Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-16 Thread Pete Biggs 


>  I'm not sure how Action Fraud expected this to work if forwarded mails are 
> rejected by
> the ISP (which seems sensible to me) - I'll recheck with their web site.

Their instructions are to use a screenshot.  They are aware of the
issues.

P.

___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-16 Thread Steve Tucknott 
On Thu, 2022-09-15 at 11:44 +0100, Patrick O'Callaghan wrote:
> 
> It's definitely not from Evolution. Evo never sends you messages on its
> own. Furthermore, it doesn't have a "scam check" function. It does
> enable external spam checkers such as SpamAssassin or Bogofilter, but
> AFAIK neither of these sends auto-generated emails to the user.

Apologies for all as I never made it clear - or told you the version of Evo and 
the environment (which are 3.44.4 and
Fedora Core 36) - the send rejection is from the 'Outbox'. The EMail is never 
forwarded and the failure message is just
that - ie a message within Evolution and is not an incoming EMail.
Anyway, the mail was forwarded ok from my phone as I received an EMail 
acknowledgement from Action Fraud. While that
loophole works (as, as Milan said - if the message is from the ISP, then my 
mail client on my phone appears to ignore
it), then I have a workaround. I'm not sure how Action Fraud expected this to 
work if forwarded mails are rejected by
the ISP (which seems sensible to me) - I'll recheck with their web site.
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Steve T via evolution-list 
On Thu, 2022-09-15 at 09:37 -0400, Adam Tauno Williams wrote:
> > The mail must be using different SMTP servers. It's unlikely that an
> > SMTP server would treat mail differently from different clients.
> 
> There is the possibility that the mobile device mail client doesn't
> deal with errors; it either silently - and obliviously - fails or
> leaves the message in "Outbox" or some other holding bin, potentially
> forever.  I've seen this behavior, in the 21st century, unfortunately.
> 

I don't think that's the case, as after forwarding the EMail from the phone 
mail app, the message went into 'sent' and I
subsequently received an acknowledgement from Action Fraud. Whether what they 
received is what I forwarded or not, I
can't tell as their acknowledgement doesn't quote it.
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Steve T via evolution-list 
On Thu, 2022-09-15 at 12:22 +0100, Pete Biggs wrote:
> 
> OK. A few observations.  
> 
> The mail must be using different SMTP servers. It's unlikely that an
> SMTP server would treat mail differently from different clients.
> 
> The fact that the SMTP service used by Evolution detects the phishing
> email, but it's not being detected before it got delivered to you
> indicates that they are two different providers - it's not sensible
> that it would only detect it on outgoing mail!
> 


> Personally, if it is detected by the outgoing SMTP server, and not the
> incoming one, then I would have a serious look at your mail provider
> and ask some questions. It may need some configuration setting to
> reject or spam bin known spam/phish - things are complicated in this
> respect if you use POP

I'm not sure that's  the case. I tend to allow spam through from the EMail 
services I use and I then deal with it within
whichever EMail client I use (usually Evolution). The EMail had had its Subject 
line altered to reflect that it was
'suspect' presumably by some server along the way. It was that modified mail 
that I tried to forward.
 
> 
> Since the phishing attempt is detected by SANE, it's clearly a known
> phish, so sending it to Action Fraud is not a priority. There is
> guidance from NCSC about how to report phishing - including what to do
> if your mail provider blocks it.  See:
> 
>  https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email
> 
> Two things to note: they don't need to see spam binned stuff & if in
> doubt use a screen shot.
> 
> P.
Thanks for that.
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Adam Tauno Williams 
> The mail must be using different SMTP servers. It's unlikely that an
> SMTP server would treat mail differently from different clients.

There is the possibility that the mobile device mail client doesn't
deal with errors; it either silently - and obliviously - fails or
leaves the message in "Outbox" or some other holding bin, potentially
forever.  I've seen this behavior, in the 21st century, unfortunately.

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Pete Biggs 
On Thu, 2022-09-15 at 14:49 +0200, Jaroslaw Rafa via evolution-list
wrote:
> Dnia 15.09.2022 o godz. 12:22:13 Pete Biggs pisze:
> > 
> > The mail must be using different SMTP servers. It's unlikely that an
> > SMTP server would treat mail differently from different clients.
> 
> Unless the client on the phone encodes the forwarded mail in some way that
> causes the SMTP server not detect the fraudulent mail.

I would hope any decent SMTP server would be aware of this sort of
thing. Certainly all the ones I know can mime-decode and base64-decode
message bodies to get at the content.  If it were that easy to by-pass
the scanners the spammers would do nothing but send encoded mails. 

The only thing my scanners can't decode are password encrypted files -
on some it passes them with a warning, on others it rejects any
passworded content.

P.

___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Jaroslaw Rafa via evolution-list 
Dnia 15.09.2022 o godz. 12:22:13 Pete Biggs pisze:
> 
> The mail must be using different SMTP servers. It's unlikely that an
> SMTP server would treat mail differently from different clients.

Unless the client on the phone encodes the forwarded mail in some way that
causes the SMTP server not detect the fraudulent mail.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Pete Biggs 


> 
> Yes, I'm using POP/SMTP - the message is :
> Data Command failed: Message contains malware (detected as 
> Sanesecurity.Phishing.Fake.Coin.29059.UNOFFICIAL)

That's definitely from your SMTP host, not Evolution.  

> > 
> I didn't use my brain - I have a different EMail client on my phone, so I've 
> just forwarded the message from there to
> see what happened. It appears to forward ok.
> 

OK. A few observations.  

The mail must be using different SMTP servers. It's unlikely that an
SMTP server would treat mail differently from different clients.

The fact that the SMTP service used by Evolution detects the phishing
email, but it's not being detected before it got delivered to you
indicates that they are two different providers - it's not sensible
that it would only detect it on outgoing mail!

Personally, if it is detected by the outgoing SMTP server, and not the
incoming one, then I would have a serious look at your mail provider
and ask some questions. It may need some configuration setting to
reject or spam bin known spam/phish - things are complicated in this
respect if you use POP

Since the phishing attempt is detected by SANE, it's clearly a known
phish, so sending it to Action Fraud is not a priority. There is
guidance from NCSC about how to report phishing - including what to do
if your mail provider blocks it.  See:

 https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email

Two things to note: they don't need to see spam binned stuff & if in
doubt use a screen shot.

P.

___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Patrick O'Callaghan 
On Thu, 2022-09-15 at 06:59 +0100, Steve T via evolution-list wrote:
> From time to time I get EMails that appear to be scams or phishing
> mails. In the UK the police have set up 'Action
> Fraud' - a group that looks into EMail/text scams. The problem I have
> is that when I forward the dubious mail to action
> fraud's Email address, the mail fails to send and gets an error
> message telling me that it is potentially fraudulent!
> 
> Is that message from Evolution or from my mail provider, and if from
> Evolution, can I disable the scam check for an
> individual mail?

It's definitely not from Evolution. Evo never sends you messages on its
own. Furthermore, it doesn't have a "scam check" function. It does
enable external spam checkers such as SpamAssassin or Bogofilter, but
AFAIK neither of these sends auto-generated emails to the user.

poc
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Milan Crha via evolution-list 
On Thu, 2022-09-15 at 08:13 +0100, Steve T via evolution-list wrote:
> Data Command failed: Message contains malware (detected as
> Sanesecurity.Phishing.Fake.Coin.29059.UNOFFICIAL)

Hi,
the "Data Command" means DATA command on the SMTP level, aka it's the
server returning the error.

> I have a different EMail client on my phone, so I've just forwarded
> the message from there to see what happened. It appears to forward
> ok.

Interesting, I'm wondering how they could workaround that SMTP server
error. Unless they use a different sending server. Anyway, it's good
you found a way.
Bye,
Milan

___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Steve T via evolution-list 
On Thu, 2022-09-15 at 08:49 +0200, Milan Crha via evolution-list wrote:
> On Thu, 2022-09-15 at 06:59 +0100, Steve T via evolution-list wrote:
> > Is that message from Evolution or from my mail provider, and if from
> > Evolution, can I disable the scam check for an individual mail?
> 
> Hi,
> I'd need to see an exact message and when it shows up to know for sure,
> but I guess it returns your SMTP server. 

Yes, I'm using POP/SMTP - the message is :
Data Command failed: Message contains malware (detected as 
Sanesecurity.Phishing.Fake.Coin.29059.UNOFFICIAL)

> You can see what's going on
> under the hood when you run Evolution as:
> 
>    $ CAMEL_DEBUG=smtp evolution
> 
I didn't use my brain - I have a different EMail client on my phone, so I've 
just forwarded the message from there to
see what happened. It appears to forward ok.


___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Milan Crha via evolution-list 
On Thu, 2022-09-15 at 06:59 +0100, Steve T via evolution-list wrote:
> Is that message from Evolution or from my mail provider, and if from
> Evolution, can I disable the scam check for an individual mail?

Hi,
I'd need to see an exact message and when it shows up to know for sure,
but I guess it returns your SMTP server. You can see what's going on
under the hood when you run Evolution as:

   $ CAMEL_DEBUG=smtp evolution

and try to re-send the message. I guess you use SMTP, you did not say
that.

I do not know whether acceptable by the recipients, but maybe if you
save the message to an mbox file (right-click it, it's in the context
menu), then compress it with a .zip and that compressed file will be
sent to the involved parties, then maybe it'll avoid the error.

In any case, Evolution itself doesn't do any spam filtering when
sending messages, it scans for spam on received messages only.
Bye,
Milan

___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

[Evolution] Forwarding a mail to action fraud that is potentially fraudulent

2022-09-15 Thread Steve T via evolution-list 
>From time to time I get EMails that appear to be scams or phishing mails. In 
>the UK the police have set up 'Action
Fraud' - a group that looks into EMail/text scams. The problem I have is that 
when I forward the dubious mail to action
fraud's Email address, the mail fails to send and gets an error message telling 
me that it is potentially fraudulent!

Is that message from Evolution or from my mail provider, and if from Evolution, 
can I disable the scam check for an
individual mail?

Thanks,
Steve T
___
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list