Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

return delivered mail

  • 1 baphendule
  • 0 zinale nkinga
  • 1 view
  • Igcine ukuphendulwa ngu Matt

more options

I try send email using my thunderbird to gmail and other email accounts but I keep having return email please help

I try send email using my thunderbird to gmail and other email accounts but I keep having return email please help
Ama-screenshot ananyekiwe

All Replies (1)

more options

Nothing anyone here can do to help you get the web domain cleared up. You might want to talk to hostmonster as suggested in the link you posted.

If this is a shared server, please call your hosting company or ISP! Why was this IP listed? 122.3.175.206 has been classified as part of a proxy network. There is a type of malware using this IP that installs a proxy that can be used for nearly anything, including sending spam or stealing customer data. This should be of more concern than a Spamhaus listing, which is a symptom and not the problem. The proxy is installed on a device - usually an Android mobile, firestick, smart doorbell, etc, but also iPads, and Windows computers - that is using your IP to send spam DIRECTLY to the internet via port 25: This is very often the result of third party "free" apps like VPNs, channel unlockers, streaming, etc being installed on someone's personal device, usually a phone. Technical information Important: If this IP operates as a mail server, it should look and behave like a mail server. As it stands, the HELO used appears to be dynamic and this may cause confusion as that is behaviour commonly observed in malware/proxy networks. Recent connections: (IP, UTC timestamp, HELO value) 122.3.175.206 2023-09-01 01:05:00 122.3.175.206.pldt.net Important points: The HELOs are often dynamic-looking rDNS and usually claim to be from geographically very different networks OR spoofs of major brands. They can include impossible HELOs like "gmail.com", "outlook.com", "comcast.net" - Gmail, Outlook and Comcast do not use these. These are all fake. If the HELO does not make sense for the IP generating it, it should be looked at closely. There is often more than one compromised device. Guest networks should also be secured. This is a simple explanation of how it can work: https://www.spamhaus.com/resource-center/when-doorbells-go-rogue/ Any devices with "free" VPNs, TV streaming, channel unlocking, or 3rd-party apps installed are the first things to check. What should be done about it? We very strongly recommend securing your firewall to not allow any packets outbound on port 25, except those coming from any email server(s) on your local network. Remote sending of email to servers on the Internet should still work if web-based, or configured properly to use port 587 using SMTP-AUTH. Guest networks should be secured too. After port 25 is outbound is secured, the proxy needs to be found and removed. We can only see what's coming from the NAT (public) IP; anything inside your network is visible only to you. You can start logging at the router or firewall to see what's trying to use port 25 and that should lead you right to the compromised device(s).