I encountered a really stange problem, a fews days ago we got banned from our smtp relay for sending spam email. Altough our network is rather secure I suspected first a virus in our network. Since I couldn’t find anything I installed a smtp receiver on an outside machine and configured my peplink to redirect port 25 traffic to that machine. I was indeed receiving a dozen chinese spams per minute. After spending a full day screening my network I ended my day with a complete shutdown of our infrastructure. I even disconneted the lan ports of my peplink and the mails kept being sent to my debug smtp receiver originating from my two wans IP.
If I would disconnect one Wan the problem immediately stopped.
After upgrading the firmware, changing the password, disabling incoming port 25 formwarding and reconfiguring the smtp service forwarding the problem stopped.
Has anybody an idea of what could have caused that ?
Thanks for any suggestions