[anti-abuse-wg] Reporting abuse to OVH -- don't bother

Hi,

On Wed 12/Feb/2020 18:43:54 +0100 Alex de Joode wrote:
> 
> The abuse notification below, is absolutely terrible: it only highlights the
> OVH IP that was used, however it completely fails to identify the IP/hostname
> that was "attacked", no action (other than forward the notice to the user of
> the IP) can be taken.​


Yes, the user of the IP is the one who should take care.  I don't think an
actual (paying) user would waste resources on such desperate dictionary
attacks.  So, the host must be 0wned, and needs cleanup.


> Please in the future include all relevant data in you abuse notice. (src+dst ip
> are relevant!)


Src+port are already there.  The destination IP is indirectly mentioned in a
sort of (stripped off[*]) legend which explains which host, what firewall, and
similar details.


Best
Ale
-- 

[*] I'd publish it if I were sure it's bullet proof.  Until it's fully vetted,
some obscurity sounds more secure ;-)


> On Wed, 12-02-2020 13h 16min, Alessandro Vesely <vesely at tana.it> wrote:
> 
> 
>     Dear Abuse Team
> 
>     The following abusive behavior from IP address under your constituency
>     188.165.221.36 has been detected:
> 
>     2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%,
>     SMTP auth dictionary attack
> 
>     188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018
> 
>     original data from the mail log:
>     2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534]
>     2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026]
>     2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198]
>     2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[58743]
>     2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[50520]
>     2020-02-11 11:39:25 CET courieresmtpd:
>     error,relay=188.165.221.36,port=58743,msg="535 Authentication failed.",cmd:
>     AUTH LOGIN 42D117A2.9F10013D
> 
>