On 18/04/2024 13:06, Graeme Fowler wrote:
On 18 Apr 2024, at 12:17, Sebastian Arcus <s.ar...@open-t.co.uk> wrote:
That is really useful information - thank you. I'm actually not overly worried
about revealing the IP address - I guess it is a public IP anyway. If anybody
can take a look at let me know - that would be much appreciated. The IP in
question is 51.155.244.89
You replied to me and not the mailing list, but anyway -
Sorry - and thank you for getting back to me
if you go to https://check.spamhaus.org/listed/?searchterm=51.155.244.89
and expand ‘show details’ it explains a lot more.
I have been through that a number of time. It is useful information, but
fairly wide ranging. I've already checked everything I could based on
the info above. I was trying to narrow things down a bit.
You can also see a reputation score here:
https://talosintelligence.com/reputation_center/lookup?search=51.155.244.89
Something behind that router is infested with some form of malware. Given the
HELO name, if you’re providing internet access to the home’s clients, good luck
finding it!
The mention of HELO is what threw me off - and I kept on thinking that
it's not possible, as port 25 is blocked. But I completely missed the
point that even authenticated connections on 587 will use HELo - I
think? So 587/465 could be possibilities. I don't really have qualms
with completely blocking outbound 587/465 if needed - they are mainly
still open because it's the first time I've dealt with issues being
caused by them being open - and I like to try and provide functionality
for users up to the point when it is starting to cause problems.
Thank you again
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
