Open malexmave opened 2 years ago
malexmave
commented
2 years ago Ah, how convenient, a notification just got sent 😁. So, notices@ is the address for new notifications, it seems.
FYI: On my system (Office 365, Outlook) the last two notifications were both flagged as junk. I don't know if there is anything you can do about that, but I'm happy to provide an email, including headers, for further analysis if that helps.
matthewsullivan-wf
commented
2 years ago I'm happy to provide an email, including headers, for further analysis if that helps.
Please do! Thanks @malexmave
malexmave
commented
2 years ago Here's the headers of the message, as shown by Outlook Web Access (after I had already explicitly marked it as "not spam"):
Received: from AM0P191MB0481.EURP191.PROD.OUTLOOK.COM (2603:10a6:208:4d::33)
by PAXP191MB1871.EURP191.PROD.OUTLOOK.COM with HTTPS; Tue, 8 Feb 2022
15:56:22 +0000
Received: from AS8P251CA0021.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:2f2::18)
by AM0P191MB0481.EURP191.PROD.OUTLOOK.COM (2603:10a6:208:4d::33) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12; Tue, 8 Feb
2022 15:56:20 +0000
Received: from VI1EUR04FT014.eop-eur04.prod.protection.outlook.com
(2603:10a6:20b:2f2:cafe::f0) by AS8P251CA0021.outlook.office365.com
(2603:10a6:20b:2f2::18) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.19 via Frontend
Transport; Tue, 8 Feb 2022 15:56:19 +0000
Authentication-Results: spf=pass (sender IP is 149.72.167.116)
smtp.mailfrom=noreply.bugalert.org; dkim=pass (signature was verified)
header.d=bugalert.org;dmarc=bestguesspass action=none
header.from=bugalert.org;compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of noreply.bugalert.org
designates 149.72.167.116 as permitted sender)
receiver=protection.outlook.com; client-ip=149.72.167.116;
helo=wrqvxttq.outbound-mail.sendgrid.net;
Received: from wrqvxttq.outbound-mail.sendgrid.net (149.72.167.116) by
VI1EUR04FT014.mail.protection.outlook.com (10.152.28.172) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.4951.12 via Frontend Transport; Tue, 8 Feb 2022 15:56:19 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bugalert.org;
h=content-type:from:mime-version:subject:reply-to:to;
s=s1; bh=Y91DBlpLUJDGGTa6LX7AaKh65qSjTmGgSMOeH9H9iWY=;
b=c8i2dKPmTDc9Dz56CgEj7a39ZrL5BQAMEZW8WzgLSRQAmdIrxr47ElllK4cJGWSJzj8y
s6qnOvhhHEbOefSSE+pL9pC2sD8B+s/v7ZwEmID7qzTaK4AKqBG6QSPzlkRGn1OZtPg7PA
flmkFb3CUgANNcR4OgujQMF/gg/Uek0JEk1TzyNWqZ6Ae3BKbGca8Y4u0rdBobcgwhgnw4
Tbgq95m+6Y+Mp94fvHQKb/iKGi8duEzmscFYLN4XZ0jtttG14CnyM8pWJKUXiYI7dm1TLV
DR85jJrfeMivYwmL0u8HTtpznFejx9m17ukEJwu9CJ9MrcfO39KZKvs4k9+eu+Vg==
Received: by filterdrecv-canary-55d9c75bdc-4x694 with SMTP id filterdrecv-canary-55d9c75bdc-4x694-1-620292A1-2
2022-02-08 15:56:17.116808374 +0000 UTC m=+12068939.650385724
Received: from MjQ5NTA2NjE (unknown)
by geopod-ismtpd-4-2 (SG) with HTTP
id GO1auX_1SvyHZboRjWF6JA
Tue, 08 Feb 2022 15:56:16.941 +0000 (UTC)
Content-Type: multipart/alternative; boundary=8aac5b271ce6639632d087984d49b6362b81a320b6306bdfe39c20dc1de2
Date: Tue, 08 Feb 2022 15:56:17 +0000 (UTC)
From: Bug Alert <notices@bugalert.org>
Mime-Version: 1.0
Message-ID: <GO1auX_1SvyHZboRjWF6JA@geopod-ismtpd-4-2>
Subject: [EXT] Bug Alert Notice: Unauthenticated user impersonation (auth
bypass) in SAP
Reply-To: notices@bugalert.org
X-SG-EID:
=?us-ascii?Q?Bm4CqpB=2FEuniGXM2PQKw0bNdsijcE2xbLzbV=2F2kB94lWuJM+Hy=2FXNIk26a5k8+?=
=?us-ascii?Q?mOav7j5TPi+f4tBmLt9+9enNzn2CvklZ1Yxha4R?=
=?us-ascii?Q?ZcseLRBa0Oe8+FrO5w6lQy8yLyN3kQElK8abmma?=
=?us-ascii?Q?Rzmw=2FlcfVijdxYDDyY783DGsZOFkqNJSOS8LJrT?=
=?us-ascii?Q?evFzFDg20ORdozSSaEVPDB591kA3nOW5V2Ed2KY?=
=?us-ascii?Q?8c6ai6QmpaywyAT2pFtb=2FxQDysDomY57QDXEvs?=
X-SG-ID:
=?us-ascii?Q?se=2F49CGmbS0sfR97ImeXvDoOrI1ra2UfBi=2FYp+tM4sZNnFcdeo8cVPRMz3vfJ1?=
=?us-ascii?Q?B4lB8ss1VLTXJ6ibLPDs95VBUlMzbRCfT5eXVrQ?=
=?us-ascii?Q?W0=2FHUFqVALUFe0JM86RRn2ML6quej2uqD5rg9ZE?=
=?us-ascii?Q?tBqlSMpiyKhesCeLjavL5Cd86D63y8hImzKymVi?=
=?us-ascii?Q?ErW2o6m4d9En8udwogu7pAUAv5EET9q1lzGUNT9?=
=?us-ascii?Q?uIe00uf4ZYu8NGGgPx1M7f4tyjOLwOO4fisIU8n?=
=?us-ascii?Q?EBDykNGqI8c0In97pZMNKhbGfKvtNUTSUYWsrqo?=
=?us-ascii?Q?roQ9OLpsJStoqGa72O6GEevd+cMOgis3NiapMv+?=
=?us-ascii?Q?zwTnFZECKCyeiOjpE8hsIXWWi+Q+Ex+VMD8IApl?=
=?us-ascii?Q?m18EKczizkO62YqLXeQX2ceujJIIjuXfHZ4LUg=2F?=
=?us-ascii?Q?nOuc55X5vN+GMzxTnFO+UxS2uHGhbiiOEmaJOaO?=
=?us-ascii?Q?mPvdMASh6eiXHC47UmZc2Xc1zamWhLzzkbpfDTf?=
=?us-ascii?Q?I7DBUaD+aOuqp0vJTICLzbTKxZ4nPuRkHsXOyAZ?=
=?us-ascii?Q?mOcyKV=2F6CPJWMwgQR8GAJVQd=2FjJDPX9Ach2rY7u?=
=?us-ascii?Q?Q359S80DjtRKluIMSE60WZ1QHoRRSa4Z74yPcMI?=
=?us-ascii?Q?=2FTVBda4tYz1O1G7yzuQjuwVU7o2pJX4E+wqVRrr?=
=?us-ascii?Q?rxSjk1U7JUtw6vR5g0coXuvfTapdn=2FsTuFB7AQr?=
=?us-ascii?Q?ywolw=2FVNKLDPqB8Jab?=
To: [my email]
X-Entity-ID: T+AobmFilKq8DnPMh/r/jQ==
Return-Path: bounces+24950661-6c74-myemail=mydomain.tld@noreply.bugalert.org
X-MS-Exchange-Organization-ExpirationStartTime: 08 Feb 2022 15:56:19.4397
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
40bed02c-b849-4e6b-6e33-08d9eb1b8bf5
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e96afb08-eeaf-49be-90d6-526571a42d8a:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-Exchange-Organization-AuthSource:
VI1EUR04FT014.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id: 40bed02c-b849-4e6b-6e33-08d9eb1b8bf5
X-MS-TrafficTypeDiagnostic: AM0P191MB0481:EE_
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-Organization-SCL: 5
X-Forefront-Antispam-Report:
CIP:149.72.167.116;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:wrqvxttq.outbound-mail.sendgrid.net;PTR:wrqvxttq.outbound-mail.sendgrid.net;CAT:SPM;SFS:(13230001)(4636009)(7916004)(6506007)(966005)(76236003)(6486002)(8676002)(21615005)(58800400005)(356005)(1096003)(7596003)(22186003)(15650500001)(19627405001)(33716001)(66574015)(6916009)(26005)(9686003)(6512007)(336012)(5660300002)(36736006)(83170400001)(7636003)(3450700001)(166002)(83380400001);DIR:INB;
X-Microsoft-Antispam: BCL:0;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Feb 2022 15:56:19.0491
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 40bed02c-b849-4e6b-6e33-08d9eb1b8bf5
X-MS-Exchange-CrossTenant-Id: e96afb08-eeaf-49be-90d6-526571a42d8a
X-MS-Exchange-CrossTenant-AuthSource:
VI1EUR04FT014.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P191MB0481
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.1861137
X-MS-Exchange-Processed-By-BccFoldering: 15.20.4951.019
X-Microsoft-Antispam-Mailbox-Delivery:
ucf:0;jmr:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(910001)(944506458)(944626604)(920097)(930097)(3100021);RF:JunkEmail;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?4AmKs30R/JL9x+MVMYL60ukL5/vzY/yB3PwgJTeQbvokQwa0Hw8LbnuH0bN4?=
=?us-ascii?Q?LqZk4Pe8xriM51/A7u3Jt9hlIp9jk78AzCQhl4ABn2umYxAWxlkZO385K3wo?=
=?us-ascii?Q?v84lIJmqr9cHi+YHuNQCHxKKBkqxvUagpqhec3d9Xcfli8YDNP94CTYXjS1r?=
=?us-ascii?Q?tKAdAypBkaK+RSOiGc3mVpX8lRU65P5AtAoMigM1nQZJLkqBCniQX5BppWEl?=
=?us-ascii?Q?EJOoWaxmDNMLDhMUSLYknFgwsUph4ErSyGzNG5JIgLj6taIQsAkkVUzh4JlA?=
=?us-ascii?Q?Z5mOB2opJPHYZOz3E7i34UcGByqFzjE4eGmVu616FvGLMSQu/R32b2lRTL+q?=
=?us-ascii?Q?yvjrDH3lrfSrAnh3YJzTKaDoBYq5ztor9ok5xIu+NchrXOTFnMPs4h+1oSwr?=
=?us-ascii?Q?8VouDz4H3fuhXRx04p1jAHZ9d1oLhF3OV06h6+4g2VoT64kFOkVU+DsjPQ7m?=
=?us-ascii?Q?jP01h84E4fpaaJcyI8Q6v60LVRKXqe9XMlFwerpUMC3DXqi4Ztp1NAQdDNcN?=
=?us-ascii?Q?3S4kaWLrK1WmBoZOgIGPZGfHN1AkKZX18YR5yRzW1djtI8SuhsBj2pOmJkIG?=
=?us-ascii?Q?Ya8AVYEKVfoZzqZuLGSzBGt82wU4mjoag6E4GpF36u/9F40SDQd162kJFHC8?=
=?us-ascii?Q?MpQWovR9ciTscqfkhI8fZ1XvtAPVejhQL3hxdDVuI1eK6Nwra2PBfRK/sQoP?=
=?us-ascii?Q?q9HHFujn+kP7PVeN8HIauSy9DbmGxnLMHQ3y5xAQLjrTTKv1LIUTMiGDOeDH?=
=?us-ascii?Q?gm6HbWl4zvkugGRVmguEc/osk1fmjGYMTdiWKQGBAq4Lb692l1ELpzBd+eXD?=
=?us-ascii?Q?xGI2MJrloYAv6m6qbMSRfYCplwx25e8kPDEb3ubFHn4dmebCFzJ0uJVOCh5e?=
=?us-ascii?Q?c3cjIWgCEH7OdGPl5hLVGIdXvWhyb5CSJfnqWnI2DZqBRbzfvSeNyL2H6viw?=
=?us-ascii?Q?ro2kzc5fHZ6LIjamp5cJlzeKmJbbf6sC5O3cn0D/Cl12/frTECJHXeSwQtqk?=
=?us-ascii?Q?2xmA+4lKj2xc9yAKO3Q1ey0JQYHeJxgrYsmef2TkinCGAfA1Sgt4uIVxpu/N?=
=?us-ascii?Q?2eMstLcjtTlTpuSR/BVOcNCrF0ca7UVGHWbt/rdpCqI7VEHF03EywdwA2Rh9?=
=?us-ascii?Q?11wic80xGK5Y1wRr6YvMIIAhufdE8TCcgQx6Kt8ac0qyNilzXz0q22F3Az2q?=
=?us-ascii?Q?3f6lGWmU7ZoeTETG5/vQE9Qc41fryBhC2mAI7/glCUkoV9v4lYPDqoU9IN8Y?=
=?us-ascii?Q?Bnt1uGxfi6nZMw3hNJTcfurPwRSUaxhT34Xwa7fJSUEuvp3xnza+kSu9H59W?=
=?us-ascii?Q?5ZvK6kpr8sI8BZQK/hRCyn0+nYt6qf4iz+72PNY6GX3atg95g1azZDkgOY26?=
=?us-ascii?Q?rVIrsb1fJ8OoFKHwbeGyw8XdosiKJ4ApIhb4JQgaD45omc3niCZETo11beZo?=
=?us-ascii?Q?oT+LC5bL+xdnbhDNN7goa452SlqtsT25YHVxuonvvkDscEA/5MCtdtOPFUmK?=
=?us-ascii?Q?0xvYuG1jBXYDmpdTIpSXqpaTf9e4cMuFef2rGT6pVkuXRGyBIEEy6Zv2voHk?=
=?us-ascii?Q?AMFMW66KNKVIa8JuATK2E6tzjE+nTlR7ptOnkBhfsfzfim4cWFDzsHzR1iCY?=
=?us-ascii?Q?NoxyfL1/RaIpB68Vk9lvri7CC2KcDzMWUtZH/LAiQjWeZTLRxMg3nBcYu1Uj?=
=?us-ascii?Q?mhiqYHaXvxwbJbvkeiIbmsIu7cl/ueGfb5ADUooio41cdGVQjbk/H9mhnQoA?=
=?us-ascii?Q?SpEr6CaC0Sz8lsyh+0NxaS2kxeAmq302WMIPnX/YTm6WszBygWanAhSOaGEU?=
=?us-ascii?Q?B0dJEkXjsEYKcTg0/OwzGonG8prtlPTdcmYH18uBUCnDB73yJ5kbyWWZChZR?=
=?us-ascii?Q?U3RrdPHEfVn8m6GCZxPbUubPy5D5EqmiJ0Hfww4SETBgTtIV3+UHmHILeMQ+?=
=?us-ascii?Q?8UKMj8Idz+LwJAj/nEMdZcmJ+Nk1a/hAhLKjwyccOG0AL/Pi7THa3aq7IJyp?=
=?us-ascii?Q?o6zPbtPOC/nqk14JL8W6i8Z7A8Ioox+NVDGy3OkEpKmNi4/ALvX6POvm9E/U?=
=?us-ascii?Q?UMLKISyOxAjYaUdZxvi4fOhbGEfGi1YwMCGytde6QBscRVqbAm4ju0bMn6vA?=
=?us-ascii?Q?CDrQbXclGqBtt6HwjEF0OjpgZ+L87aarCOG4ZhkEd6urucw91Rly/DyIrNrp?=
=?us-ascii?Q?qUu/vbFWpYb1envdfOaQljjL2nltbOqjkFEWy4C/pdqqRrOwADdfI9VCej0/?=
=?us-ascii?Q?28gfyTCMxF0PtqTtZog7liUr6aTzm1aKHuEwz2SMBOKfmDRTuIxlKUxm5vtb?=
=?us-ascii?Q?uJUmZr+V/KY+BnRzLF73ExmuBuVR7AsW94taxcucDscHgU04w+iAr3i4VcVy?=
=?us-ascii?Q?4+ZwgnX70utTRu3uVpiY7f2hDOLZ?=
Hi there!
I'm planning to hook up the bugalert email alerts to our Jira security service desk, which requires me to create a "customer account" for the sender of the message (otherwise the email will be discarded). Can you document somewhere which email address will be used to send the notifications? Is it a single address that is used for account verification and all future notifications, or are there different email addresses for different purposes, which would all have to be set up as customers in Jira?
Thanks for this awesome project, I really hope it takes off and sticks around :).