[vcf-midatlantic] OT: help needed with network problem

William Dudley wfdudley at gmail.com
Mon Mar 28 15:09:58 UTC 2022


Yes, I'm all SPF'd and DMARC'd and checked on mxtoolbox.com and have
been for some years now.  The problem is some machine sending bad
email every 15 days (with sample size of two).

Server is casano.com, IP is 98.109.205.15

Bill Dudley

This email is free of malware because I run Linux.


On Mon, Mar 28, 2022 at 11:08 AM Dave Shevett <shevett at pobox.com> wrote:

> I assume you've done all the appropriate things regarding running a
> safe mail server on the internet?  That means SPF and DMARC records,
> and you've run your MX host through the various mail checkers to see
> if they are all aligned and have a good reputation?
>
> mxtoolbox.com is my go-to when i'm having mail server issues - plug in
> your domain and see what it says.
>
> On Mon, Mar 28, 2022 at 10:25 AM William Dudley via vcf-midatlantic
> <vcf-midatlantic at lists.vcfed.org> wrote:
> >
> > This has naught to do with vintage computers, but I need help,
> > and this audience likely has one or more folks who can help.
> >
> > I run my own mail server; I have for many years.
> > Lately, spamhaus.org has blocked me for ONE suspect
> > email from my network.
> >
> > Here is ALL the bad activity from my IP for the last three months:
> >
> > (IP address, timestamp (UTC), and HELO string)
> > 98.109.205.15 2022-03-28 10:15:00 instructure.com
> > 98.109.205.15 2022-03-15 08:05:00 instructure.com
> > 98.109.205.15 2022-01-21 16:10:00 localhost
> >
> > It's a funny kind of malware that sends two messages 15 days apart.
> >
> > I can't figure out where it's coming from, and my knowledge of
> > iptables and tcpdump is insufficient to do the following jobs:
> >
> > 1. figure out where this bad email is coming from
> > 2. block port 25 outbound at my firewall except from
> > the ONE machine authorized to send email.
> >
> > I am willing to PAY for help with this.
> >
> > Email me if you think you can help and would like to try.
> >
> > Thanks,
> > Bill Dudley
> >
> > This email is free of malware because I run Linux.
>
>
>
> --
> Dave Shevett
> shevett at pobox.com
>


More information about the vcf-midatlantic mailing list