So…about 3 months I had a chicken chinnese ddos trojan virus on my MIAB, I have reinstalled whole VM and reinstall. I closed up ssh and make stronger password. No problem until about 2 month back with CSS Blocklist (CSS). I have made a new subnet on my pfsense, just for MIAB and blocked any device from other subnets. DHCP is off and only static ip, 192.168.70.3, so MAIB cant talk to any other device and any other device cant talk to MAIB. I have blocked mail ports for any other subnet. Changed password of all mailboxes, everything google/chat gpt told me and I had silence for about 2 weeks and then again and again 10 days later. I have googled and googled, no solution found, I am out of ideas. Its frustrating. So now I am here for help and I hope someone could help me.
some info about my setup:
IPS: 1 dynamic and static IP, dynamic is for PCs, ps4, etc
static is for mail server, game servers, websites, etc
so mail server is on VM on proxmox, subnets are separeted via vlans. I am hosting MC servers, websites etc on that static ip.
Mail server is at 192.168.70.3 and all mail ports are port forward via pfsense, which is my main router.
So all my game server, websites etc are hosted at subnet 192.168.69.0 (at static ip), and cant talk to MAIB, same as my subnet for home PCs 192.168.1.0 (dynamic ip).
Yes I am hosting my mail server at home!
I will add some screenshots.
I am out of ideas…Because I cant find from where are coming that helo values.
If needed I can give here my static ip, as is not that hard to find (thekingziga.com).
I can upload logs anything, from MAIB, PFsense…just tell what need.
can theoritically infected device from 192.168.1.0 still sent that malware mails?
thanks for any help!
