Leider betrifft dieses IP-Problem durch Spamhaus immer mehr Nutzer, da die Provider von IPv4 auf IPv6 umgestellt haben. Dies könnte auch der Grund sein warum dieses Forum immer weniger Nutzer hat.xx.xxx.x.xxx wurde als Teil eines Proxy-Netzwerks klassifiziert.
Dignitas Forennutzer können aufgrund von IPv6 keinen Beitrag hier im Forum verfassen. Dadurch ist nur eine passive Forennutzung möglich (lesen). Beim Versuch einen Beitrag zu Verfassen wird dem Nutzer nur angezeigt dass seine IP für dieses Forum durch Spamhaus gesperrt wurde.
Vor ca. 2 Jahren noch wurde dem Besucher dieses Forums der komplette Zugang zum Forum verwehrt. Damals gab es zur IP Sperre garkeine! Informationen.
Um das Forum aktiv Nutzen zu können muss man seinem Internet Provider drum bitten bei seinen Anschluss den Dual Stack zu aktivieren. Damit ist der Parallelbetrieb von IPv4 und IPv6 mit gemeint.
Die Informationen die Spamhaus einen auf Anfrage zur Entsperrung zur Verfügung stellt ist nicht Zielführend.
Folgenes teilt Spamhaus auf Anfrage den Nutzer mit (Komplette Antwort):
Thank you for contacting Spamhaus CSS Removals,
Please use https://translate.google.com/ for language, if needed.
xx.xxx.x.xxx has been classified as part of a proxy network. There is a type of malware using this IP that installs a third-party proxy that could be used for nearly anything, including sending spam or stealing customer data. This should be of more concern than a Spamhaus listing, which is a symptom and not the problem.
Important: If this IP operates as a mail server, then it should look and behave like a mail server. As it stands, the HELO used appears to be dynamic. This is behaviour commonly observed in malware/proxy networks.
The proxy is installed on a device - usually an Android mobile, firestick, smart doorbell, etc, but also iPads, and Windows computers - that is using your IP to send spam DIRECTLY to the internet via port 25: This is very often the result of third party "free" apps like VPNs, channel unlockers, streaming, etc being installed on someone's personal device, usually a phone.
This is a simple explanation of how this works: https://www.spamhaus.com/resource-cente ... -go-rogue/
Any devices with "free" VPNs, TV streaming, channel unlocking, or 3rd-party apps installed are the first things to check.
------
How to solve this problem depends on whether this IP is static and assigned for business use with an internal mail server or dynamic, for home use. If you are not sure, call your ISP and ask them.
HOME USER: Dynamic Single IP for non-commercial use. There are a number of possibilities:
* It is possible you may have inherited a problem from the IP's previous user. Please check the timestamps provided above. Was this IP yours during the most recent?
* Dynamic IPs are not intended for running mail servers. If that is what you are doing, please find a work-around with your provider. Effective NAT/Firewall configuration will be required.
* In the event that you do not operate your own mail server - which should be most people - then please configure your router to block all access to port 25, and use SMTP AUTH with your provider of choice. Your ISP can help with that, and most router user manuals are available online.
Please call your ISP or IT department for assistance with configuring your router or firewall correctly. You can also find most router configuration manuals online.
-----
If the IP is static, the network has a malware problem. It is very unlikely to be the actual mail server, but it is something that is able to share the same public IP.
Consider the implications of a proxy that is under someone else's control being active on your network: malicious operators control a device that is within your network. To them, spamming is an extra. Your business is their business.
We very strongly recommend securing your firewall to not allow any packets outbound on port 25, except those coming from any email server(s) on your local network. Remote sending of email to servers via the Internet should still work if web-based, or configured properly to use port 587 using SMTP-AUTH. We also suggest securing any guest networks the same way. IMPORTANT: Limiting port 25 stops the connections from leaving your network but does not neutralize the proxy. It needs to be found and removed.
Since we are unable to see through NAT or the Firewall, finding the problem is entirely the responsibility of the IT manager. Logging at the router or firewall to see what is trying to use port 25 should lead to the compromised device(s).
The easier thing to do would be to limit outbound port 25 to mail servers and thus secure your network and stop the listings. You can look for the device(s) afterward.
NOTE: there may be more than one affected device. There also may be more than one issue. Please check all your technical settings, including DNS (forward and reverse) and HELO values. Guest networks also need to be secured.
Our FAQ might be helpful: https://www.spamhaus.org/faq/section/Ha ... e's%20help
Regards,
R e