Hello all, I have an ISPConfig installation on an Ubuntu Server, that I use for web and mail hosting. For the past few days I've been having issues with the server being repeatedly flagged as a spammer source by Spamhaus (CBL). Server_IP is my server's IPv4 address, FQDN is my domain name. Checking with Spamhaus's HELO testing address, I get the correct answer: Now I understand that this behaviour is related to malware/spamware that could be installed on the devices in my network so I started with that. The server is behind a Mikrotik router that handles all NAT and forwarding. I've begun by filtering all traffic that exits the network on port 25 (besides the server generated traffic) and the listings continue. Next I filtered all traffic generated by other services running on my server, other than postfix using: But the listings continue... Is there any chance that the server/ispconfig system is trying to send some email somewhere without properly authenticating first? Any ideas? Thank you
I've found the problem, my Mikrotik router was being used to proxy email all over the place due to a security exploit. Fixed, you can close this thread.
