simondsmason wrote:I have 4 machines in my home network sharing the same IP address. I have scanned all of them to see if they are doing anything they shouldn't be - using usual malware scanners, etc. So far I have found nothing. What can I do to find out where this is coming from? CBL simply has not responded to me so I don't even know what evidence they have to support the blacklisting. This is the most frustrating part of this whole thing. They keep blacklisting me, and they won't talk to me!
Log or block all traffic that goes from local network to remote tcp 25 port. Only your email server should be able to contact other email servers. If you block smtp traffic of other machines, it reduces number of RBL issues because those machines can send email only through your server and you will notice non-standard email activity.
Watch email queue of your email server. In SOHO mail servers queue size is very small and any spam activity increases number of queued messages. Please note that you can't use queue to detect spam, if you forward all your outgoing emails to ISP's server.
Check logs for any non standard email activity. Sudden increases of email queue size. Spikes in number of processed emails. Emails with lots of recipients. Emails that you haven't send. SMTP authentication from unknown remote addresses.