From owner-freebsd-security@freebsd.org  Wed Jul 18 21:47:09 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 324361034F47
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 18 Jul 2018 21:47:09 +0000 (UTC)
 (envelope-from list1@gjunka.com)
Received: from msa1.earth.yoonka.com (yoonka.com [88.98.225.149])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "msa1.earth.yoonka.com",
 Issuer "msa1.earth.yoonka.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id BA3BC8E5C7
 for <freebsd-security@freebsd.org>; Wed, 18 Jul 2018 21:47:08 +0000 (UTC)
 (envelope-from list1@gjunka.com)
Received: from ultrabook.yoonka.com (p5DD75328.dip0.t-ipconnect.de
 [93.215.83.40]) (authenticated bits=0)
 by msa1.earth.yoonka.com (8.15.2/8.15.2) with ESMTPSA id w6ILl6jI040487
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO)
 for <freebsd-security@freebsd.org>; Wed, 18 Jul 2018 21:47:07 GMT
 (envelope-from list1@gjunka.com)
X-Authentication-Warning: msa1.earth.yoonka.com: Host
 p5DD75328.dip0.t-ipconnect.de [93.215.83.40] claimed to be
 ultrabook.yoonka.com
Subject: Re: Possible break-in attempt?
To: freebsd-security@freebsd.org
References: <594ba84b-0691-8471-4bd4-076d0ae3da98@gjunka.com>
 <368EABCF-A10A-49E9-9473-7753F6BEAA50@patpro.net>
 <fd0ab13d-0dda-fa5d-a867-533720d9f47f@gjunka.com>
 <8EDDBDB2-77F5-4CF5-8744-41BEA187C08A@FreeBSD.org>
From: Grzegorz Junka <list1@gjunka.com>
Message-ID: <c7f31e25-3189-558b-1600-e15a1e3d63ec@gjunka.com>
Date: Wed, 18 Jul 2018 21:47:01 +0000
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <8EDDBDB2-77F5-4CF5-8744-41BEA187C08A@FreeBSD.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB-large
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 21:47:09 -0000


Thank you Patrick, Simon and Dimitry for a quick follow up and the 
explanation.

Is it possible to figure out which parts of the security run output 
emails are produced by which tools (I assume that each part is a 
separate check)? Could be useful to know when checking other messages in 
that email. Is there some kind of email template or script that 
generates these emails?
GrzegorzJ