diff --git a/config/action.d/xarf-login-attack.conf b/config/action.d/xarf-login-attack.conf
index 6580cd8a..568d9d5c 100644
--- a/config/action.d/xarf-login-attack.conf
+++ b/config/action.d/xarf-login-attack.conf
@@ -1,7 +1,6 @@
 # Fail2Ban action for sending xarf Login-Attack messages to IP owner
 #
-# This requires querycontact ( http://pypi.python.org/pypi/querycontacts/ )
-# sudo pip install querycontacts
+# This requires the dig command from bind-utils
 #
 # This uses the https://abusix.com/contactdb.html to lookup abuse contacts.
 #
@@ -28,8 +27,8 @@ actionstop =
 
 actioncheck =
 
-actionban = ADDRESSES=`querycontacts <ip>`
-	          IP=<ip>
+actionban = oifs=${IFS}; IFS=.;SEP_IP=( <ip> ); set -- ${SEP_IP} ;ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs}
+            IP=<ip>
             FROM=<sender>
             SERVICE=<service>
             FAILURES=<failures>
@@ -42,7 +41,7 @@ actionban = ADDRESSES=`querycontacts <ip>`
                 (printf -- %%b "<header>\n<message>\n<report>\n${MATCHES}\n";
                  date '+Note: Local timezone is %%z (%%Z)';
                  tail -n <loglines> <logpath> | grep '[^0-9]<ip>[^0-9]';
-                 printf -- %%b "<footer>") | <mailcmd> <mailargs> $ADDRESSES
+                 printf -- %%b "<footer>") | <mailcmd> <mailargs> ${ADDRESSES//,/" "}
             fi
 
 actionunban =