Alessandro,

The abuse notification below, is absolutely terrible: it only highlights the OVH IP that was used, however it completely fails to identify the IP/hostname that was "attacked", no action (other than forward the notice to the user of the IP) can be taken.​

Please in the future include all relevant data in you abuse notice. (src+dst ip are relevant!)

Thx.
​-- 
IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode

On Wed, 12-02-2020 13h 16min, Alessandro Vesely <vesely@tana.it> wrote:

Dear Abuse Team

The following abusive behavior from IP address under your constituency
188.165.221.36 has been detected:

2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack

188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018

original data from the mail log:
2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534]
2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026]
2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198]
2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[58743]
2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[50520]
2020-02-11 11:39:25 CET courieresmtpd: error,relay=188.165.221.36,port=58743,msg="535 Authentication failed.",cmd: AUTH LOGIN 42D117A2.9F10013D