Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #17855

Closed
Open
Opened Dec 14, 2015 by David Fifield@dcf

flashproxy-reg-email detected as Kelihos botnet spam by the CBL (Composite Blocking List)

Since about 2015-12-01, the email that flashproxy-reg-email sends triggers a false-positive detection in the CBL (Composite Blocking List) which causes other email sent from the same IP address to be rejected by some recipients (including riseup.net). Shortly after flashproxy-reg-email running, the lookup page says something along the lines of: IP Address x.x.x.x is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet. It was last detected at 2015-12-07 03:00 GMT (+/- 30 minutes), approximately 3 hours, 30 minutes ago. This IP is infected (or NATting for a computer that is infected) with the kelihos spambot. In other words, it's participating in a botnet. Everything about Kelihos and botnets is false; through experiments and interaction with a CBL operator we isolated the cause to flashproxy-reg-email's messages.

An example of a bounce message caused by this error is: SMTP error from remote mail server after RCPT TO:...@riseup.net: host mx1.riseup.net [198.252.153.129]: 550 5.7.1 Service unavailable; client [x.x.x.x] blocked using zen.spamhaus.org

We should do something to avoid these false detections if possible.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#17855