From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_LOW_CONTRAST, HTML_MESSAGE,MISSING_HEADERS,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,URIBL_DBL_BLOCKED_OPENDNS autolearn=ham autolearn_force=no version=3.4.6 Authentication-Results: gnuweeb.org; dmarc=pass (p=reject dis=none) header.from=corp1.zendesk.com Authentication-Results: gnuweeb.org; dkim=pass (2048-bit key; unprotected) header.d=zendesk.com header.i=@zendesk.com header.a=rsa-sha256 header.s=zendesk2 header.b=xUzL3oL4; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=192.161.149.10; helo=mta-out10.pod19.use1.zdsys.com; envelope-from=support@corp1.zendesk.com; receiver= Received: from mta-out10.pod19.use1.zdsys.com (mta-out10.pod19.use1.zdsys.com [192.161.149.10]) by gnuweeb.org (Postfix) with ESMTPS id E9D8524C5A3 for ; Wed, 3 Jul 2024 23:16:44 +0700 (WIB) Received: from zendesk.com (unknown [127.0.0.6]) by mta-out15.pod19.use1.zdsys.com (Zendesk) with ESMTP id a7002f3d-e117-4d15-bec5-905d14095baf; Wed, 03 Jul 2024 16:16:44 +0000 (UTC) Date: Wed, 03 Jul 2024 16:16:43 +0000 From: OVH US Support Reply-To: OVH US Support Cc: GNU/Weeb Mailing List , Michael William Jonathan , Irvan Malik Azantha Message-ID: In-Reply-To: References: Subject: Important Notice: Abuse Report - 51.81.211.47 Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_6685796be8b3b_4e3994661fa"; charset=utf-8 Content-Transfer-Encoding: 7bit X-Delivery-Context: event-id-30980279863571 Auto-Submitted: auto-generated X-Auto-Response-Suppress: All X-Mailer: Zendesk Mailer X-Zendesk-From-Account-Id: 6afa68c X-Zendesk-Email-Id: 01J1WP4J58B1X9ARSF3439Y06J DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zendesk.com; q=dns/txt; s=zendesk2; t=1720023403; bh=LC7ArtCbf8mz2Vyy920adkX4ZkiHG/20S7sXgBp1R4w=; h=date:from:reply-to:cc:message-id:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding; b=xUzL3oL4rTE/YD4xSxbaZGTwTvoyM1qqVvW74+7WA33s5VvNrSwOkuSZ3RXk/kopB99IsPcCKrl+HY93hGf1fvtNZAuUSVau87Juh43duNn0kR/kgZQ3YL6w9zFvom07175//ZN3JIuSmgHpjoipE9o0R7TKpkX3shwbMQZHdxDsA/Er+MJUGdT0ymHiLYU4yfxsyqeEjA3ejWI3GoXJ5amGrnJuTD/GbI5L12jH2S1Kg2EKSzfTpssLMweysyfPCHojig7/D7GtoNCD2UPD7TlnKpfwXTBkkd4bztKhh/KgRj99PThg3sgUZhekf5+k71sZok/bvBimN08ZUqdzEQ== List-Id: ----==_mimepart_6685796be8b3b_4e3994661fa Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ##- Please type your reply above this line -##=0D =0D You are registered as a CC on this request (431210). Reply to this email = to add a comment to the request.=0D =0D ----------------------------------------------=0D =0D Abuse Agent, Jul 3, 2024, 12:16=E2=80=AFPM EDT=0D =0D Hello,=0D =0D Thank you for the prompt reply and action taken, it is appreciated.=0D =0D We will close the case as resolved for now, if anything further comes in = we will reach out here again.=0D =0D Regards,=0D =0D ----------------------------------------------=0D =0D Ammar Faizi, Jul 2, 2024, 3:22=E2=80=AFPM EDT=0D =0D [ Top post per OVH's request ]=0D =0D Hello,=0D =0D We acknowledge receipt of your notice regarding the abuse report.=0D =0D We have identified the source of the issue as a compromised user=0D account on our mail server (IP: 51.81.211.47) under the domain=0D gnuweeb.org. The account in question, Yoga Pranata=0D zyxdevs@gnuweeb.org, was used to send spam emails, including the XARF=0D report mentioned.=0D =0D Immediate action has been taken to suspend the compromised account.=0D Additionally, we are implementing an SMTP quota limit to prevent such=0D incidents in the future. We will also conduct a thorough review of all=0D= user accounts to identify and mitigate any further malicious activity.=0D= =0D For your reference, we have attached our postqueue log as evidence of=0D the spam activity originating from the compromised account:=0D =0D Postqueue Log Evidence:=0D https://gist.githubusercontent.com/ammarfaizi2/91aaefa212ed88476cbcbdf8eb= 907d1d/raw/b2a9783f624c8fdfe6791bf936f323f7a5e99c51/postqueue.txt=0D =0D We deeply regret this occurrence and are committed to ensuring it does=0D= not happen again. Thank you for your understanding and cooperation.=0D =0D Best regards,=0D -- =0D Ammar Faizi=0D =0D [ Top post per OVH's request ]=0D =0D ----------------------------------------------=0D =0D Abuse Agent, Jul 2, 2024, 12:50=E2=80=AFPM EDT=0D =0D Good Day,=0D =0D We have received reports that your IP listed in the subject line above is= issuing malicious traffic**.** As this is possibly a violation of our Te= rms of Service, we request that you address these reports immediately. Fa= ilure to respond to this notice may ultimately result in the suspension o= f your service(s).=0D =0D Please see below for proof:=0D =0D =0D =0D > The report concerns:=0D >=0D > 2024-06-30T08:39:25Z=0D >=0D > Spam=0D >=0D > 51.81.211.47=0D >=0D > Attached is a detailed report in XARF format.=0D =0D =0D =0D Please respond with acknowledgment of receipt of this notice and any info= rmation you may have regarding these reports, including any actions taken= , or that will be taken, to halt the issuance of malicious traffic. If yo= u feel these reports are unfounded, please provide evidence as such.=0D =0D Thank you for your swift action and cooperation in the matter. If you hav= e any further questions, comments or concerns, please respond directly to= this notice.=0D =0D =0D Regards,=0D =0D Attachment(s):=0D xarf(1).json - https://support.us.ovhcloud.com/attachments/token/hPr7vPfX= VdKq1vxdnWWZ94Rfj/?name=3Dxarf%281%29.json=0D =0D --------------------------------=0D This email is a service from OVHcloud US.=0D =0D =0D =0D =0D =0D =0D =0D =0D =0D [PMWRNW-RZZLM]= ----==_mimepart_6685796be8b3b_4e3994661fa Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable =0D =0D =0D =0D =0D
=0D
##- Please type your reply above this = line -##
=0D

You are registered as a CC on this request (431210). R= eply to this email to add a comment to the request.

=

= Abuse Agent = (OVHcloud US)

= Jul 3, 2024, 12:16=E2=80=AFPM EDT

=
Hello,
 
Thank = you for the prompt reply and action taken, it is appreciated.
 We will close the case as resolved for now, if anything further comes i= n we will reach out here again.
 
Regards,
 
=

=

=
=

Ammar Faizi =

Jul 2, 2024, 3:22=E2=80=AFPM EDT =

[ Top post per OVH's request ]

Hello,

We acknowledge re= ceipt of your notice regarding the abuse report.

We have identified= the source of the issue as a compromised user
account on our mail ser= ver (IP: 51.81.211.47) under the domain
gnuweeb.org. The account in qu= estion, Yoga Pranata
zyxdevs@gnuweeb.org, was used to send spam emails, including= the XARF
report mentioned.

Immediate action has been taken to s= uspend the compromised account.
Additionally, we are implementing an S= MTP quota limit to prevent such
incidents in the future. We will also = conduct a thorough review of all
user accounts to identify and mitigat= e any further malicious activity.

For your reference, we have attac= hed our postqueue log as evidence of
the spam activity originating fro= m the compromised account:

Postqueue Log Evidence:
https://gist.githubusercontent.com/a= mmarfaizi2/91aaefa212ed88476cbcbdf8eb907d1d/raw/b2a9783f624c8fdfe6791bf93= 6f323f7a5e99c51/postqueue.txt

We deeply regret this occurrence = and are committed to ensuring it does
not happen again. Thank you for = your understanding and cooperation.

Best regards,
--
Ammar F= aizi

[ Top post per OVH's request ]

=
<= p dir=3D"ltr">

=

= Abuse Agent (OVHcloud US) =

Jul 2, 2024, 12:50=E2=80=AF= PM EDT

Good Day,

We have received reports that your IP listed= in the subject line above is issuing malicious traffic. As this is possibly a violation of our Terms of Service, we request that you address these reports immediately. Failure to resp= ond to this notice may ultimately result in the suspension of your servic= e(s).

Please see below for proof:

 

The report concerns:

2024-06-30T08:39:25Z

Spam

51.81.211.47

At= tached is a detailed report in XARF format.


 Please respond with acknowledgment of receipt of this notice and any inf= ormation you may have regarding these reports, including any actions take= n, or that will be taken, to halt the issuance of malicious traffic. If y= ou feel these reports are unfounded, please provide evidence as such.
=  
Thank you for your swift action and cooperation in the matter. = If you have any further questions, comments or concerns, please respond d= irectly to this notice.


Regards,

=

Attachment(s)
xarf(1).json
=

=0D =0D
=0D This email is a service from US OVHcloud.=0D
=0D [PMWRNW-RZZLM]=0D= =0D = ----==_mimepart_6685796be8b3b_4e3994661fa--