Received: from EXCHPAPP04.corp.twcable.com (10.64.163.145) by EXCHPAPP01.corp.

1. Received: from EXCHPAPP04.corp.twcable.com (10.64.163.145) by
2. EXCHPAPP01.corp.twcable.com (10.64.163.142) with Microsoft SMTP Server (TLS)
3. id 15.0.1104.5 via Mailbox Transport; Sun, 29 Nov 2015 07:17:32 -0500
4. Received: from EXCHPAPP11.corp.twcable.com (10.64.163.152) by
5. exchpapp04.corp.twcable.com (10.64.163.145) with Microsoft SMTP Server (TLS)
6. id 15.0.1104.5; Sun, 29 Nov 2015 07:17:32 -0500
7. Received: from cdpipgw01.twcable.com (165.237.59.22) by
8. EXCHPAPP11.corp.twcable.com (10.64.163.152) with Microsoft SMTP Server id
9. 15.0.1104.5 via Frontend Transport; Sun, 29 Nov 2015 07:17:31 -0500
10. IronPort-PHdr: 9a23:dcUW2hMFWmIV9EjSqyQl6mtUPXoX/o7sNwtQ0KIMzox0K/n8rarrMEGX3/hxlliBBdydsKIZzbqI+PuwESxYuNDa7yBEKMQNHzY+yuwo3CUYSPafDkP6KPO4JwcbJ+9lEGFfwnegLEJOE9z/bVCB6le77DoVBwmtfVEtfre9ScbuiJG+3f2p9rXJeUNDgz/uT6l1KUCYpATV7OMfh8M2I6ws0RbhqXpCf+lNg21ycwHA1y3g79u9qcYwux9bvOgsopZN
11. X-SENDER-IP: 107.14.168.160
12. X-SENDER-REPUTATION: 0.2
13. X-IronPort-Anti-Spam-Filtered: true
14. X-IronPort-Anti-Spam-Result: A0BfAgCk61pWZqCoDmtdCoJkgSBvqnoBGAEBAQEBBoENgkUBkSoXAQWFbAQCJXY8EAEBAQEBAQEBEAsWBxUeHoItgjEoAUwWAgUNARMCER1ABIguBAEIlz2PcIVrAYoegQGFDIYXFoNCEQEqPQEDgk4vgRUFh0eHDoQag2iFKoVGgj+BZEmDeYc4ixqDcAI4ggELgiRxAQGEJwcXgSoBAQE
15. X-IPAS-Result: A0BfAgCk61pWZqCoDmtdCoJkgSBvqnoBGAEBAQEBBoENgkUBkSoXAQWFbAQCJXY8EAEBAQEBAQEBEAsWBxUeHoItgjEoAUwWAgUNARMCER1ABIguBAEIlz2PcIVrAYoegQGFDIYXFoNCEQEqPQEDgk4vgRUFh0eHDoQag2iFKoVGgj+BZEmDeYc4ixqDcAI4ggELgiRxAQGEJwcXgSoBAQE
16. X-IronPort-AV: E=Sophos;i="5.20,360,1444708800";
17. d="scan'208,217";a="1130198113"
18. Received: from cdptpa-postmx01.email.rr.com ([107.14.168.160])
19. by cdpipgw01.twcable.com with ESMTP; 29 Nov 2015 07:07:36 -0500
20. Received: by cdptpa-postmx01.email.rr.com (Postfix)
21. id 516BE151C3F4; Sun, 29 Nov 2015 12:17:31 +0000 (UTC)
22. Delivered-To: newabuseaddress@cdptpa-postmx01.email.rr.com
23. Received: from nouvelles-techno.fr (nouvelles-techno.fr [46.105.44.189])
24. by cdptpa-postmx01.email.rr.com (Postfix) with ESMTP id 39CEE151C3E5
25. for <abuse@rr.com>; Sun, 29 Nov 2015 12:17:31 +0000 (UTC)
26. Received: from localhost (localhost.localdomain [127.0.0.1])
27. by nouvelles-techno.fr (Postfix) with ESMTP id 33CCA708416A;
28. Sun, 29 Nov 2015 13:17:30 +0100 (CET)
29. X-Virus-Scanned: Debian amavisd-new at nouvelles-techno.fr
30. Received: from nouvelles-techno.fr ([127.0.0.1])
31. by localhost (nouvelles-techno.fr [127.0.0.1]) (amavisd-new, port 10024)
32. with ESMTP id UyF07iqEHJc3; Sun, 29 Nov 2015 13:17:29 +0100 (CET)
33. Received: by nouvelles-techno.fr (Postfix, from userid 0)
34. id D60EB7081600; Sun, 29 Nov 2015 13:17:28 +0100 (CET)
35. From: Fail2Ban <abuse@cibles.fr>
36. To: <abuse@rr.com>
37. Subject: [Fail2Ban] Unauthorized access using IP 71.43.31.50
38. Content-Type: text/html; charset="UTF-8"
39. Message-ID: <20151129121728.D60EB7081600@nouvelles-techno.fr>
40. Date: Sun, 29 Nov 2015 13:17:28 +0100
41. Return-Path: abuse@cibles.fr
42. X-MS-Exchange-Organization-Network-Message-Id: 1e2537b4-3b41-44e3-2944-08d2f8b70ebc
43. X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
44. X-TM-AS-Product-Ver: SMEX-11.0.0.1191-8.000.1202-21970.005
45. X-TM-AS-Result: No--8.838700-8.000000-31
46. X-TM-AS-User-Approved-Sender: No
47. X-TM-AS-User-Blocked-Sender: No
48. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXw]nP;1217900;0;This mail has
49. been scanned by Trend Micro ScanMail for Microsoft Exchange;
50. X-MS-Exchange-Organization-SCL: 0
51. X-MS-Exchange-Organization-AuthSource: exchpapp11.corp.twcable.com
52. X-MS-Exchange-Organization-AuthAs: Anonymous
53. MIME-Version: 1.0
54.  
55. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head>
56. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>[Fail2Ban] Unauthorized access using IP 71.43.31.50</title>
57.  
58. <style>
59. body { font-family:sans-serif; font-size:12px; }
60. div.cadre { margin:5px 0; padding:0 5px; border:1px solid #999999; }
61. p { margin:5px 0; }
62. p.small { font-size:10px; color:#444; }
63. pre { font-size:10px; font-family:monospace; color: #666666; }
64. </style>
65. </head>
66. <body>
67. <p>Hello,</p>
68. <p>Using the ip mentioned above (71.43.31.50), which is according to Whois/abusix.org allocated to you, it was tried to access the system nouvelles-techno.fr (46.105.44.189) without authorization. At the very end of the message you can find the related parts from the logfile (all times are French local times, UTC&#43;1/MET or UTC&#43;2/MEST). For the time being, the offending system has been blocked from further access.</p>
69. <p>Please check the offending system or contact your customer/user. I really would appreciate a quick reaction and a feedback on actions taken.</p>
70. <p>In case of questions, you can contact me under <a href="mailto:abuse@cibles.fr">abuse@cibles.fr</a>.</p>
71. <p>Best regards.</p>
72. <p>Nicolas</p>
73. <hr>
74. <p>The IP 71.43.31.50 has just been banned by Fail2Ban after 1 attempts.</p>
75. <p>abusix.org Information - where your email address has been taken from : abuse@rr.com</p>
76. <p>Few lines containing IP 71.43.31.50, reason for abuse complaint :</p>
77. <pre>Nov 29 13:17:25 nouvelles-techno postfix/smtpd[28788]: warning: rrcs-71-43-31-50.se.biz.rr.com[71.43.31.50]: SASL login authentication failed: UGFzc3dvcmQ6</pre>
78. </body>
79. </html>