Hello all,
Since yesterday, I’m not able to send email report from XenOrchestra anymore, this what I get in the logs:
Code: -32000
Message: Can’t send mail - all recipients were rejected: 550 5.7.1 Service unavailable, Client host [MY_IP_ADDRESS] blocked using Spamhaus. To request removal from this list see https://www.spamhaus.org/query/ip/MY_IP_ADDRESS AS(XXX) [AM1PEPF000252DD.eurprd07.prod.outlook.com 2025-03-19T14:35:56.647Z 08DD65841610DA38]
I tried sending email with the same parameters from a different computer, I got the same error log.
First of all, is that Spamhaus service legit?
I’m using direct SMTP send on port 25 through Microsoft 365 (see here for details).
This is the easiest way I found to send email to our domain without creating a specific user.
If I go to the Spamhaus website following the link in the log, it says:
MY_IP_ADDRESS has been classified as part of a third-party proxy network. There is a type of malware using this IP that installs a third-party proxy that could be used for nearly anything, including sending spam or stealing customer data.
The proxy is installed on a device - usually an Android phone, firestick, smart doorbell, etc, but can be anything that has software on it - that is using your IP to send spam DIRECTLY to the internet via SMTP port 25: This is very often the result of third party “free” apps like VPNs, channel unlockers, streaming, task bar modifiers, etc.
I then tried to monitor what’s going out of our pfSense gateway by adding a specific rule for port 25 on all LAN/Guest/VLANs interfaces, with Log packets that are handled by this rule option activated. This rule is just before the rule letting the interfaces accessing the internet.
If I send an email through SMTP on port 25, I can now see it in the firewall logs by filtering on destination port 25.
The trouble is that after a few minutes, it disappears from the logs, even tough the log rotation size has been increasead to 50 GB and is actually only using 38 MB.
I’m not good at monitoring traffic, are they better way to do this?
Any suggestions would be welcome.
Many thanks