[anti-abuse-wg] Reporting abuse to OVH -- don't bother

All OVH and DigitalOcean abuse reports must be submitted via the abuse reporting forms on the website, or they won't be actioned:
 
https://www.ovh.com/world/abuse/
 
https://www.digitalocean.com/company/contact/abuse/
 
 
--------- Original Message --------- Subject: Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother
From: "Alessandro Vesely" <vesely at tana.it>
Date: 2/12/20 11:16 pm
To: "anti-abuse-wg at ripe.net" <anti-abuse-wg at ripe.net>

On Wed 12/Feb/2020 09:51:22 +0100 Ronald F. Guilmette wrote:
 > The RIPE WHOIS data base says that the abose contact for AS16276 is
 > abuse at ovh.net.
 > 
 > It would appear thet the folks at OVH haven't yet quite figured how
 > this whole email thing works.
 > 
 > Give them time. Another decade or two and they should have it down pat.
 
 
 +1, X-VR-SPAMCAUSE looks particularly appealing...
 
 Best
 Ale
 
 
 
 -------- Forwarded Message --------
 Subject: failure notice
 Date: 12 Feb 2020 06:18:04 +0200
 From: MAILER-DAEMON at mx1.ovh.net
 To: abuse at tana.it
 
 Hi. This is the qmail-send program at mx1.ovh.net.
 I'm afraid I wasn't able to deliver your message to the following addresses.
 This is a permanent error; I've given up. Sorry it didn't work out.
 
 <ovh.net-abuse at ovh.net>:
 user does not exist, but will deliver to /homez.12/vpopmail/domains/ovh.net/abuse/
 can not open new email file errno=2 file=/homez.12/vpopmail/domains/ovh.net/abuse/Maildir/tmp/1581481084.9867.mail660.ha.ovh.net,S=4191
 system error
 
 --- Below this line is a copy of the message.
 
 Return-Path: <abuse at tana.it>
 Received: from localhost (HELO queue) (127.0.0.1)
 by localhost with SMTP; 12 Feb 2020 06:18:04 +0200
 Received: from unknown (HELO output25.mail.ovh.net) (10.108.117.188)
 by mail660.ha.ovh.net with AES256-GCM-SHA384 encrypted SMTP; 12 Feb 2020 06:18:04 +0200
 Received: from vr26.mail.ovh.net (unknown [10.101.8.26])
 by out25.mail.ovh.net (Postfix) with ESMTP id 48HRFm0K5Sz7P6Fd8
 for <abuse at ovh.net>; Wed, 12 Feb 2020 04:18:04 +0000 (UTC)
 Received: from in14.mail.ovh.net (unknown [10.101.4.14])
 by vr26.mail.ovh.net (Postfix) with ESMTP id 48HRFf6fgNzrQV85
 for <abuse at ovh.net>; Wed, 12 Feb 2020 04:17:58 +0000 (UTC)
 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=62.94.243.226; helo=wmail.tana.it; envelope-from=abuse at tana.it; receiver=abuse at ovh.net Authentication-Results: in14.mail.ovh.net;
 dkim=pass (1152-bit key; unprotected) header.d=tana.it [email protected] header.b="DSzDkiE5";
 dkim-atps=neutral
 Received: from wmail.tana.it (wmail.tana.it [62.94.243.226])
 by in14.mail.ovh.net (Postfix) with ESMTPS id 48HRFf5rYcz1qqm5
 for <abuse at ovh.net>; Wed, 12 Feb 2020 04:17:58 +0000 (UTC)
 Received: from localhost (localhost [127.0.0.1])
 (uid 1000)
 by wmail.tana.it with local
 id 00000000005DC0BE.000000005E437C70.00006938; Wed, 12 Feb 2020 05:17:51 +0100
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
 t=1581481072; bh=hqA0axQ0F0EZuKcuD4BJM7lec22phleodccLJFRo7js=;
 l=1187; h=From:To:Date;
 b=DSzDkiE5M2E2RHdufCjt/pvL8szxXfCQCiPcYrJMYxbHDSM6/qNrHDy0JZwW3HfQG
 jvGk5T7PlE7c6dBvfNjmQl2Z0yTpvjOVufBM6xGVi3WEzkPUb2Wpr0b6oW/Ptan3/d
 d81pOjTCPaAxOXfx0G1t5PpotLEo0P48qxyNPtkGYVZoMp7kdUev7jtac9Jcq
 Authentication-Results: tana.it; auth=pass (details omitted)
 X-mmdbcountrylookup: FR
 From: "tana.it" <abuse at tana.it>
 To: abuse at ovh.net
 Date: Wed, 12 Feb 2020 05:17:51 +0100
 Subject: Mail server abuse by 188.165.221.36 on 11 February 2020
 Mime-Version: 1.0
 Content-Type: text/plain; charset=utf-8
 Content-Transfer-Encoding: 7bit
 X-Auto-Response-Suppress: DR, OOF, AutoReply
 Message-ID: <courier.000000005E437C6F.00006938 at wmail.tana.it>
 X-Ovh-Remote: 62.94.243.226 (wmail.tana.it)
 X-Ovh-Tracer-Id: 8968355709213900626
 X-VR-SPAMSTATE: OK
 X-VR-SPAMSCORE: 50
 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieeggdeifecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecuogfvvgigthfqnhhlhidqqdetfeejfedqtdegucdlhedtmdenucfjughrpefhvfffufggtgfgsehtjedttddttdejnecuhfhrohhmpedfthgrnhgrrdhithdfuceorggsuhhsvgesthgrnhgrrdhitheqnecuffhomhgrihhnpehtrghnrgdrihhtpdhrihhpvgdrnhgvthenucfkphepiedvrdelgedrvdegfedrvddvieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehinhdugedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvthepiedvrdelgedrvdegfedrvddviedpmhgrihhlfhhrohhmpegrsghushgvsehtrghnrgdrihhtpdhrtghpthhtoheprggsuhhsvgesohhvhhdrnhgvth
 X-Ovh-Spam-Status: OK
 X-Ovh-Spam-Reason: vr: OK; dkim: disabled; spf: disabled
 X-Ovh-Message-Type: OK
 
 Dear Abuse Team
 
 The following abusive behavior from IP address under your constituency
 188.165.221.36 has been detected:
 
 2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack
 
 188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018
 
 original data from the mail log:
 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534]
 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026]
 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198]
 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[58743]
 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[50520]
 2020-02-11 11:39:25 CET courieresmtpd: error,relay=188.165.221.36,port=58743,msg="535 Authentication failed.",cmd: AUTH LOGIN 42D117A2.9F10013D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20200212/97e1d6b5/attachment.html>