I encountered a really stange problem, a fews days ago we got banned from our smtp relay for sending spam email. Altough our network is rather secure I suspected first a virus in our network. Since I couldn’t find anything I installed a smtp receiver on an outside machine and configured my peplink to redirect port 25 traffic to that machine. I was indeed receiving a dozen chinese spams per minute. After spending a full day screening my network I ended my day with a complete shutdown of our infrastructure. I even disconneted the lan ports of my peplink and the mails kept being sent to my debug smtp receiver originating from my two wans IP.
If I would disconnect one Wan the problem immediately stopped.
After upgrading the firmware, changing the password, disabling incoming port 25 formwarding and reconfiguring the smtp service forwarding the problem stopped.
Has anybody an idea of what could have caused that ?
Would like to know what was the resolution of this, because we’re having the same problem with our Peplink 310. ISP shut us down today for the 3rd time in the past 30 days. They blocked port 25 from our IP. I did open a ticket for this the 1st time it happen and today for the same reason. even with updated firmware 5.3.12 build 1559.
Here’s is what I sent in:
Ok, we had this problem about 1 month ago and I contact Peplink via telephone due that our ISP shut us down because our Peplink 310 was sending out e-mail like crazy every few seconds. We took the Peplink 310 LAN connection off to our main switch so it would be all by itself and talking to the ISP at the same time and still it was spamming them with e-mails. So we default to the factory settings of the unit and the ISP told us that they didn’t see anymore spam coming from our IP address. Then 3 days ago, they shut us down again with the same problem, but this time we turned off SMTP Forwarding an the problem stop, but we need to have that feature on for us to use the unit with the 2 WAN. We went on to your website to verify if there was a new firmware and you had one. The release notes said something about the SMTP Forwarding problem and thinking it was the same thing we had in the past. We updated the firmware to the latest and re-configure everything from default settings just in case and activated the SMTP Forwarding. Guess what? ISP shut us down again today, well blocking port 25 for us to use. The report attach to this was on the day that the ISP told us that we were spamming them, this report was not taken with the new firmware that we have now, but still, spam is coming out of it. Here’s the IP that the Peplink is connected to 209.195.127.2 via PPPOE connection DSL. If you need to access it, let me know and we’ll go from there.