If the details aren't specific to your server, could you post the body of the message? They might not stop there, and I'd like to know what's going on before they hit my server.
I was able to find a forum post from someone experiencing a similar issue from back in 2014. It seems like they don't give out any information until the end of the investigation. I'm guessing it's probably CSAM.
Woah what