Sujet: [Fail2Ban] postfix: banned 58.77.150.79
De: Fail2Ban <fail2ban@mydomain.com>
Date: Fri, 16 May 2008 02:33:25 +0200 (CEST)
Pour: admin@mydomain.com

Hi,

The IP 58.77.150.79 has just been banned by Fail2Ban after
3 attempts against postfix.


Here are more information about 58.77.150.79:

% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      58.72.0.0 - 58.79.255.255
netname:      KRNIC
country:      KR
descr:        KRNIC
descr:        ************************************************
descr:        KRNIC Member
descr:        If you would like to find assignment
descr:        information in detail please refer to
descr:        the KRNIC Whois Database at:
descr:        "http://whois.nida.or.kr/english/index.html"
descr:        ************************************************
admin-c:      HM127-AP
tech-c:       HM127-AP
status:       ALLOCATED PORTABLE
changed:      hostmaster@nida.or.kr 20060622
mnt-by:       MNT-KRNIC-AP
source:       APNIC

person:       Host Master
address:      11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
address:      Seoul, Korea, 137-857
country:      KR
phone:        +82-2-2186-4500
fax-no:       +82-2-2186-4496
e-mail:       hostmaster@nic.or.kr
nic-hdl:      HM127-AP
mnt-by:       MNT-KRNIC-AP
changed:      hostmaster@nic.or.kr 20020507
source:       APNIC

inetnum:      58.77.0.0 - 58.77.255.255
netname:      Xpeed-KR
descr:        LG POWERCOMM
country:      KR
admin-c:      IA469-KR
tech-c:       IM469-KR
status:       ALLOCATED PORTABLE
mnt-by:       MNT-KRNIC-AP
remarks:      This information has been partially mirrored by APNIC from
remarks:      KRNIC. To obtain more specific information, please use the
remarks:      KRNIC whois server at whois.krnic.net.
changed:      hostmaster@nic.or.kr
source:       KRNIC

person:       IP Administrator
address:      Bangbae-dong Seocho-gu SEOUL
address:      537-18
country:      KR
phone:        +82-2-2086-5935
e-mail:       ip@powercomm.com
nic-hdl:      IA469-KR
mnt-by:       MNT-KRNIC-AP
changed:      hostmaster@nic.or.kr
source:       KRNIC

person:       IP Manager
address:      Bangbae-dong Seocho-gu SEOUL
address:      537-18
country:      KR
phone:        +82-2-2086-5935
e-mail:       ip@powercomm.com
nic-hdl:      IM469-KR
mnt-by:       MNT-KRNIC-AP
changed:      hostmaster@nic.or.kr
source:       KRNIC


Lines containing IP:58.77.150.79 in /var/log/mail.log

May 16 02:33:21 sanji postfix/smtpd[5995]: connect from unknown[58.77.150.79]
May 16 02:33:22 sanji postfix/smtpd[5995]: NOQUEUE: reject: RCPT from unknown[58.77.150.79]: 554 5.7.1 <wertss33@hanmail.net>: Relay access denied; from=<webmaster@mydomain.com> to=<wertss33@hanmail.net> proto=SMTP helo=<dzwlajf.com>
May 16 02:33:23 sanji postfix/smtpd[5995]: NOQUEUE: reject: RCPT from unknown[58.77.150.79]: 554 5.7.1 <guswodl@yahoo.co.kr>: Relay access denied; from=<webmaster@mydomain.com> to=<guswodl@yahoo.co.kr> proto=SMTP helo=<dzwlajf.com>
May 16 02:33:23 sanji postfix/smtpd[5995]: NOQUEUE: reject: RCPT from unknown[58.77.150.79]: 554 5.7.1 <fjrgfg21@korea.com>: Relay access denied; from=<webmaster@mydomain.com> to=<fjrgfg21@korea.com> proto=SMTP helo=<dzwlajf.com>
May 16 02:33:24 sanji postfix/smtpd[5995]: lost connection after DATA (0 bytes) from unknown[58.77.150.79]
May 16 02:33:24 sanji postfix/smtpd[5995]: disconnect from unknown[58.77.150.79]


Regards,

Fail2Ban