Here's the boilerplate for this listing; it appears to be an overreaction on our detectors' part to your unusual choice of hostname; generally, and very commonly in zombie / botnet infections, the use of 'oemcomputer' in an SMTP HELO is an indication that we're dealing with a trojan or virus. I've whitelisted the IP for 7 days while I investigate, but you really might want to consider a name less suggestive of what millions of Windows users simply leave their computers named after they buy them; you're giving a very bad impression by your use of that as a name... Boilerplate follows: The IP 195.49.138.41 was detected most recently at: 2007:10:24 ~12:00 UTC+/- 15 minutes (approximately 15 hours, 15 minutes ago) sending email in such a way as to strongly indicate that the IP itself was operating an open http or socks proxy, or a trojan spam package. You will need to examine the machine for a spam trojan or open proxy. Up-to-date anti-virus tools are essential. If the IP is a NAT firewall, we strongly recommend configuring the firewall to prevent machines on your network connecting to the Internet on port 25, except for machines that are supposed to be mail servers. Note: 195.49.138.41 appeared to be suspicious because it was using the following name to identify itself during email connections (port 25) via the HELO/EHLO smtp commands: oemcomputer.oerks.de Which is: - an illegal name according to the RFC2821 SMTP mail protocol standards. RFC2821 requires that the machines claim names that are a fully qualified domain names or IP addresses enclosed in square brackets, and/or - a name or pattern used very heavily by professional spammers via compromised machines. You will need to investigate whether your mail server was indeed doing it, and fix it, or, find and fix the infection. Note: if you're using MailEnable, and the name above looked like your IP address with "-" instead of ".", please see this link: http://cbl.abuseat.org/mailenablehelp.html Note: if you're using sendmail, and the name above looks like: ;; connection timed out; no servers could be reached this appears to be a sendmail/linux bug, see: https://bugs.launchpad.net/ubuntu/+source/sendmail/+bug/99459 Commenting out the "Dj" line in sendmail.cf and restarting sendmail seems to be sufficient to make this problem go away, but reconfiguring sendmail will likely cause this to happen again. Note: If you're using Exchange 2003: "open the properties for your SMTP virtual server > Delivery > Advanced, and set the name you want to use in the fully-qualified domain name field." http://www.msexchange.org/tutorials/Configuring-SMTP-Connector.html http://support.microsoft.com/kb/265293 Useful links: http://www.ftc.gov/secureyourserver/ http://spamlinks.net (see "Securing your System" and "proxies") http://www.fr2.cyberabuse.org/?page=abuse-proxy For more information on securing NAT firewalls/gateways, please see http://cbl.abuseat.org/nat.html I've removed the entry from the list. It may take a few hours to propogate to the public nameservers. WARNING: the CBL WILL relist this IP if the underlying issues are not resolved, and the CBL detects the same thing again.