I had setup complaining quite some time ago, but stopped working on the project before I got it to work. Never saw one e-mail leave destined for the offending network.
A few days ago I got nine complaints, only they were sent to a bunch of e-mail addresses on my own box and not the offending party. I haven't touched the configuration in many months, if not a couple years. I'm confused. I have included the text of one of the complaints. The ics-il.net domain is mine and the ip22.208-117-36.static.steadfastdns.net is mine as well. Return-Path: [email protected] Received: from 10.1.8.8 (LHLO mta2.ics-il.net) (10.1.8.8) by mailbox1.ics-il.net with LMTP; Wed, 17 Jun 2015 01:25:12 -0500 (CDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mta2.ics-il.net (Postfix) with ESMTP id 179D81AD24A for <[email protected]>; Wed, 17 Jun 2015 01:25:12 -0500 (CDT) X-Virus-Scanned: amavisd-new at mta2.ics-il.net X-Spam-Flag: NO X-Spam-Score: 2.473 X-Spam-Level: ** X-Spam-Status: No, score=2.473 tagged_above=-10 required=6.6 tests=[ALL_TRUSTED=-1, BAYES_50=1.5, DEAR_SOMETHING=1.973] autolearn=no Received: from mta2.ics-il.net ([127.0.0.1]) by localhost (mta2.ics-il.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KhoG0k81Cfke for <[email protected]>; Wed, 17 Jun 2015 01:25:10 -0500 (CDT) Received: from ip22.208-117-36.static.steadfastdns.net (gyras.ics-il.net [208.117.36.22]) by mta2.ics-il.net (Postfix) with ESMTPS id 172781AD0E1 for <[email protected]>; Wed, 17 Jun 2015 01:25:10 -0500 (CDT) Received: (qmail 4892 invoked by uid 0); 17 Jun 2015 01:25:09 -0500 Message-ID: <20150617062509.4891.qm...@ip22.208-117-36.static.steadfastdns.net> From: [email protected] Date: Wed, 17 Jun 2015 01:25:09 -0500 To: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Subject: Abuse from 147.30.210.94 Cc: [email protected] User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dear Sir/Madam, We have detected abuse from the IP address 147.30.210.94, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate. Log lines are given below, but please ask if you require any further information. (If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.) This mail was generated by Fail2Ban. The recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email ([email protected]). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db abusix.com is neither responsible nor liable for the content or accuracy of this message. Note: Local timezone is -0500 (CDT) Jun 17 01:24:41 ip22 vpopmail[4764]: vchkpw-smtp: vpopmail user not found gommel@:147.30.210.94 Jun 17 01:24:46 ip22 vpopmail[4765]: vchkpw-smtp: vpopmail user not found gommel@:147.30.210.94 Jun 17 01:24:52 ip22 vpopmail[4767]: vchkpw-smtp: vpopmail user not found [email protected]:147.30.210.94 ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
