Spamhaus Blacklist - CSS XBL

asked 2021-02-01 10:51:04 +0000

Good morning

I am not a network expert by any means but really need some help. Our IP Address has been added to the Spamhaus Project blacklist. Please see results below;

XX.XXX.XX.XXX is listed in the CSS

A device (computer, server, mobile phone, etc), or an app on a device that is using your IP address is infected, insecure or compromised. It is making SMTP connections with forged HELO values on port 25. We very strongly advise securing your router/firewall to deny any outbound packets on port 25, except those coming from any email servers (if any) on your local network. Remote sending of email to servers on the Internet will still work if web-based, or configured properly using port 587 with SMTP-AUTH

XX.XXX.XX.XXX is listed in the XBL

A device (computer, server, mobile phone, etc), or an app on a device that is using your IP address is infected, insecure or compromised. It is making SMTP connections with forged HELO values on port 25.

The observed forged HELO value was ..

I have spoken with my ISP but they are not able to set our router to deny outbound traffic on port 25. I therefore need to establish which device is sending these spam messages via port 25.

Any help would be greatly appreciated!!

answered 2021-02-01 11:02:07 +0000

hugo.vanderkooij gravatar image

Run tcpdump on your router.

edit flag offensive delete link more


Hi Hugo. Many thanks. So my set-up at home is purely a BT Business Hub sending WiFi around the house. We are all connected to that via our laptops, phones etc. Can you explain to a layman if possible how I go about doing that please, if you have the time?

Downham gravatar imageDownham ( 2021-02-01 11:08:43 +0000 )edit

Unfortunately the BT hubs are extremely "dumbed down" consumer devices that don't allow you to conduct the necessary investigation.

Your options are:

  • Replace the BT Hub with a better device that can carry out packet captures.
  • Add a WiFi access point connected to the BT hub that can carry out packet captures and connect all your devices to the new AP (wired and wireless).
grahamb gravatar imagegrahamb ( 2021-02-01 12:33:06 +0000 )edit

Asked: 2021-02-01 10:51:04 +0000

Seen: 1,477 times

Last updated: Feb 01 '21