I manage two MaiB servers: A club with about 5 users (RFSC) and my personal server (dBugg). Both are hosted at Linode.
When email is sent from an RFSC account to my dBugg account, it gets rejected:
Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host [<IPv6 address>] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/<IPv6 address>
The error at Spamhaus is:
The machine using this IP is infected with malware that is emitting spam, or is sharing a connection with an infected device.
Why was this IP listed?
A device using 2600:3c03::/64 is infected with malware and is emitting spam.
IP Address 2600:3c03::/64 is making SMTP connections and identifying itself (via the HELO command) using a domain that is not possible: for example, “gmail.com” or “outlook.com”. The providers that own these domains do not ever use them in this way, so this is a sure sign of a problem.
The most recent detection was on August 12 2021, 17:00:00 UTC (+/- 5 minutes).
I check the logs around that time on the RFSC server and didn’t really see any issues. There were a couple of messages that were bound by the RFSC server, but not sent by the RFSC server.
One odd thing: following the Spamhaus link with the IPv6 address shows the address as listed in the XBL. However, substituting the IPv4 address for the same server comes back clean.
From what I have found so far, I don’t see anything on my server to indicate either malware or outgoing spam. Whether the IPv4 vs IPv6 difference is to be expected or not, I am not sure where to begin looking for issues with my server. Any guidance would be appreciated.