Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Dear Mr Hospodka,
- We have received complaints about your server vmi99853, specifically about the following IP address(es):
- 178.238.238.187
- Please see the forwarded e-mail below for more details. Apparently, your server is being used for spamming which is strictly forbidden by our ToS. Spamming is a serious threat in the Internet and can cause a huge amount of damage; thus, we ask for your understanding that we must handle abuse strictly and with no tolerance.
- In order to find at least a temporary solution, we had to disable the server ports 25 and 465. Thus, e-mailing from your server is not possible any longer. In addition to that, due to technical circumstances, we were forced to block your IPV6 addresses entirely, which means that you are not able to connect to your server via IPv6 anymore. To remove both of these suspensions, it is required that you solve the problem which is described in the forwarded e-mail below and that you send us a final report containing all information which enables us to understand exactly which measures you took to stop and prevent such or similar incidents in the future.
- Provided that you take adequate measures and send us a sufficient report, we can undo the suspension, and thus re-enable your server to send e-mails and to communicate via IPv6.
- Should your e-mail address be hosted on your server, you will not be able to answer to this message. In this case, please send your reply through an alternative e-mail-address. By all means, please keep the 16-digit ticket ID in the subject of your message - the easiest way to achieve this is to use the subject line of this e-mail as your new subject. Without the ticket ID in the subject, handling this matter will significantly take more time.
- We would appreciate your immediate attention to this matter.
- Original complaint from Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
- Subject: Unwanted e-mail (spam) and malware(?) from mail server [178.238.238.187]
- > [A copy of the spam (fraud, malware) e-mail is included at the end of the body.]
- >
- > The sender is misusing my and others e-mail address. He is a notorious
- > spammer and malware distributor.
- >
- > He is a time thief.
- >
- > Please check whether this spam conforms to your ethics, laws, regulations,
- > and rules and take appropriate actions to stop spams permanently, including
- > e-mail addresses and web-pages used in spams.
- >
- > The attached file in the spam (not included in my e-mail) contains
- > possibly a virus.
- >
- > The spam's attachment contains a zipped file "31994_ZIP.zip"
- >
- > The file "31994_ZIP.zip " (removed form the included mail) contains the file "31994.js",
- > which is a "ASCII text, with very long lines".
- >
- > ###
- >
- > Involved person/companies:
- >
- > 1) The named sender in the header is
- >
- > <mbernhagen@unmc.edu>
- >
- > 2) The mail service is from
- >
- > vmi99853.contabo.host ([178.238.238.187]:38828 "HELO
- >
- > Directly involved IP-number:
- >
- > [178.238.238.187]
- >
- > ##
- >
- > Copy of the e-mail (with ">" added to the first line and without the
- > attachment (malware)):
- >
- > >From util-linux-owner@vger.kernel.org Wed Mar 15 17:25:59 2017
- > Return-Path: <util-linux-owner@vger.kernel.org>
- > Received: from lmtpproxyd (cmf2.hi.is [2a00:c88:4000:1650::165:169])
- > by cmb0.hi.is (Cyrus v2.4.16) with LMTPA;
- > Wed, 15 Mar 2017 17:25:59 +0000
- > X-Sieve: CMU Sieve 2.4
- > Received: from mx1.hi.is (mx1.hi.is [2a00:c88:4000:1650::165:103])
- > by cmf2.hi.is (Cyrus v2.4.17-Fedora-RPM-2.4.17-8.el7) with LMTPA;
- > Wed, 15 Mar 2017 17:25:57 +0000
- > Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
- > by mx1.hi.is (8.14.7/8.14.7) with ESMTP id v2FHPrL2015676
- > for <bjarniig@rhi.hi.is>; Wed, 15 Mar 2017 17:25:56 GMT
- > Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
- > id S1751277AbdCORZw (ORCPT <rfc822;bjarniig@rhi.hi.is>);
- > Wed, 15 Mar 2017 13:25:52 -0400
- > Received: from vmi99853.contabo.host ([178.238.238.187]:38828 "HELO
- > vmi99853.contabo.host" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
- > with SMTP id S1750780AbdCORZw (ORCPT
- > <rfc822;util-linux@vger.kernel.org>); Wed, 15 Mar 2017 13:25:52 -0400
- > X-Greylist: delayed 357 seconds by postgrey-1.27 at vger.kernel.org; Wed, 15 Mar 2017 13:25:50 EDT
- > MIME-Version: 1.0
- > Subject:
- > Content-Type: application/zip; name="EMAIL_8991_util-linux.zip"
- > Content-Disposition: attachment
- > Content-Transfer-Encoding: base64
- > Message-ID: <148959874559.19795.12948239073066088937@vmi99853.contabo.host>
- > Importance: High
- > Date: Wed, 15 Mar 2017 17:25:45 -0000
- > From: <mbernhagen@unmc.edu>
- > Reply-To: <mbernhagen@unmc.edu>
- > To: "util-linux" <util-linux@vger.kernel.org>
- > Sender: util-linux-owner@vger.kernel.org
- > Precedence: bulk
- > List-ID: <util-linux.vger.kernel.org>
- > X-Mailing-List: util-linux@vger.kernel.org
- > X-Spam-Status: No, score=-4.1 required=4.6 tests=BAYES_50,
- > HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,ZIP_ATTACHED
- > autolearn=ham autolearn_force=no version=3.4.0
- > X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on gleipnir.rhi.hi.is
- > Status: RO
- > Content-Length: 9730
- > Lines: 128
- >
- > [Content removed]
- >
- > --
- > To unsubscribe from this list: send the line "unsubscribe util-linux" in
- > the body of a message to majordomo@vger.kernel.org
- > More majordomo info at http://vger.kernel.org/majordomo-info.html
- >
- > # End of the copy of the e-mail (spam and malware) #
- >
- > --
- > Bjarni I. Gislason
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement