Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 39 subscribers
  • Views 1034 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Black listed server

Jesus Campos

Hi,

I have had a web server continuously marked in cbl.abuseat.org blacklist. I can't find which one it is... I know that I can block the port 25, but I would like to know wich one is the spammer....

Any ideias how to find it in logs?

Best regards.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    What is the firmware version on your firewall, and do you use email protection on your firewall? If yes, what is the SMTP deployment mode? 

    I would also suggest you check if SMTP relay is allowed on the WAN zone or not under Administration > Device access. 

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    What is the firmware version on your firewall, and do you use email protection on your firewall? If yes, what is the SMTP deployment mode? 

    I would also suggest you check if SMTP relay is allowed on the WAN zone or not under Administration > Device access. 

    Thanks,

Children
  • 0 in reply to FormerMember

    Hi ,

    The firmaware version is SFOS 18.0.4 MR-4.

    The device acts as a Mail Transfer Agent (MTA).

    I have a Host based relay list. Neither of the hosts are in the WAN zone. Maybe I should disable the SMTP relay in WAN zone, right?

    I think the problem is in one rule that allow outbound traffic to the port 465 and 587 of a list of networks (gmail, microsoft, etc) . I already enabled the checkbox "scan smtp" but still being listed... Some hosts are webservers, maybe one are compromised. 

    Thank you for reply.

Unfiltered HTML