Alessandro, The abuse notification below, is absolutely terrible: it only highlights the OVH IP that was used, however it completely fails to identify the IP/hostname that was "attacked", no action (other than forward the notice to the user of the IP) can be taken. Please in the future include all relevant data in you abuse notice. (src+dst ip are relevant!) Thx.-- IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode On Wed, 12-02-2020 13h 16min, Alessandro Vesely <vesely@tana.it> wrote:>
Dear Abuse Team
The following abusive behavior from IP address under your constituency 188.165.221.36 has been detected:
2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack
188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018
original data from the mail log: 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198] 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[58743] 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[50520] 2020-02-11 11:39:25 CET courieresmtpd: error,relay=188.165.221.36,port=58743,msg="535 Authentication failed.",cmd: AUTH LOGIN 42D117A2.9F10013D