spamassassin-dev April 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: [Bug 6577] New: IPv6 encapsulated IPv4 sender

[Bug 6577] New: IPv6 encapsulated IPv4 sender not detected correctly

From: <bugzilla-daemon_at_nospam>
Date: Tue Apr 26 2011 - 01:17:32 GMT
To: dev@spamassassin.apache.org

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6577

           Summary: IPv6 encapsulated IPv4 sender not detected correctly
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: Plugins
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: jeffc@surbl.org

Got a 419 scam spam with an IPv6 encapsulated IPv4 address that was not
detected correctly:

Received: from userPC ([::ffff:82.128.107.32])
 (AUTH: LOGIN zzzz@yyyyy.com, TLS: TLSv1/SSLv3,256bits,AES256-SHA)
 by mail.xxxxxxx.com with ESMTPSA; Mon, 25 Apr 2011 16:nn:00 -0500
 id 0000000000aaaaa.00000000bbbbb.00000ccccc

"I believe that this is a new method to obfuscate an IPv4 address from
harvesters and DNSbl's by hiding it in a IPv4 over IPv6 tunnel address so that
it doesn't get processed." says a friend.

I might call this v4 obfuscation via v6.

-- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.