From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,URIBL_DBL_BLOCKED_OPENDNS autolearn=no autolearn_force=no version=3.4.6 Authentication-Results: gnuweeb.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: gnuweeb.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=kkS2uSaZ; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.222.172; helo=mail-qk1-f172.google.com; envelope-from=ammarfaizi2@gmail.com; receiver= Received: from mail-qk1-f172.google.com (mail-qk1-f172.google.com [209.85.222.172]) by gnuweeb.org (Postfix) with ESMTPS id 8102B24C579 for ; Wed, 3 Jul 2024 02:22:10 +0700 (WIB) Received: by mail-qk1-f172.google.com with SMTP id af79cd13be357-79c045b7a1fso84292485a.3 for ; Tue, 02 Jul 2024 12:22:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719948128; x=1720552928; darn=vger.gnuweeb.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Sh9cC4n8OEF0SlOf7W7d6N/m/gqvoxuBiu72MfUJnD4=; b=kkS2uSaZhxM/CwMOKOxhltUjGuyuzJd3wgJ4ytxxmP0xg25ko0XsrnNDDyPiJjiVQo YjtCVjCFkTmH8wHFvQyj/24ed3hYZBQxvCnxKe4MXQkReUW4sgjGjNyH1gIlidPlrxTU 5x+h+mk70x+ONYgOys6Zd2VWjLBu+kBT5bqfr2wCtN8D8jqmDrWmWfpzWJ85OFJ1O6tw 8TexOwVxPqRr11Xki6qDWaDQ2gPWAFbsq2mFBwAlAFO2Pp4R00LRKDAok924M9+0OMlu Pa4ScPVnDQQ6Cv6hWvmatDFRZFAui8IUzFl49xxgvnAVnI2N/aTMpoBcFspjvYcMfWX1 DudQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719948128; x=1720552928; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Sh9cC4n8OEF0SlOf7W7d6N/m/gqvoxuBiu72MfUJnD4=; b=QcofCUBTC8EJ3tqzhuzx+XVDq62dfmGpw+2zSyjmI/MgOYK+6zY2pR6IqQ3DR84Bfr nQwY3Ouv+tDV2vgkR8AtQI+QIqIGX42K/4tXmhDURN6cLD48gcQK/svL9xdqOlKHVg1P KAvqDungg8WV7bUpBCjdsMkeTi2jyUKPhXheB6JOgnQMFMgDRAFt+pvC4XH4yz9PkssK LTRNtNsQ97zHVPhiYcb7/r7UcqXymNCSbV7rpLjms5wZgmaRm8NICFhhp0bzDowr4K3l xVMYIpgozE1owMsT6FfCfc0HIWqwK5N/JwsRkx1uQsqN1BmKfgv4ZaZjO86pskdNTPew aE1g== X-Gm-Message-State: AOJu0Yyw5Rltu876qgY/UPzQIsnINx49o1bzUk8IUOLdyj2SXSUcfwMa SzxtacawEJvcOph/c4gBtL7YLH+3IX9eJ8alzJMdqMHPR9lnwyUFF1xBM76OKiGu8qM5SqDZmIr WJilUC4y336UDXvltFms0HINVyX8= X-Google-Smtp-Source: AGHT+IGu40n1Edtxi9ci9ICOIQuRqN3Dkmf7Ki9pKRaqiuggotODbpkzsjj2jwV+aU2fJ0dHdaC/OmYPPwgBqBGG3F8= X-Received: by 2002:a05:622a:250:b0:446:3c84:e0d3 with SMTP id d75a77b69052e-446630285f5mr98247451cf.5.1719948127546; Tue, 02 Jul 2024 12:22:07 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ammar Faizi Date: Wed, 3 Jul 2024 02:21:51 +0700 Message-ID: Subject: Re: Your OVHcloud ticket-431210 requires further action from you to resolve To: OVH US Support Cc: "GNU/Weeb Mailing List" , Michael William Jonathan , Irvan Malik Azantha Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: [ Top post per OVH's request ] Hello, We acknowledge receipt of your notice regarding the abuse report. We have identified the source of the issue as a compromised user account on our mail server (IP: 51.81.211.47) under the domain gnuweeb.org. The account in question, Yoga Pranata zyxdevs@gnuweeb.org, was used to send spam emails, including the XARF report mentioned. Immediate action has been taken to suspend the compromised account. Additionally, we are implementing an SMTP quota limit to prevent such incidents in the future. We will also conduct a thorough review of all user accounts to identify and mitigate any further malicious activity. For your reference, we have attached our postqueue log as evidence of the spam activity originating from the compromised account: Postqueue Log Evidence: https://gist.githubusercontent.com/ammarfaizi2/91aaefa212ed88476cbcbdf8eb90= 7d1d/raw/b2a9783f624c8fdfe6791bf936f323f7a5e99c51/postqueue.txt We deeply regret this occurrence and are committed to ensuring it does not happen again. Thank you for your understanding and cooperation. Best regards, --=20 Ammar Faizi [ Top post per OVH's request ] On Tue, Jul 2, 2024 at 11:50=E2=80=AFPM OVH US Support wrote: > > ##- Please type your reply above this line -## > > We need your help in order to solve your case with us for 431210. Please = see the agent's next steps needed from you in order to progress your case - > > Abuse Agent (OVHcloud US) > > Jul 2, 2024, 12:50=E2=80=AFPM EDT > > Good Day, > > We have received reports that your IP listed in the subject line above is= issuing malicious traffic. As this is possibly a violation of our Terms of= Service, we request that you address these reports immediately. Failure to= respond to this notice may ultimately result in the suspension of your ser= vice(s). > > Please see below for proof: > > > > The report concerns: > > 2024-06-30T08:39:25Z > > Spam > > 51.81.211.47 > > Attached is a detailed report in XARF format. > > > > Please respond with acknowledgment of receipt of this notice and any info= rmation you may have regarding these reports, including any actions taken, = or that will be taken, to halt the issuance of malicious traffic. If you fe= el these reports are unfounded, please provide evidence as such. > > Thank you for your swift action and cooperation in the matter. If you hav= e any further questions, comments or concerns, please respond directly to t= his notice. > > > Regards, > > This email is a service from US OVHcloud. > [PMWRNW-RZZLM]