[Owasp-infrastructure] owasp email - MYDOOM VIRUS

Matt Tesauro matt.tesauro at owasp.org
Thu Feb 9 16:18:12 UTC 2012


Rackspace has added both MX and SPF records to DNS.  This should help
reduce the chance that lists.owasp.org mail traffic is treated like SPAM
and rejected/bounced.

At least now mail servers receiving mail form lists.owasp.org can confirm
the server should be sending mail for that domain and that it is the only
server that should be doing so.

I've tested and both are now in DNS:
$ dig lists.owasp.org MX

; <<>> DiG 9.6-ESV-R4-P3 <<>> lists.owasp.org MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lists.owasp.org. IN MX

;; ANSWER SECTION:
lists.owasp.org. 300 IN MX 10 lists.owasp.org.

;; Query time: 75 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Thu Feb  9 10:10:17 2012
;; MSG SIZE  rcvd: 49

$ dig lists.owasp.org TXT

; <<>> DiG 9.6-ESV-R4-P3 <<>> lists.owasp.org TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17819
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lists.owasp.org. IN TXT

;; ANSWER SECTION:
lists.owasp.org. 300 IN TXT "v=spf1 a mx -all"

;; Query time: 77 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Thu Feb  9 10:06:16 2012
;; MSG SIZE  rcvd: 62
--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site



On Thu, Feb 9, 2012 at 9:50 AM, Matt Tesauro <mtesauro at gmail.com> wrote:

> I did some looking and we do not have an MX record for lists.owasp.org.
>  The previous email servers I ran treated senders without MX records as
> spammers.  Additionally, we do not have a SPF record in DNS.  Details
> below...
>
> I'll put in a ticket with Rackspace to setup an MX record for
> lists.owasp.org and see if they can also put in a SPF record as well.
>
> More when I hear back from Rackspace.
>
> SPF records:
> http://en.wikipedia.org/wiki/Sender_Policy_Framework
>
> [details]
> $ dig lists.owasp.org MX
>
> ; <<>> DiG 9.6-ESV-R4-P3 <<>> lists.owasp.org MX
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31605
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;lists.owasp.org. IN MX
>
> ;; AUTHORITY SECTION:
> owasp.org. 300 IN SOA dns.stabletransit.com. ipadmin.stabletransit.com.
> 1323909439 3600 300 1814400 300
>
> ;; Query time: 129 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254)
> ;; WHEN: Thu Feb  9 09:42:40 2012
> ;; MSG SIZE  rcvd: 98
>
> $ dig lists.owasp.org TXT
>
> ; <<>> DiG 9.6-ESV-R4-P3 <<>> lists.owasp.org TXT
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11368
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;lists.owasp.org. IN TXT
>
> ;; AUTHORITY SECTION:
> owasp.org. 300 IN SOA dns.stabletransit.com. ipadmin.stabletransit.com.
> 1323909439 3600 300 1814400 300
>
> ;; Query time: 75 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254)
> ;; WHEN: Thu Feb  9 09:48:33 2012
> ;; MSG SIZE  rcvd: 98
>
> $ dig lists.owasp.org
>
> ; <<>> DiG 9.6-ESV-R4-P3 <<>> lists.owasp.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35775
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;lists.owasp.org. IN A
>
> ;; ANSWER SECTION:
> lists.owasp.org. 3600 IN A 50.56.58.227
>
> ;; Query time: 136 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254)
> ;; WHEN: Thu Feb  9 09:42:52 2012
> ;; MSG SIZE  rcvd: 49
>
> [details]
>
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
>
>
> On Thu, Feb 9, 2012 at 7:28 AM, Mark Bristow <mark.bristow at owasp.org>wrote:
>
>> Yeah I got like 150 bounces this morning as a list admin (and it
>> de-registered my address for some reason)
>>
>>
>> On Thu, Feb 9, 2012 at 8:08 AM, Kate Hartmann <kate.hartmann at owasp.org>wrote:
>>
>>>  Humm, this doesn't sound good.
>>>
>>> Kate Hartmann
>>> OWASP Operations Director
>>>
>>>
>>> Begin forwarded message:
>>>
>>>  *From:* Jones Aileen T <Aileen.T.Jones at irs.gov>
>>> *Date:* February 9, 2012 7:40:34 AM EST
>>> *To:* "kate.hartmann at owasp.org" <kate.hartmann at owasp.org>
>>> *Subject:* *FW: owasp email - MYDOOM VIRUS*
>>>
>>>
>>> Hi Kate -
>>>
>>> In case OWASP is not aware, I received an email stating that my
>>> anti-virus software detected the MYDOOM Virus in an email from OWASP
>>> Washington mailing list earlier today.
>>> Thank you!
>>> Regards,
>>> *Aileen Jones*
>>> CISSP, CISA, CISM, CRISC
>>>
>>> Internal Revenue Service****
>>>
>>> MITS, Cybersecurity
>>>
>>> Architecture & Engineering Advisory (AEA) Branch
>>>
>>> Security Engineering Services
>>>
>>>
>>> Room: C6-186 NCFB
>>> POD: 5000 Ellin Road
>>>             Lanham, MD 20706
>>> Phone: 202-283-0219
>>> Email: Aileen.T.Jones at irs.gov
>>>
>>>
>>>
>>>  ------------------------------
>>> *From:* Jones Aileen T
>>> *Sent:* Monday, February 06, 2012 10:18 AM
>>> *To:* 'Kate Hartmann'
>>> *Subject:* RE: owasp email
>>>
>>>  Hi Kate -
>>> I deleted it but have it in my "SENT " folder so will forward it to you
>>> from there.
>>>
>>> Thank you!
>>> Regards,
>>> *Aileen Jones*
>>> CISSP, CISA, CISM, CRISC
>>>
>>> Internal Revenue Service****
>>>
>>> MITS, Cybersecurity
>>>
>>> Architecture & Engineering Advisory (AEA) Branch
>>>
>>> Security Engineering Services
>>>
>>>
>>> Room: C6-186 NCFB
>>> POD: 5000 Ellin Road
>>>             Lanham, MD 20706
>>> Phone: 202-283-0219
>>> Email: Aileen.T.Jones at irs.gov
>>>
>>>
>>>
>>>  ------------------------------
>>> *From:* Kate Hartmann [mailto:kate.hartmann at owasp.org]
>>> *Sent:* Monday, February 06, 2012 10:08 AM
>>> *To:* Jones Aileen T
>>> *Subject:* RE: owasp email
>>>
>>>  We recently migrated our system and our mailing lists were acting a
>>> bit confused J  No spam, but rather some strange messages.  ****
>>>
>>> ** **
>>>
>>> Could you forward that message to me so I can pass along the exact
>>> text.  ****
>>>
>>> ** **
>>>
>>> Kate Hartmann****
>>>
>>> Operations Director****
>>>
>>> 301-275-9403****
>>>
>>> www.owasp.org ****
>>>
>>> Skype:  Kate.hartmann1****
>>>
>>> ** **
>>>
>>> *From:* Jones Aileen T [mailto:Aileen.T.Jones at irs.gov]
>>> *Sent:* Monday, February 06, 2012 10:04 AM
>>> *To:* Kate Hartmann
>>> *Subject:* RE: owasp email****
>>>
>>> ** **
>>>
>>> HI Kate - ****
>>>
>>>  ****
>>>
>>> Thank you. I also had notified our security /email / SPAM team here.
>>> They were going to check it out to see if it was legitimate or some kind of
>>> a  "Phishing attack" . It was pretty scary since I sure hope my machine was
>>> not sending spam!  ****
>>>
>>>  ****
>>>
>>> Thank you!****
>>>
>>> Regards,****
>>>
>>> *Aileen Jones*****
>>>
>>> CISSP, CISA, CISM, CRISC****
>>>
>>> Internal Revenue Service****
>>>
>>> MITS, Cybersecurity****
>>>
>>> Architecture & Engineering Advisory (AEA) Branch****
>>>
>>> Security Engineering Services****
>>>
>>>  ****
>>>
>>> Room: C6-186 NCFB****
>>>
>>> POD: 5000 Ellin Road****
>>>
>>>             Lanham, MD 20706****
>>>
>>> Phone: 202-283-0219****
>>>
>>> Email: Aileen.T.Jones at irs.gov****
>>>
>>>  ****
>>>
>>>  ****
>>>
>>> ** **
>>>  ------------------------------
>>>
>>> *From:* Kate Hartmann [mailto:kate.hartmann at owasp.org]
>>> *Sent:* Monday, February 06, 2012 9:51 AM
>>> *To:* Jones Aileen T
>>> *Subject:* owasp email****
>>>
>>> I did send out an email to the entire mailing list (30,000 plus
>>> addresses) on Friday and as the list admin I do get several automatic
>>> responses from bounces at lists@owasp.org however I am not aware of anyone
>>> else ever getting them.****
>>>
>>> ** **
>>>
>>> I have forwarded your question to our list admin for follow up.****
>>>
>>> ** **
>>>
>>> Kate Hartmann****
>>>
>>> Operations Director****
>>>
>>> 301-275-9403****
>>>
>>> www.owasp.org ****
>>>
>>> Skype:  Kate.hartmann1****
>>>
>>> ** **
>>>
>>>
>>
>>
>> --
>> Mark Bristow
>> (703) 596-5175
>> mark.bristow at owasp.org
>>
>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> AppSec DC Organizer - https://www.appsecdc.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-infrastructure/attachments/20120209/264f3a4f/attachment-0001.html>


More information about the Owasp-infrastructure mailing list