We’ll look into it, something is amiss here.
@elan Anything yet?
Vanilla is investigating, and they’ve put in place a few safeguards to prevent it from happening.
Thanks @elan. Haven’t received any today.
And it is happening again! Strangely, on an e-mail address not linked to my Plex account but which is mine!
Still happening. They definitely have a vuln somewhere that’s letting people send mails which originate from the forums’ mailer. The headers all match regular emails from the forums.
Return-Path:
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by sloti38d2t01 (Cyrus fastmail-fmjessie44025-14976-git-fastmail-14976) with LMTPA;
Wed, 24 May 2017 08:34:36 -0400
X-Cyrus-Session-Id: sloti38d2t01-2455089-1495629276-2-1106316919546900048
X-Sieve: CMU Sieve 3.0
X-Spam-known-sender: no
X-Spam-score: 0.0
X-Spam-hits: BAYES_00 -1.9, SPF_PASS -0.001, LANGUAGES en, BAYES_USED user,
SA_VERSION 3.4.0
X-Spam-source: IP='208.117.49.186', Host='o1.smtp.vanillaforums.com', Country='US',
FromHeader='tv', MailFrom='tv'
X-Spam-charsets: plain='utf-8'
X-Resolved-to: REDACTED@REDACTED.COM
X-Delivered-to: REDACTED@REDACTED.COM
X-Mail-from: forums@plex.tv
Received: from mx3 ([10.202.2.202])
by compute1.internal (LMTPProxy); Wed, 24 May 2017 08:34:36 -0400
Received: from mx3.messagingengine.com (localhost [127.0.0.1])
by mailmx.nyi.internal (Postfix) with ESMTP id BEBEC47042
for ; Wed, 24 May 2017 08:34:35 -0400 (EDT)
Received: from mx3.messagingengine.com (localhost [127.0.0.1])
by mx3.messagingengine.com (Authentication Milter) with ESMTP
id 9F4D8D6A42C;
Wed, 24 May 2017 08:34:35 -0400
Authentication-Results: mx3.messagingengine.com;
dkim=pass (1024-bit rsa key) header.d=vanillaforums.com header.i=@vanillaforums.com header.b=GQV9UPFg;
dmarc=none (p=none) header.from=plex.tv;
spf=pass smtp.mailfrom=forums@plex.tv smtp.helo=o1.smtp.vanillaforums.com
Received-SPF: pass
(plex.tv: Sender is authorized to use 'forums@plex.tv' in 'mfrom' identity (mechanism 'include:sendgrid.net' matched))
receiver=mx3.messagingengine.com;
identity=mailfrom;
envelope-from="forums@plex.tv";
helo=o1.smtp.vanillaforums.com;
client-ip=208.117.49.186
Received: from o1.smtp.vanillaforums.com (o1.smtp.vanillaforums.com [208.117.49.186])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by mx3.messagingengine.com (Postfix) with ESMTPS
for ; Wed, 24 May 2017 08:34:35 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
d=vanillaforums.com;
h=to:from:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding;
s=s1; bh=4BIQLah5IB1n9vdTwBfs2MRwQcw=; b=GQV9UPFg6A9tzyT5lBbT2ky
K4vrZCsR2Jvk+R0T6+dF0DKuFXRzdS6cBNQ85SR+9WOsELXZ4hXIK/mZYnvRGds3
Wdk4UZHYIXSPAYNB4jp/r2Fv0DTw+32QLIH2QHt+aWLKOFxTad1lYEOzbE9u81O3
VlQN0C2PPTdbP6ETSmTM=
Received: by filter0604p1mdw1.sendgrid.net with SMTP id filter0604p1mdw1-32220-59257DD9-59
2017-05-24 12:34:33.805971372 +0000 UTC
Received: from delivery.vanillaforums.com (unknown [166.78.208.232])
by ismtpd0004p1iad1.sendgrid.net (SG) with ESMTP id ttE92KoiTv6Q117s8z_RDg
for ; Wed, 24 May 2017 12:34:33.750 +0000 (UTC)
Date: Wed, 24 May 2017 12:34:33 +0000
To: REDACTED@REDACTED.COM
From: jeffc7186
Subject: [Plex Forums] jeffc7186 sent you a message
Message-ID:
X-Mailer: PHPMailer 5.2.23 (https://github.com/PHPMailer/PHPMailer)
Precedence: list
X-Auto-Response-Suppress: All
In-Reply-To:
References:
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SG-EID: Bpl1W+HHwAglZa/mJv/pSjEXYOg3gFXrZnSDtLR1TWNntQRZaZfqwMG9pQ83Jik28I9WTe/x/THprI
Cq2A5O7BKgUZKAwKJDfsi1AceBxnd6JhgnJCe3vPBSvHp6SfbF7X18cVlUJwMfVGQS5+PPOAtm3FUO
M8t/e0P/6w356/tVIE0np2Kb4mDgC4aUh7xkh/H6vsvWRYA3QF1eofAGGA==
Plex Forums http://plex.vanillacommunity.com/
jeffc7186 sent you a message
I have never posted in the plex forums. perhaps my login has been hacked.
I'll change my password.
--=20
Reply to this email directly or follow the link below to check it out:
http://plex.vanillacommunity.com/messages/38912#129199
Check it out: http://plex.vanillacommunity.com/messages/38912#129199
