Sorry - I have included in an earlier reply after being prompted by
another member - but I guess it can got lost with all the replies in
this thread. And it doesn't have anything to do with the Contabo address
my emails are coming from - it's on a different provider/subnet. The IP
is 51.155.244.89
On 18/04/2024 18:31, Michael Peddemors via mailop wrote:
It's REALLY hard to give you good advice, if you don't include the
actual IP Address that is listed..
However, if it is the same email server you sent from, it's on Contabo
which has it's own problems with reputation.. And I don't think they
really care to help the innocent operators on their networks with
reputation problems..
On 2024-04-18 03:52, Sebastian Arcus via mailop wrote:
I hope this is within the allowable topics for this list. I tried
searching the archives, but haven't found an answer for the issue
below yet. If anyone could shed some light, it would be very much
appreciated.
A few days ago I started having issues with the public IPv4 address of
one network I look after ending up on the Spamhaus XBL and CSS
blacklists. I have taken good hard look at the setup and applied to be
delisted twice, but it is blacklisted again - so I must be missing
something. I read through the Spamhaus docs on their website. The
following applies to this site:
1. Port 25 outbound is completely blocked for the entire network,
except our inhouse email server which uses Exim
2. The inhouse server doesn't do any sort of relaying.
3. The site doesn't do any sort of marketing or mailing list type
activity as far as I know - and the Spamhaus detected connections are
out of working hours - so this being caused by employees sending any
unwanted emails seems unlikely.
4. I have checked the Exim logs, and there is no sign so far it has
been compromised in any way, or it is sending out any unusual email
traffic.
5. This is a low volume site - I would say less than 100 emails sent
per day.
6. Spamhaus provides the date and timestamp of last rogue connection
detected - but there is nothing in our Exim log which matches that
date and time.
7. The information they provided is:
(IP, UTC timestamp, HELO value)
<our.public.ip> 2024-04-18 05:25:00 <our.exim.fqdn.and.helo>
The wording on Spamhaus' website is a bit generic, and seems to hint
that you can end up blacklisted if infected with a variety of other
viruses/exploits, not only those to do with smtp. However, because of
the format of the info above, I was digging in the direction of an
exploit which uses the smtp protocol to spam the internet.
Does anybody here have some experience with Spamhaus blacklists? Am I
barking up the wrong tree, and should I cast the net wider, and look
for any type of infection which scans any other ports on the internet
- not only the type which would be scanning smtp servers on port 25
trying to send spam? In our case that should be technically
impossible, as port 25 outbound is blocked completely on the
gateway/firewall (except for the email server)? Grateful for any hints
- as it would be useful to narrow down a bit what am I looking for.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
