[vcf-midatlantic] OT: help needed with network problem

William Dudley wfdudley at gmail.com
Mon Mar 28 14:25:22 UTC 2022


This has naught to do with vintage computers, but I need help,
and this audience likely has one or more folks who can help.

I run my own mail server; I have for many years.
Lately, spamhaus.org has blocked me for ONE suspect
email from my network.

Here is ALL the bad activity from my IP for the last three months:

(IP address, timestamp (UTC), and HELO string)
98.109.205.15 2022-03-28 10:15:00 instructure.com
98.109.205.15 2022-03-15 08:05:00 instructure.com
98.109.205.15 2022-01-21 16:10:00 localhost

It's a funny kind of malware that sends two messages 15 days apart.

I can't figure out where it's coming from, and my knowledge of
iptables and tcpdump is insufficient to do the following jobs:

1. figure out where this bad email is coming from
2. block port 25 outbound at my firewall except from
the ONE machine authorized to send email.

I am willing to PAY for help with this.

Email me if you think you can help and would like to try.

Thanks,
Bill Dudley

This email is free of malware because I run Linux.


More information about the vcf-midatlantic mailing list