpXWy0QJQLxC7xIE1GFuwWa2WK2B1SSIUlyD/2xPPybQbjmrj09fu1DgQRcbCqKzN
         h/JLkBtzyMJUgBRGYCwPS+/LfnGIUdFm33ME1f4ev9ZvaqH1X7vXmIFadsyHjxX+wxrJ
         cp0Q==
X-Gm-Message-State: APjAAAX8cHavL9XjbtCoAo5sDSz8k4iOdo+3NqF3fwyQgupxmDzF1mjO Vb8Ix5RC47OQxbbImZusmHLsdlypQZquNP+il14wc5nDmYggkxo=
X-Received: by 2002:a17:902:968f:: with SMTP id n15mr21395732plp.191.1571616028625;
        Sun, 20 Oct 2019 17:00:28 -0700 (PDT)
X-Forwarded-To: myemail@gmail.com
X-Forwarded-For: myotheremail@gmail.com myemail@gmail.com
Delivered-To: myotheremail@gmail.com
Received: by 2002:a17:90a:8b07:0:0:0:0 with SMTP id y7csp3685898pjn;
        Sun, 20 Oct 2019 17:00:27 -0700 (PDT)
X-Google-Smtp-Source: APXvYqz0NdzCfEJU8MRGTLqjbIkR5hTodUpoaS66VHt4/HfH8mIfK7xoCgUcCv/kuBAfQD2ezm/5
X-Received: by 2002:a63:cb4c:: with SMTP id m12mr9626899pgi.58.1571616027608;
        Sun, 20 Oct 2019 17:00:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1571616027; cv=none;
        d=google.com; s=arc-20160816;
        b=rv/CpcR9ueqQYllVSXOEd/Iu1VFh5QmsHHMTtqSf92FXpXLCY7M5xvIXBhTCOF0tBi
         UOqA5dY17Ryi4GEbC6X6tgnQlNSP0xSpgoiLjBu6vmnupIgUlkLEGlVn47d9mpYeiYxU
         v8A0/5HfEJJ6vRo2wkF00fAXZ3KgQq52UtnwobqrhRLV53K4guQPjdjlmihh77k4TgSP
         lu9n1IYJBm7A+Xp/avkMvrzR5j2Pjt54I9BWikjVlfp/TiofbpKL1X391Fjg9EInuSrr
         w6PfWK6WzogSpCTrduKoKRBGalNQnaNkpPdMzoc+zVcK7LEbASU2InaZ+J7ZPNhAfaZa
         SJTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=subject:thread-index:content-transfer-encoding:mime-version
         :message-id:date:to:from:dkim-signature;
        bh=86xW1/5gFPKtL1yqGX8BUniDPjrrBK/lP/Gdca3ESBY=;
        b=S2zQNAsFd26imXO6fzRZqPe+JnzT+m+S6RxOgJ14I3pK+L/qx38Hq0RtDcAbHtZr1X
         sOMm1rklmm+6fG6y32qIy5FNnxV9jrrhQbi7sBkUgoDV4w+NNRraEuhfVVTKctfuaFqU
         +FHcjKdlUEHiJUqCY1VCiDO2aiPbujlpZR926SvJbJC2V4qatZ8zSQTk7iPP7NviOT8j
         nfaWuXVvw1t0ggwfLI0rAZ28/RooIRln2VCU2+u2nLGFdneeZApV/UsWpaJrDvbWWKNe
         7UKUhqvr7Gx+wFEEfcYjoMp1g4dDeQP53slkPMyS6VYLlZHWZkZ+qESFsOufT0W9TE07
         iksA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@mydomain.me header.s=default header.b=Zr2vxWeJ;
       spf=pass (google.com: domain of myself@mydomain.me designates 65.19.143.6 as permitted sender) smtp.mailfrom=myself@mydomain.me
Return-Path: <myself@mydomain.me>
Received: from tommy.heliohost.org (tommy.heliohost.org. [65.19.143.6])
        by mx.google.com with ESMTPS id t21si14112972pfh.172.2019.10.20.17.00.26
        for <myotheremail@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 20 Oct 2019 17:00:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of myself@mydomain.me designates 65.19.143.6 as permitted sender) client-ip=65.19.143.6;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mydomain.me;
     s=default; h=Subject:Content-Transfer-Encoding:Content-Type:MIME-Version: Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=86xW1/5gFPKtL1yqGX8BUniDPjrrBK/lP/Gdca3ESBY=; b=Zr2vxWeJm7Zy7d3K0jmcv/U9jh NCf+mVIAxRV3jNDPF/l76iGxnncKOBDHNvSC0HCpUUWPy+r7cMICW6UhwadZOIgWifm/e5Uk0BG5L GT1wfLlmwIS2D7pIHCgXqyMVli64p1zZ4t24FFOsUrs2ceaPKbT3w89OuDu+pxrDPH9+DFdAZkWgB NAgwQnWR7X+IOfYSaZ7mU5omorSS3hWIGFXZUsXlmTaDZtoj6oTDlvvewfnelQJf0lS9uNV9huzvn qEoQAO7X4q5n40FdTm4S/cIeFAjp6ewFTD51o5fmifK095Ke1p6/blB8ec4/I1M+vmyRXDUaGUTsA K6L8Dn5A==;
Received: from 189-18-165-106.dsl.telesp.net.br ([189.18.165.106]:24249) by tommy.heliohost.org with esmtp (Exim 4.92) (envelope-from <myself@mydomain.me>) id 1iML7X-000Wak-Rw for myself@mydomain.me; Mon, 21 Oct 2019 00:00:26 +0000
From: <myself@mydomain.me>
To: <myself@mydomain.me>
Date: 20 Oct 2019 18:42:43 -0300
Message-ID: <001301d58791$05c2c4ce$81ecb9aa$@mydomain.me>
MIME-Version: 1.0
Content-Type: text/plain; charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acf6ns9giqwc2mwhf6ns9giqwc2tyc==
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17514
X-Spam-Status: Yes, score=45.3
X-Spam-Score: 453
X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "tommy.heliohost.org", has identified this incoming email as possible spam.
  The original message has been attached to this so you can view it or label similar future email.
  If you have any questions, see root\@localhost for details. Content preview:
  Hi, dear user of mydomain.me [excerpt of random threatening message I know is a bluff]
  Content analysis details:
   (45.3 points, 5.0 required)
  pts rule name
              description ---- ---------------------- --------------------------------------------------
  3.6 RCVD_IN_PBL
            RBL: Received via a relay in Spamhaus PBL
                             [189.18.165.106 listed in zen.spamhaus.org]
  4.7 RCVD_IN_XBL
            RBL: Received via a relay in Spamhaus XBL
  0.4 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
                             (Split IP)
  0.0 TVD_RCVD_IP
            Message was received from an IP address
  1.3 RCVD_IN_RP_RNBL
        RBL: Relay in RNBL,
                             https://senderscore.org/blacklistlookup/
                            [189.18.165.106 listed in bl.score.senderscore.com]
  2.7 RCVD_IN_PSBL
           RBL: Received via a relay in PSBL
                             [189.18.165.106 listed in psbl.surriel.com]
  6.2 RCVD_IN_MSPIKE_L5
      RBL: Very bad reputation (-5)
                             [189.18.165.106 listed in bl.mailspike.net]
  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
                             bl.spamcop.net
              [Blocked - see <https://www.spamcop.net/bl.shtml?189.18.165.106>]
  1.5 SPF_SOFTFAIL
           SPF: sender does not match SPF record (softfail)
  0.0 RCVD_IN_MSPIKE_BL
      Mailspike blacklisted
  5.0 BITCOIN_EXTORT_01
      Extortion spam, pay via BitCoin
  2.6 RDNS_DYNAMIC
           Delivered to internal network by host with
                             dynamic-looking rDNS
  3.9 HELO_DYNAMIC_IPADDR2
   Relay HELO'd using suspicious hostname (IP
                             addr 2)
  2.5 HELO_DYNAMIC_HCC
       Relay HELO'd using suspicious hostname (HCC)
  3.4 BITCOIN_SPAM_07
        BitCoin spam pattern 07
  2.5 TO_EQ_FM_DIRECT_MX
     To == From and direct-to-MX
  2.0 MIMEOLE_DIRECT_TO_MX
   MIMEOLE + direct-to-MX
  1.4 DOS_OUTLOOK_TO_MX
      Delivered direct to MX with Outlook headers
  0.4 NO_FM_NAME_IP_HOSTN
    No From name + hostname using IP address
X-Spam-Flag: YES
Subject: ***SPAM***
  Frauders known your old passwords. Access data must be changed.
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tommy.heliohost.org
X-AntiAbuse: Original Domain - mydomain.me
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mydomain.me
X-Get-Message-Sender-Via: tommy.heliohost.org: redirect/forwarder owner myself@mydomain.me -> myotheremail@gmail.com
X-Authenticated-Sender: tommy.heliohost.org: myself@mydomain.me
X-Source:
X-Source-Args:
X-Source-Dir:

Hi, dear user of mydomain.me

[Random threatening message which I know is a bluff]

Thanks in advance!


In Topic: Add Patreon to donation options

21 October 2019 - 04:52 AM

What about Liberapay? Their model is slightly different; all the donations leave your account at once, and then you get a reminder when it needs to be topped up.

 

They're a non-profit so don't have processing fees on their own (all their funding is from a "Liberapay" account on their own website  :lol:)


In Topic: Receiving emails at HelioHost when the domain is managed elsewhere

16 October 2019 - 01:24 PM

Oh...that makes sense! Will it be possible to redirect the top-level domain (naked/www) though? Maybe I'll try see. I use HelioHost for other things so the once-a-month login is not a problem.

 

I didn't realise there's a limit on emails. My mailing list is going to start with just 4-5 people, so I guess I can host it here for now and move it (via MX records) when it grows too big.

 

Also, in the event that the server crashes, will my domains on the nameserver still function? (I know that's unlikely since Tommy's just been refreshed with new-and-improved hardware, but if it's a possibility then I'll retain my ClouDNS account as a backup).

 

Thanks!


In Topic: [Answered] Uploading via zipfile

29 September 2019 - 08:05 AM

You can upload the ZIP file by clicking the "Upload" button and extract it after it is uploaded.

 

Apologies for the late reply. I had put this whole thing on hold since Tommy went down. But now it's back and I tried it—worked like a charm! Thank you :D