Welcome Guest! To enable all features please Login or Register.



Go to last post Go to first unread
Offline Lemonde  
#1 Posted : 16 February 2021 12:10:08(UTC)

Rank: Advanced Member

Groups: Registered
Joined: 08/01/2017(UTC)
Posts: 711
United Kingdom
Location: London

Thanks: 19 times
Was thanked: 6 time(s) in 6 post(s)
What is this message to do with is it a virus?

exchange 2007 the observed forged helo value was keqakku.com

Thank you for contacting Spamhaus CSS Removals,

A device (server, computer, mobile phone, etc), or an app on a device
that is using x.x.x.x. is infected, insecure or compromised. It is
making SMTP connections on port 25 with forged values.

(IP, UTC timestamp, forged HELO value)
2021-02-16 08:20:00 keqakku.com
2021-02-09 07:55:00 keqakku.com

The first detection was (UTC)
The last detection was (UTC)

To stop the abuse immediately, close outbound port 25 on the router or
firewall and restrict port 25 access to known email servers. Note: this
will only prevent the abusive connections from leaving your network.
If the problem is (for example) an infected mobile phone, when it moves
to another insecure network, it will resume its activity without restriction.

To find and eliminate the source of the problem, please see the our FAQs:

Is it a client machine spamming from the LAN?

Edited by user 16 February 2021 13:25:33(UTC)  | Reason: Not specified


If you ever wanted to thank us, you can send us Bitcoins using:


or PayPal with This Link

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.

Please leave a review on TrustPilot if you find the site helpful.

Offline andrewt2m  
#2 Posted : 01 March 2021 09:38:15(UTC)

Rank: Member

Groups: Registered
Joined: 21/09/2020(UTC)
Posts: 24
United Kingdom
Location: Reading

Just to say that we blocked SMTP traffic going out except for the email server and scanned all of the PCs.

Didn't find any viruses but the blocking of the SMTP traffic seemed to stop the issue so it could've been a mobile device on the Wi=Fi sending out spam or something...?
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.