[anti-abuse-wg] Reporting abuse to OVH -- don't bother

Alessandro,

The abuse notification below, is absolutely terrible: it only highlights the OVH IP that was used, however it completely fails to identify the IP/hostname that was "attacked", no action (other than forward the notice to the user of the IP) can be taken.​

Please in the future include all relevant data in you abuse notice. (src+dst ip are relevant!)

Thx.​-- 
IDGARA | Alex de Joode | alex at idgara.nl | +31651108221 | Skype:adejoode


On Wed, 12-02-2020 13h 16min, Alessandro Vesely <vesely at tana.it> wrote:> 

> Dear Abuse Team
> 
> The following abusive behavior from IP address under your constituency
> 188.165.221.36 has been detected:
> 
>     2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack
> 
> 188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018
> 
> original data from the mail log:
>     2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534]
>     2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026]
>     2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198]
>     2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[58743]
>     2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[50520]
>     2020-02-11 11:39:25 CET courieresmtpd: error,relay=188.165.221.36,port=58743,msg="535 Authentication failed.",cmd: AUTH LOGIN 42D117A2.9F10013D
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20200212/282bf076/attachment.html>