Topic: Is this mail from [email protected] legit? (Read 678 times)
It should be legit since everyone received that email. Check the signature with theymos's key, it should be valid.
Is this mail legit?
It has no DKIM signature, a invalid PGP signature and a valid SPF signature.
The host I received it from, does not seem to be asscoiated with bitcointalk either:
C:\Users\Sebastian>nslookup -type=PTR 170.81.251.198.in-addr.arpa.
Server: fw.sebbe.eu
Address: 2001:470:28:1c:1::1
Icke-auktoritärt svar:
170.81.251.198.in-addr.arpa name = node-198-251-81-170.reverse.x4b.me
C:\Users\Sebastian>
Checking the SPF:
C:\Users\Sebastian>nslookup -type=TXT bitcointalk.org.
Server: fw.sebbe.eu
Address: 2001:470:28:1c:1::1
Icke-auktoritärt svar:
bitcointalk.org text =
"v=spf1 mx a include:amazonses.com -all"
C:\Users\Sebastian>
WEEEEEEEEEEW..... Allowing all hosts in the amazon Simple Email Services seems to be a Little bit overly permissible. I don't know if they have any safeguards against fraudulent mail...
Return-Path: <[email protected]>
X-Original-To:@sebbe.eu
Delivered-To:@sebbe.eu
Received: from server-desktop (localhost [127.0.0.1])
by dns2.sebbe.eu (Postfix) with ESMTP id 12FFF4C0291
for@sebbe.eu; Mon, 25 May 2015 22:23:27 +0200 (CEST)
Subject: Bitcoin Forum: Password change required [Invalid signature]
X-AntiPhishing-IP: [BEGIN][198.251.81.170][END]
Authentication-Results: unknown-host; dkim=none reason="no signature";
dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from bitcointalk.org (node-198-251-81-170.reverse.x4b.me [198.251.81.170])
by dns1.sebbe.eu (Postfix) with ESMTP id F0F814C0291
for@sebbe.eu; Mon, 25 May 2015 22:23:25 +0200 (CEST)
Received: by bitcointalk.org (Postfix, from userid 0)
id AE9AACF1439; Mon, 25 May 2015 20:19:46 +0000 (GMT)
Date: Mon, 25 May 2015 20:19:46 +0000
From: [email protected]
To:@sebbe.eu
Message-ID: <556383e2.+sWUE0Y0lRkm5AKP%[email protected]>
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Djigzo-Info-PGP-Encoding: PGP/INLINE
X-Djigzo-Info-PGP-Signer-KeyID: C6555693DAB591E7
X-Djigzo-Info-PGP-Signature-Valid: False
X-Djigzo-Info-PGP-Signature-Failure: Signer's key with key ID C6555693DAB591E7
not found.
X-SPF-Signature: pass (bitcointalk.org: 198.251.81.170 is authorized to use '[email protected]' in 'mfrom' identity (mechanism 'a' matched)) receiver=server-desktop; identity=mailfrom; envelope-from="[email protected]"; client-ip=198.251.81.170
You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
- Email address
- Password hash
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your
secret answer
- Various settings
You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".
If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.
Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.
While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.
I apologize for the inconvenience and for any trouble that this may cause.
It has no DKIM signature, a invalid PGP signature and a valid SPF signature.
The host I received it from, does not seem to be asscoiated with bitcointalk either:
C:\Users\Sebastian>nslookup -type=PTR 170.81.251.198.in-addr.arpa.
Server: fw.sebbe.eu
Address: 2001:470:28:1c:1::1
Icke-auktoritärt svar:
170.81.251.198.in-addr.arpa name = node-198-251-81-170.reverse.x4b.me
C:\Users\Sebastian>
Checking the SPF:
C:\Users\Sebastian>nslookup -type=TXT bitcointalk.org.
Server: fw.sebbe.eu
Address: 2001:470:28:1c:1::1
Icke-auktoritärt svar:
bitcointalk.org text =
"v=spf1 mx a include:amazonses.com -all"
C:\Users\Sebastian>
WEEEEEEEEEEW..... Allowing all hosts in the amazon Simple Email Services seems to be a Little bit overly permissible. I don't know if they have any safeguards against fraudulent mail...
Return-Path: <[email protected]>
X-Original-To:
Delivered-To:
Received: from server-desktop (localhost [127.0.0.1])
by dns2.sebbe.eu (Postfix) with ESMTP id 12FFF4C0291
for
Subject: Bitcoin Forum: Password change required [Invalid signature]
X-AntiPhishing-IP: [BEGIN][198.251.81.170][END]
Authentication-Results: unknown-host; dkim=none reason="no signature";
dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from bitcointalk.org (node-198-251-81-170.reverse.x4b.me [198.251.81.170])
by dns1.sebbe.eu (Postfix) with ESMTP id F0F814C0291
for
Received: by bitcointalk.org (Postfix, from userid 0)
id AE9AACF1439; Mon, 25 May 2015 20:19:46 +0000 (GMT)
Date: Mon, 25 May 2015 20:19:46 +0000
From: [email protected]
To:
Message-ID: <556383e2.+sWUE0Y0lRkm5AKP%[email protected]>
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Djigzo-Info-PGP-Encoding: PGP/INLINE
X-Djigzo-Info-PGP-Signer-KeyID: C6555693DAB591E7
X-Djigzo-Info-PGP-Signature-Valid: False
X-Djigzo-Info-PGP-Signature-Failure: Signer's key with key ID C6555693DAB591E7
not found.
X-SPF-Signature: pass (bitcointalk.org: 198.251.81.170 is authorized to use '[email protected]' in 'mfrom' identity (mechanism 'a' matched)) receiver=server-desktop; identity=mailfrom; envelope-from="[email protected]"; client-ip=198.251.81.170
You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
- Email address
- Password hash
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your
secret answer
- Various settings
You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".
If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.
Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.
While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.
I apologize for the inconvenience and for any trouble that this may cause.
Jump to: