On Wed 12/Feb/2020 09:51:22 +0100 Ronald F. Guilmette wrote: > The RIPE WHOIS data base says that the abose contact for AS16276 is > ab...@ovh.net. > > It would appear thet the folks at OVH haven't yet quite figured how > this whole email thing works. > > Give them time. Another decade or two and they should have it down pat.
+1, X-VR-SPAMCAUSE looks particularly appealing... Best Ale -------- Forwarded Message -------- Subject: failure notice Date: 12 Feb 2020 06:18:04 +0200 From: mailer-dae...@mx1.ovh.net To: ab...@tana.it Hi. This is the qmail-send program at mx1.ovh.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <ovh.net-ab...@ovh.net>: user does not exist, but will deliver to /homez.12/vpopmail/domains/ovh.net/abuse/ can not open new email file errno=2 file=/homez.12/vpopmail/domains/ovh.net/abuse/Maildir/tmp/1581481084.9867.mail660.ha.ovh.net,S=4191 system error --- Below this line is a copy of the message. Return-Path: <ab...@tana.it> Received: from localhost (HELO queue) (127.0.0.1) by localhost with SMTP; 12 Feb 2020 06:18:04 +0200 Received: from unknown (HELO output25.mail.ovh.net) (10.108.117.188) by mail660.ha.ovh.net with AES256-GCM-SHA384 encrypted SMTP; 12 Feb 2020 06:18:04 +0200 Received: from vr26.mail.ovh.net (unknown [10.101.8.26]) by out25.mail.ovh.net (Postfix) with ESMTP id 48HRFm0K5Sz7P6Fd8 for <ab...@ovh.net>; Wed, 12 Feb 2020 04:18:04 +0000 (UTC) Received: from in14.mail.ovh.net (unknown [10.101.4.14]) by vr26.mail.ovh.net (Postfix) with ESMTP id 48HRFf6fgNzrQV85 for <ab...@ovh.net>; Wed, 12 Feb 2020 04:17:58 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=62.94.243.226; helo=wmail.tana.it; envelope-from=ab...@tana.it; receiver=ab...@ovh.net Authentication-Results: in14.mail.ovh.net; dkim=pass (1152-bit key; unprotected) header.d=tana.it header.i=@tana.it header.b="DSzDkiE5"; dkim-atps=neutral Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by in14.mail.ovh.net (Postfix) with ESMTPS id 48HRFf5rYcz1qqm5 for <ab...@ovh.net>; Wed, 12 Feb 2020 04:17:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by wmail.tana.it with local id 00000000005DC0BE.000000005E437C70.00006938; Wed, 12 Feb 2020 05:17:51 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1581481072; bh=hqA0axQ0F0EZuKcuD4BJM7lec22phleodccLJFRo7js=; l=1187; h=From:To:Date; b=DSzDkiE5M2E2RHdufCjt/pvL8szxXfCQCiPcYrJMYxbHDSM6/qNrHDy0JZwW3HfQG jvGk5T7PlE7c6dBvfNjmQl2Z0yTpvjOVufBM6xGVi3WEzkPUb2Wpr0b6oW/Ptan3/d d81pOjTCPaAxOXfx0G1t5PpotLEo0P48qxyNPtkGYVZoMp7kdUev7jtac9Jcq Authentication-Results: tana.it; auth=pass (details omitted) X-mmdbcountrylookup: FR From: "tana.it" <ab...@tana.it> To: ab...@ovh.net Date: Wed, 12 Feb 2020 05:17:51 +0100 Subject: Mail server abuse by 188.165.221.36 on 11 February 2020 Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Auto-Response-Suppress: DR, OOF, AutoReply Message-ID: <courier.000000005e437c6f.00006...@wmail.tana.it> X-Ovh-Remote: 62.94.243.226 (wmail.tana.it) X-Ovh-Tracer-Id: 8968355709213900626 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 50 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieeggdeifecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecuogfvvgigthfqnhhlhidqqdetfeejfedqtdegucdlhedtmdenucfjughrpefhvfffufggtgfgsehtjedttddttdejnecuhfhrohhmpedfthgrnhgrrdhithdfuceorggsuhhsvgesthgrnhgrrdhitheqnecuffhomhgrihhnpehtrghnrgdrihhtpdhrihhpvgdrnhgvthenucfkphepiedvrdelgedrvdegfedrvddvieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehinhdugedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvthepiedvrdelgedrvdegfedrvddviedpmhgrihhlfhhrohhmpegrsghushgvsehtrghnrgdrihhtpdhrtghpthhtoheprggsuhhsvgesohhvhhdrnhgvth X-Ovh-Spam-Status: OK X-Ovh-Spam-Reason: vr: OK; dkim: disabled; spf: disabled X-Ovh-Message-Type: OK Dear Abuse Team The following abusive behavior from IP address under your constituency 188.165.221.36 has been detected: 2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack 188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018 original data from the mail log: 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198] 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[58743] 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[50520] 2020-02-11 11:39:25 CET courieresmtpd: error,relay=188.165.221.36,port=58743,msg="535 Authentication failed.",cmd: AUTH LOGIN 42D117A2.9F10013D