Dnia 19.04.2024 o godz. 14:25:49 Grant Taylor via mailop pisze:
>
> I wonder if TCP connections were being fully established. Is there
> a chance that someone was spoofing your IP?
I was also thinking this.
> Could he produce packet captures for you to analyze?
Sadly no.
> Is there a possibil
On 4/19/24 8:31 AM, Jaroslaw Rafa via mailop wrote:
I started to monitor all outgoing traffic from my server towards his
IP address with tcpdump, then I put up firewall rules that blocked
(with logging) all outgoing traffic to his IP other than to port
25. Obviously no packets were going out of
Dnia 19.04.2024 o godz. 10:47:56 Sebastian Arcus via mailop pisze:
> In a sense I haven't managed to make further progress with this.
> Spamhaus have been very vague about the problem - which to some
> extent I understand as they don't want the bad guys to exploit their
> systems. But at the same t
Sebastian Arcus via mailop wrote:-
>> Michael's suggestion of checking for compromise of CPE (routers etc) is
>> also well worth pursuing.
>
>I have though about that as well. The only possibility that I can come
>up with is the Fritzbox VDSL modem/router sitting in front of the Linux
>gateway/f
On 2024-04-19 at 07:21:47 UTC-0400 (Fri, 19 Apr 2024 12:21:47 +0100)
Sebastian Arcus via mailop
is rumored to have said:
On 18/04/2024 14:05, Marco Moock via mailop wrote:
Am 18.04.2024 schrieb Bill Cole via mailop :
I can't say that Spamhaus lists IPs that engage in the abusive
practice of
On 18/04/2024 19:14, Matthew Richardson via mailop wrote:
Sebastian Arcus via mailop wrote:-
In that case I think I am back to square one. If an infected device
connecting to 587/465 to various servers on the internet, from our
network, to try and guess passwords/break into accounts wouldn't h
Am 19.04.2024 um 12:21:47 Uhr schrieb Sebastian Arcus via mailop:
> I would have to look further into this, but I was under the
> impression that Exim uses the VRFY command for callout verification?
Most sites have disabled that, and implementations of Exim are known
that use RCPT TO. Stop using
Sorry - I have included in an earlier reply after being prompted by
another member - but I guess it can got lost with all the replies in
this thread. And it doesn't have anything to do with the Contabo address
my emails are coming from - it's on a different provider/subnet. The IP
is 51.155.244
On 18/04/2024 14:05, Marco Moock via mailop wrote:
Am 18.04.2024 schrieb Bill Cole via mailop :
I can't say that Spamhaus lists IPs that engage in the abusive
practice of remote sender verification but I would be happy to hear
that they are doing so and CSS+XBL listing is a reasonable expressio
On 18/04/2024 14:20, Slavko via mailop wrote:
Dňa 18. apríla 2024 11:22:10 UTC používateľ Sebastian Arcus via mailop
napísal:
However, if keeping outbound port 587 open turns out to be causing real
headaches, I could take a look at revising the existing approach.
IMO, one don't need to blo
On 18/04/2024 14:21, Marco Moock wrote:
Am 18.04.2024 schrieb Sebastian Arcus via mailop :
On 18/04/2024 13:44, Marco Moock via mailop wrote:
Am 18.04.2024 schrieb Sebastian Arcus via mailop
:
The mention of HELO is what threw me off - and I kept on thinking
that it's not possible, as port 25
Sebastian Arcus via mailop wrote:-
>In that case I think I am back to square one. If an infected device
>connecting to 587/465 to various servers on the internet, from our
>network, to try and guess passwords/break into accounts wouldn't have
>used the FQDN of our public IP as HELO - then that
On 2024-04-18 06:01, Sebastian Arcus via mailop wrote:
In that case I think I am back to square one. If an infected device
connecting to 587/465 to various servers on the internet, from our
network, to try and guess passwords/break into accounts wouldn't have
used the FQDN of our public IP as H
It's REALLY hard to give you good advice, if you don't include the
actual IP Address that is listed..
However, if it is the same email server you sent from, it's on Contabo
which has it's own problems with reputation.. And I don't think they
really care to help the innocent operators on their
Dňa 18. apríla 2024 11:22:10 UTC používateľ Sebastian Arcus via mailop
napísal:
>However, if keeping outbound port 587 open turns out to be causing real
>headaches, I could take a look at revising the existing approach.
IMO, one don't need to block 465 port (or 587) from inside LAN, as
it is n
Am 18.04.2024 schrieb Sebastian Arcus via mailop :
> On 18/04/2024 13:44, Marco Moock via mailop wrote:
> > Am 18.04.2024 schrieb Sebastian Arcus via mailop
> > :
> >> The mention of HELO is what threw me off - and I kept on thinking
> >> that it's not possible, as port 25 is blocked. But I compl
Am 18.04.2024 schrieb Bill Cole via mailop :
> I can't say that Spamhaus lists IPs that engage in the abusive
> practice of remote sender verification but I would be happy to hear
> that they are doing so and CSS+XBL listing is a reasonable expression
> of that sort of world-hostile behavior.
If
On 18/04/2024 13:44, Marco Moock via mailop wrote:
Am 18.04.2024 schrieb Sebastian Arcus via mailop :
The mention of HELO is what threw me off - and I kept on thinking
that it's not possible, as port 25 is blocked. But I completely
missed the point that even authenticated connections on 587 wil
I can't say that Spamhaus lists IPs that engage in the abusive practice
of remote sender verification but I would be happy to hear that they are
doing so and CSS+XBL listing is a reasonable expression of that sort of
world-hostile behavior.
(I saw your Exim-Users discussion)
On 2024-04-18 at
Am 18.04.2024 schrieb Sebastian Arcus via mailop :
> The mention of HELO is what threw me off - and I kept on thinking
> that it's not possible, as port 25 is blocked. But I completely
> missed the point that even authenticated connections on 587 will use
> HELo - I think?
They require auth, so t
On 2024-04-18 at 07:18:46 UTC-0400 (Thu, 18 Apr 2024 13:18:46 +0200)
Matus UHLAR - fantomas via mailop
is rumored to have said:
If you have more than one IP for your network, I recommend use
separate IP to translate connections from/to your mailserver.
+1
+1000
Don't make your mail server in
On 18/04/2024 13:06, Graeme Fowler wrote:
On 18 Apr 2024, at 12:17, Sebastian Arcus wrote:
That is really useful information - thank you. I'm actually not overly worried
about revealing the IP address - I guess it is a public IP anyway. If anybody
can take a look at let me know - that woul
On 18.04.24 12:22, Sebastian Arcus via mailop wrote:
I am not blocking outbound 587. I usually take the view that some user
devices - such as smartphones - could be configured to retrieve and
send email for their personal email accounts - and need to talk to
other email hosting providers. My se
On 18/04/2024 12:46, Marco Moock wrote:
Am 18.04.2024 schrieb Sebastian Arcus via mailop :
However, if keeping outbound port 587 open turns out to be causing
real headaches, I could take a look at revising the existing approach.
If that is an issue, they should inform your ISP about the abus
On 18/04/2024 12:18, Matus UHLAR - fantomas via mailop wrote:
On 18.04.24 11:52, Sebastian Arcus via mailop wrote:
I hope this is within the allowable topics for this list. I tried
searching the archives, but haven't found an answer for the issue
below yet. If anyone could shed some light, it
Am 18.04.2024 schrieb Sebastian Arcus via mailop :
> However, if keeping outbound port 587 open turns out to be causing
> real headaches, I could take a look at revising the existing approach.
If that is an issue, they should inform your ISP about the abuse and
that should forward that to you, so
On 18.04.24 11:52, Sebastian Arcus via mailop wrote:
I hope this is within the allowable topics for this list. I tried
searching the archives, but haven't found an answer for the issue
below yet. If anyone could shed some light, it would be very much
appreciated.
A few days ago I started havi
I am not blocking outbound 587. I usually take the view that some user
devices - such as smartphones - could be configured to retrieve and send
email for their personal email accounts - and need to talk to other
email hosting providers. My setups are fairly small, and a certain level
of flexibi
On 18/04/2024 12:03, Marco Moock wrote:
Am 18.04.2024 schrieb Sebastian Arcus via mailop :
A few days ago I started having issues with the public IPv4 address
of one network I look after ending up on the Spamhaus XBL and CSS
blacklists.
https://www.spamhaus.org/blocklists/exploits-blocklist/
Am 18.04.2024 schrieb Sebastian Arcus via mailop :
> A few days ago I started having issues with the public IPv4 address
> of one network I look after ending up on the Spamhaus XBL and CSS
> blacklists.
https://www.spamhaus.org/blocklists/exploits-blocklist/
Listings there are not related to SM
Are you also blocking outbound connections on port 587?
On Thu, 18 Apr 2024 at 13:57, Sebastian Arcus via mailop
wrote:
>
> I hope this is within the allowable topics for this list. I tried
> searching the archives, but haven't found an answer for the issue below
> yet. If anyone could shed some
I hope this is within the allowable topics for this list. I tried
searching the archives, but haven't found an answer for the issue below
yet. If anyone could shed some light, it would be very much appreciated.
A few days ago I started having issues with the public IPv4 address of
one network
32 matches
Mail list logo