S
skoeswanto

  • Apr 20, 2022
  • Joined Apr 8, 2022
  • 1 discussion
  • 2 posts
  • 0 best answers
  • Post posted... wait what?
  • So it is kind of safe for me to ignore those? Is there a best practice to block these attack? I am not that annoyed by the message to remove the watchdog_notify but would very much like to block these attacks if possible. Any advice would be great. Thanks much

  • Greetings,

    I got around 500 emails from watchdog@[my-email-server] in the last 3 days and do not understand much of it. Can you help me? There are no emails going in or out at this moment (or at least that I know of.) Our mail server consist only 5 people and we are all in the same office so we were checking while none of us were sending any emails. Hope to get some answers from you, thanks.

    Few example are:
    —— 1 —–
    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See ripe.net Icon RIPE Database Terms and Conditions | Docs

    % Note: this output has been filtered.
    % To receive output for a database update, use the “-B” flag.

    % Information related to ‘212.227.0.0 - 212.227.13.255’

    % Abuse contact for ‘212.227.0.0 - 212.227.13.255’ is ‘abuse@oneandone.net

    inetnum: 212.227.0.0 - 212.227.13.255
    netname: IONOS-CUSTOMERS
    descr: 1&1 IONOS SE
    descr: NCC#1999110113
    country: DE
    admin-c: IPAD-RIPE
    tech-c: IPOP-RIPE
    status: ASSIGNED PA
    mnt-by: AS8560-MNT
    created: 2002-08-20T10:19:50Z
    last-modified: 2020-11-30T17:13:35Z
    source: RIPE # Filtered

    role: IP Administration
    address: 1&1 IONOS SE
    admin-c: JR2342-RIPE
    admin-c: SH15342-RIPE
    tech-c: JR2342-RIPE
    tech-c: SH15342-RIPE
    nic-hdl: IPAD-RIPE
    abuse-mailbox: abuse@oneandone.net
    mnt-by: AS8560-MNT
    created: 2009-05-20T17:24:09Z
    last-modified: 2020-11-27T12:38:59Z
    source: RIPE # Filtered

    role: IP Operations
    address: 1&1 IONOS SE
    admin-c: JR2342-RIPE
    admin-c: SH15342-RIPE
    tech-c: JR2342-RIPE
    tech-c: SH15342-RIPE
    nic-hdl: IPOP-RIPE
    abuse-mailbox: abuse@oneandone.net
    mnt-by: AS8560-MNT
    created: 2009-05-28T16:25:04Z
    last-modified: 2020-11-27T12:40:30Z
    source: RIPE # Filtered

    % Information related to ‘212.227.0.0/16AS8560’

    route: 212.227.0.0/16
    descr: IONOS-PA-2
    origin: AS8560
    mnt-by: AS8560-MNT
    created: 2011-04-27T14:38:19Z
    last-modified: 2020-11-27T17:48:27Z
    source: RIPE # Filtered

    % This query was served by the RIPE Database Query Service version 1.102.3 (BLAARKOP)

    —— 2 —–
    % [whois.apnic.net]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    % Information related to ‘60.166.0.0 - 60.175.255.255’

    % Abuse contact for ‘60.166.0.0 - 60.175.255.255’ is ‘anti-spam@chinatelecom.cn

    inetnum: 60.166.0.0 - 60.175.255.255
    netname: CHINANET-AH
    descr: CHINANET anhui province network
    descr: China Telecom
    descr: A12,Xin-Jie-Kou-Wai Street
    descr: Beijing 100088
    country: CN
    admin-c: CH93-AP
    tech-c: JW89-AP
    abuse-c: AC1573-AP
    status: ALLOCATED PORTABLE
    mnt-by: APNIC-HM
    mnt-lower: MAINT-CHINANET-AH
    mnt-routes: MAINT-CHINANET-AH
    mnt-irt: IRT-CHINANET-CN
    last-modified: 2021-06-15T08:06:35Z
    source: APNIC

    irt: IRT-CHINANET-CN
    address: No.31 ,jingrong street,beijing
    address: 100032
    e-mail: anti-spam@chinatelecom.cn
    abuse-mailbox: anti-spam@chinatelecom.cn
    admin-c: CH93-AP
    tech-c: CH93-AP
    auth: # Filtered
    remarks: anti-spam@chinatelecom.cn was validated on 2022-02-14
    mnt-by: MAINT-CHINANET
    last-modified: 2022-02-14T07:13:12Z
    source: APNIC

    role: ABUSE CHINANETCN
    address: No.31 ,jingrong street,beijing
    address: 100032
    country: ZZ
    phone: +000000000
    e-mail: anti-spam@chinatelecom.cn
    admin-c: CH93-AP
    tech-c: CH93-AP
    nic-hdl: AC1573-AP
    remarks: Generated from irt object IRT-CHINANET-CN
    remarks: anti-spam@chinatelecom.cn was validated on 2022-02-14
    abuse-mailbox: anti-spam@chinatelecom.cn
    mnt-by: APNIC-ABUSE
    last-modified: 2022-02-14T07:14:09Z
    source: APNIC

    person: Chinanet Hostmaster
    nic-hdl: CH93-AP
    e-mail: anti-spam@chinatelecom.cn
    address: No.31 ,jingrong street,beijing
    address: 100032
    phone: +86-10-58501724
    fax-no: +86-10-58501724
    country: CN
    mnt-by: MAINT-CHINANET
    last-modified: 2022-02-28T06:53:44Z
    source: APNIC

    person: Jinneng Wang
    address: 17/F, Postal Building No.120 Changjiang
    address: Middle Road, Hefei, Anhui, China
    country: CN
    phone: +86-551-2659073
    fax-no: +86-551-2659287
    e-mail: ahdata@189.cn
    nic-hdl: JW89-AP
    mnt-by: MAINT-CHINANET-AH
    last-modified: 2014-02-21T01:19:43Z
    source: APNIC

    % This query was served by the APNIC Whois Service version 1.88.15-SNAPSHOT (WHOIS-UK4)

    • Someone is trying to use your mailserver maliciously. Probably trying to use it as a mail relay or guessing passwords to gain access. If you don’t wanna get notified, you should remove your watchdog_notify_email in mailcow.conf.