[vcf-midatlantic] OT: help needed with network problem
Dave Shevett
shevett at pobox.com
Mon Mar 28 15:07:52 UTC 2022
I assume you've done all the appropriate things regarding running a
safe mail server on the internet? That means SPF and DMARC records,
and you've run your MX host through the various mail checkers to see
if they are all aligned and have a good reputation?
mxtoolbox.com is my go-to when i'm having mail server issues - plug in
your domain and see what it says.
On Mon, Mar 28, 2022 at 10:25 AM William Dudley via vcf-midatlantic
<vcf-midatlantic at lists.vcfed.org> wrote:
>
> This has naught to do with vintage computers, but I need help,
> and this audience likely has one or more folks who can help.
>
> I run my own mail server; I have for many years.
> Lately, spamhaus.org has blocked me for ONE suspect
> email from my network.
>
> Here is ALL the bad activity from my IP for the last three months:
>
> (IP address, timestamp (UTC), and HELO string)
> 98.109.205.15 2022-03-28 10:15:00 instructure.com
> 98.109.205.15 2022-03-15 08:05:00 instructure.com
> 98.109.205.15 2022-01-21 16:10:00 localhost
>
> It's a funny kind of malware that sends two messages 15 days apart.
>
> I can't figure out where it's coming from, and my knowledge of
> iptables and tcpdump is insufficient to do the following jobs:
>
> 1. figure out where this bad email is coming from
> 2. block port 25 outbound at my firewall except from
> the ONE machine authorized to send email.
>
> I am willing to PAY for help with this.
>
> Email me if you think you can help and would like to try.
>
> Thanks,
> Bill Dudley
>
> This email is free of malware because I run Linux.
--
Dave Shevett
shevett at pobox.com
More information about the vcf-midatlantic
mailing list