Dear Mr Hospodka,We have received complaints about your server vmi99853, spe

1. Dear Mr Hospodka,
2.  
3. We have received complaints about your server vmi99853, specifically about the following IP address(es):
4.  
5. 178.238.238.187
6.  
7. Please see the forwarded e-mail below for more details. Apparently, your server is being used for spamming which is strictly forbidden by our ToS. Spamming is a serious threat in the Internet and can cause a huge amount of damage; thus, we ask for your understanding that we must handle abuse strictly and with no tolerance.
8.  
9. In order to find at least a temporary solution, we had to disable the server ports 25 and 465. Thus, e-mailing from your server is not possible any longer. In addition to that, due to technical circumstances, we were forced to block your IPV6 addresses entirely, which means that you are not able to connect to your server via IPv6 anymore. To remove both of these suspensions, it is required that you solve the problem which is described in the forwarded e-mail below and that you send us a final report containing all information which enables us to understand exactly which measures you took to stop and prevent such or similar incidents in the future.
10.  
11. Provided that you take adequate measures and send us a sufficient report, we can undo the suspension, and thus re-enable your server to send e-mails and to communicate via IPv6.
12.  
13. Should your e-mail address be hosted on your server, you will not be able to answer to this message. In this case, please send your reply through an alternative e-mail-address. By all means, please keep the 16-digit ticket ID in the subject of your message - the easiest way to achieve this is to use the subject line of this e-mail as your new subject. Without the ticket ID in the subject, handling this matter will significantly take more time.
14.  
15. We would appreciate your immediate attention to this matter.
16. Original complaint from Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
17. Subject: Unwanted e-mail (spam) and malware(?) from mail server [178.238.238.187]
18.  
19. > [A copy of the spam (fraud, malware) e-mail is included at the end of the body.]
20. >
21. > The sender is misusing my and others e-mail address. He is a notorious
22. > spammer and malware distributor.
23. >
24. > He is a time thief.
25. >
26. > Please check whether this spam conforms to your ethics, laws, regulations,
27. > and rules and take appropriate actions to stop spams permanently, including
28. > e-mail addresses and web-pages used in spams.
29. >
30. > The attached file in the spam (not included in my e-mail) contains
31. > possibly a virus.
32. >
33. > The spam's attachment contains a zipped file "31994_ZIP.zip"
34. >
35. > The file "31994_ZIP.zip " (removed form the included mail) contains the file "31994.js",
36. > which is a "ASCII text, with very long lines".
37. >
38. > ###
39. >
40. > Involved person/companies:
41. >
42. > 1) The named sender in the header is
43. >
44. > <mbernhagen@unmc.edu>
45. >
46. > 2) The mail service is from
47. >
48. > vmi99853.contabo.host ([178.238.238.187]:38828 "HELO
49. >
50. > Directly involved IP-number:
51. >
52. > [178.238.238.187]
53. >
54. > ##
55. >
56. > Copy of the e-mail (with ">" added to the first line and without the
57. > attachment (malware)):
58. >
59. > >From util-linux-owner@vger.kernel.org Wed Mar 15 17:25:59 2017
60. > Return-Path: <util-linux-owner@vger.kernel.org>
61. > Received: from lmtpproxyd (cmf2.hi.is [2a00:c88:4000:1650::165:169])
62. > by cmb0.hi.is (Cyrus v2.4.16) with LMTPA;
63. > Wed, 15 Mar 2017 17:25:59 +0000
64. > X-Sieve: CMU Sieve 2.4
65. > Received: from mx1.hi.is (mx1.hi.is [2a00:c88:4000:1650::165:103])
66. > by cmf2.hi.is (Cyrus v2.4.17-Fedora-RPM-2.4.17-8.el7) with LMTPA;
67. > Wed, 15 Mar 2017 17:25:57 +0000
68. > Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
69. > by mx1.hi.is (8.14.7/8.14.7) with ESMTP id v2FHPrL2015676
70. > for <bjarniig@rhi.hi.is>; Wed, 15 Mar 2017 17:25:56 GMT
71. > Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
72. > id S1751277AbdCORZw (ORCPT <rfc822;bjarniig@rhi.hi.is>);
73. > Wed, 15 Mar 2017 13:25:52 -0400
74. > Received: from vmi99853.contabo.host ([178.238.238.187]:38828 "HELO
75. > vmi99853.contabo.host" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
76. > with SMTP id S1750780AbdCORZw (ORCPT
77. > <rfc822;util-linux@vger.kernel.org>); Wed, 15 Mar 2017 13:25:52 -0400
78. > X-Greylist: delayed 357 seconds by postgrey-1.27 at vger.kernel.org; Wed, 15 Mar 2017 13:25:50 EDT
79. > MIME-Version: 1.0
80. > Subject:
81. > Content-Type: application/zip; name="EMAIL_8991_util-linux.zip"
82. > Content-Disposition: attachment
83. > Content-Transfer-Encoding: base64
84. > Message-ID: <148959874559.19795.12948239073066088937@vmi99853.contabo.host>
85. > Importance: High
86. > Date: Wed, 15 Mar 2017 17:25:45 -0000
87. > From: <mbernhagen@unmc.edu>
88. > Reply-To: <mbernhagen@unmc.edu>
89. > To: "util-linux" <util-linux@vger.kernel.org>
90. > Sender: util-linux-owner@vger.kernel.org
91. > Precedence: bulk
92. > List-ID: <util-linux.vger.kernel.org>
93. > X-Mailing-List: util-linux@vger.kernel.org
94. > X-Spam-Status: No, score=-4.1 required=4.6 tests=BAYES_50,
95. > HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,ZIP_ATTACHED
96. > autolearn=ham autolearn_force=no version=3.4.0
97. > X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on gleipnir.rhi.hi.is
98. > Status: RO
99. > Content-Length: 9730
100. > Lines: 128
101. >
102. > [Content removed]
103. >
104. > --
105. > To unsubscribe from this list: send the line "unsubscribe util-linux" in
106. > the body of a message to majordomo@vger.kernel.org
107. > More majordomo info at http://vger.kernel.org/majordomo-info.html
108. >
109. > # End of the copy of the e-mail (spam and malware) #
110. >
111. > --
112. > Bjarni I. Gislason