Webfoundry
Verified User
The host of my VPN sent me a warning the have received a report of malicious activity originating from my VPS.
After examining the exim mainlog, I found the origin :
2019-06-30 17:29:09 1hhRXi-0003bF-PW == [email protected] <[email protected]> R=lookuphost T=remote_smtp defer (-19) H=littleitalytours.it [185.81.2.195]: Malformed SMTP reply in response to HELO server.webfoundry-hosting.be: 550 5.7.1 Your IP (xxx.xxx.xxx.xxx) is on the BitNinja server security greylist. This means that we experienced malicious attacks coming from your IP and placed it on our greylist due to security reasons. If you have taken the necessary steps to eliminate its source, you can delist this IP. You can only delist this IP a couple of times. It is good idea to warn your service provider about this incident.
So my server is probably sending spam.
Maldetect, spamassassin, clamav and firewall (CFS) are running. Is there something else I can do to prevent this ?
After examining the exim mainlog, I found the origin :
2019-06-30 17:29:09 1hhRXi-0003bF-PW == [email protected] <[email protected]> R=lookuphost T=remote_smtp defer (-19) H=littleitalytours.it [185.81.2.195]: Malformed SMTP reply in response to HELO server.webfoundry-hosting.be: 550 5.7.1 Your IP (xxx.xxx.xxx.xxx) is on the BitNinja server security greylist. This means that we experienced malicious attacks coming from your IP and placed it on our greylist due to security reasons. If you have taken the necessary steps to eliminate its source, you can delist this IP. You can only delist this IP a couple of times. It is good idea to warn your service provider about this incident.
So my server is probably sending spam.
Maldetect, spamassassin, clamav and firewall (CFS) are running. Is there something else I can do to prevent this ?