First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Spamhaus Blacklist - CSS XBL

  • retag add tags

Good morning

I am not a network expert by any means but really need some help. Our IP Address has been added to the Spamhaus Project blacklist. Please see results below;

XX.XXX.XX.XXX is listed in the CSS

A device (computer, server, mobile phone, etc), or an app on a device that is using your IP address is infected, insecure or compromised. It is making SMTP connections with forged HELO values on port 25. We very strongly advise securing your router/firewall to deny any outbound packets on port 25, except those coming from any email servers (if any) on your local network. Remote sending of email to servers on the Internet will still work if web-based, or configured properly using port 587 with SMTP-AUTH

XX.XXX.XX.XXX is listed in the XBL

A device (computer, server, mobile phone, etc), or an app on a device that is using your IP address is infected, insecure or compromised. It is making SMTP connections with forged HELO values on port 25.

The observed forged HELO value was ..

I have spoken with my ISP but they are not able to set our router to deny outbound traffic on port 25. I therefore need to establish which device is sending these spam messages via port 25.

Any help would be greatly appreciated!!

Downham's avatar
1
Downham
asked 2021-02-01 10:51:04 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Run tcpdump on your router.

hugo.vanderkooij's avatar
76
hugo.vanderkooij
answered 2021-02-01 11:02:07 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Hi Hugo. Many thanks. So my set-up at home is purely a BT Business Hub sending WiFi around the house. We are all connected to that via our laptops, phones etc. Can you explain to a layman if possible how I go about doing that please, if you have the time?

Downham's avatar Downham (2021-02-01 11:08:43 +0000) edit
more
  • delete

Unfortunately the BT hubs are extremely "dumbed down" consumer devices that don't allow you to conduct the necessary investigation.

Your options are:

  • Replace the BT Hub with a better device that can carry out packet captures.
  • Add a WiFi access point connected to the BT hub that can carry out packet captures and connect all your devices to the new AP (wired and wireless).
grahamb's avatar grahamb (2021-02-01 12:33:06 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer