Just a heads up to the 44 Group who run 44 addressed mail servers.
Over the last few days I've had someone trying to break into my mail server.
After installing more detection software, I came up with IP Address 178.33.151.117.
Just a heads up he's probably scanning the network looking for others, so heads up everyone.
Bill / KG6BAJ
==========================================
AUTOMATED NOTIFICATION !
The IP 178.33.151.117 has just been banned after several attempts against dovecot.
Here are more information about 178.33.151.117:
% This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered. % To receive output for a database update, use the "-B" flag.
% Information related to '178.33.151.112 - 178.33.151.127'
% Abuse contact for '178.33.151.112 - 178.33.151.127' is 'abuse@ovh.net'
inetnum: 178.33.151.112 - 178.33.151.127 netname: DVC-ITA descr: DoveConviene.it Italian Network country: IT org: ORG-OS43-RIPE admin-c: OTC5-RIPE tech-c: OTC5-RIPE status: ASSIGNED PA mnt-by: OVH-MNT source: RIPE # Filtered
organisation: ORG-OS43-RIPE org-name: OVH Srl org-type: OTHER address: Via trieste 25 address: 20097 San Donato Milanese address: Italia abuse-mailbox: abuse@ovh.net mnt-ref: OVH-MNT mnt-by: OVH-MNT source: RIPE # Filtered
role: OVH IT Technical Contact address: OVH Srl address: Via trieste 25 address: 20097 San Donato Milanese address: Italia admin-c: OK217-RIPE tech-c: GM84-RIPE nic-hdl: OTC5-RIPE abuse-mailbox: abuse@ovh.net mnt-by: OVH-MNT source: RIPE # Filtered
% Information related to '178.32.0.0/15AS16276'
route: 178.32.0.0/15 descr: OVH ISP descr: Paris, France origin: AS16276 mnt-by: OVH-MNT source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.71 (WHOIS1)
Lines containing IP:178.33.151.117 in /var/log/mail.log
Feb 5 04:15:37 linux1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=test@ampr.org, method=PLAIN, rip=178.33.151.117, lip=44.2.14.2 Feb 5 04:17:23 linux1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=test@ampr.org, method=PLAIN, rip=178.33.151.117, lip=44.2.14.2 Feb 5 04:17:41 linux1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=test@ampr.org, method=PLAIN, rip=178.33.151.117, lip=44.2.14.2 ...... <snip>