To: "Abuse-Team" <abuse@txxxxx.net.br>
Subject: abuse report about 201.xx.xxx.121 - Tue, 30 Mar 2010 02:48:05 +0100 [noreply] service: mail (First x 1) RID: 71402
MIME-Version: 1.0
Reply-To: "Abuse-Team" <abuse-team@customer-config.de>
From: "Abuse-Team (auto-generated)" <autogenerated@abuse.customer-config.de>
Sender: abuse-team@customer-config.de
Errors-To: autogenerated@abuse.customer-config.de
Auto-Submitted: auto-generated
Content-Transfer-Encoding: 7bit
Content-Type: multipart/report;
	 boundary="Abuse-c237d15119204e7553db0b7f2eee8067";
Message-Id: <20100330004905.5F3EB367D97@server5.customer-config.de>
Date: Tue, 30 Mar 2010 02:49:05 +0200 (CEST)


--Abuse-c237d15119204e7553db0b7f2eee8067
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf8;

Hello Abuse-Team,

your Server with the IP: 201.xx.xxx.121 has attacked one of our server on the service: "mail"
on Time: Tue, 30 Mar 2010 02:48:05 +0100.
The IP was automatically blocked for more than 10 minutes. To block an IP, it needs 
3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg. Blacklist)!

Please check the machine behind the IP 201.xx.xxx.121 (xxxx.xxxx.com.br) and fix the problem.
Search for AS-Number/IPs from you, look at http://www.blocklist.de/search.html?as=7738   

You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2. attachment = Logs).
You found more Information about X-Arf under http://www.x-arf.org/specification.html

This mail will be resend after one day if more attacks are recognized.
In the attachment of this mail you can find the original protocols of our systems.

To pause this message for one week, you can insert the IP and E-Mailaddress to our Blocklist.
If more attacks of your network are recognized after the pause of seven days, the block will 
be canceled and you will get new reports.

http://www.blocklist.de/search.html?ip=201.xx.xxx.121&email=xxx@xxxx.net.br

We found your address in the Whois-Data from the IP under the SearchString "abuse-mailbox"
Answer us to rewrite the address (to abuse-quiet or a special address) for all upcoming reports.
 
This message was sent automatically, please answer us for Questions.

------------------------------
 - Ihr E-Mailserver muss einen Reverse-DNS-Eintrag besitzen
 - Ihre Absender-Domain (From:) muss aufloesbar sein
 - Ihre helo/ehlo-Adresse muss auf eine IP-Adresse aufloesen
 - Ihre IP oder Domain darf NICHT in folgenden Blacklist gelistet sein:
   - spamcop.net
   - spamhaus.org
   - njabl.org
   - manitu.net

-------------------------------------------------------------------

--Abuse-c237d15119204e7553db0b7f2eee8067
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf8; name="report.txt";

---
Reported-From: autogenerated@abuse.customer-config.de
Category: info
Report-Type: harvesting
Service: postfix
Version: 0.1
User-Agent: blocklist.de V-X0.1
Date: Tue, 30 Mar 2010 02:48:05 +0100
Source-Type: ip-address
Source: 201.xx.xxx.121
Port: 25
Report-ID: 12699101452836@blocklist.de
Schema-URL: http://www.x-arf.org/schema/info_0.1.0.json
Attachment: text/plain

--Abuse-c237d15119204e7553db0b7f2eee8067
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf8; name="logfile.log";

Timezone +0100 CET
Lines containing IP:201.xx.xxx.121 in /var/log/mail.log

Mar 30 02:48:04 server5 postfix/smtpd[5225]: warning: 201.xx.xxx.121: hostname xxx.xxxxx.com.br verification failed: Name or service not known
Mar 30 02:48:04 server5 postfix/smtpd[5225]: connect from unknown[201.xx.xxx.121]
Mar 30 02:48:05 server5 postfix/smtpd[5225]: NOQUEUE: reject: RCPT from unknown[201.xx.xxx.121]: 554 5.7.1 Service unavailable; Client host [201.xx.xxx.121] blocked using xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=201.xx.xxx.121; from=<x> to=<x> proto=ESMTP helo=<xxxx.xxxxx.com.br>
Mar 30 02:48:05 server5 postfix/smtpd[5225]: lost connection after RCPT from unknown[201.xx.xxx.121]
Mar 30 02:48:05 server5 postfix/smtpd[5225]: disconnect from unknown[201.xx.xxx.121]


--Abuse-c237d15119204e7553db0b7f2eee8067--