How to find spambot? Got network abuse report from my ISP

Gertjan

I guess you can remove (or disable or make it log only) this LAN firewall rule that blocks mail server ports.
Scarp that ASUS board - or make that IPMI brain-dead.

MrGlasspoole

@Gertjan as i wrote: that jumper did deactivate IPMI.

stephenw10

I would also consider reinstalling pfSense to be sure. Anyone with access to the BMC would have had full access to the system including console access. They could have installed anything really.

It would be interesting to know what they did there have the controller send email. I suspect they were just relaying it somehow. It was probably entirely automated based on knowing there are a lot of misconfigured BMC devices connected directly to WAN like that. As such I doubt any real person connected to do anything specific but....

Steve

MrGlasspoole

Yes i guess there are bots scanning for that IPMI thing.

But i can use my backup (settings) if i make a fresh pfSense install?

stephenw10

Yes, you should be able to. I would read through it though. Better to be sure.

Steve