On 2024-04-18, Sebastian Arcus via Exim-users <exim-users@???> wrote:
> This is slightly off-topic, but if anyone could shed some light, it
> would be very much appreciated. A few days ago I started having issues
> with the public IP address of one network I look after ending up on the
> Spamhaus XBL and CSS blacklists. I have taken good hard look at the
> setup and applied to be delisted twice, but it is blacklisted again - so
> I must be missing something. The following applies to this site:
look at the timestamp of the spamhause listing, check exim logs for any
intersting log lines shortly after that. spamhause creates the listing
before replying "250" so their event will show a few seconds earlier
than the delivery to spamhaus.
Sometimes an RBL operator gets control of an abandonned domain
(legitimately) and suddenly historic email addresses are now
spamtraps.
> Does anybody here have some experience with Spamhaus blacklists? Am I
> barking up the wrong tree, and should I cast the net wider, and look for
> any type of infection which scans any other ports on the internet
no, it's always port 25. most of that text is for people who have
workstations connected directly to the internet.
--
Jasen.
🇺🇦 Слава Україні
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
