| Posted by: Lemonde - 16 February 2021 12:10:08 |
|---|
| What is this message to do with is it a virus? exchange 2007 the observed forged helo value was keqakku.com Thank you for contacting Spamhaus CSS Removals, A device (server, computer, mobile phone, etc), or an app on a device that is using x.x.x.x. is infected, insecure or compromised. It is making SMTP connections on port 25 with forged values. (IP, UTC timestamp, forged HELO value) 2021-02-16 08:20:00 keqakku.com 2021-02-09 07:55:00 keqakku.com The first detection was (UTC) The last detection was (UTC) To stop the abuse immediately, close outbound port 25 on the router or firewall and restrict port 25 access to known email servers. Note: this will only prevent the abusive connections from leaving your network. If the problem is (for example) an infected mobile phone, when it moves to another insecure network, it will resume its activity without restriction. To find and eliminate the source of the problem, please see the our FAQs: Is it a client machine spamming from the LAN? |
| Posted by: andrewt2m - 01 March 2021 09:38:15 |
|---|
| Just to say that we blocked SMTP traffic going out except for the email server and scanned all of the PCs. Didn't find any viruses but the blocking of the SMTP traffic seemed to stop the issue so it could've been a mobile device on the Wi=Fi sending out spam or something...? |