Restricted outbound email traffic

What Happened?

We've temporarily restricted outbound email (SMTP) traffic on port 25 from your Internet connection by placing you into Quarantine. This is because our monitoring systems detected an unusually high volume of unauthenticated email being sent, which is often a sign of a malware infection. This is a protective measure to prevent potential issues and ensure the security of your network and ours.

Don't worry – your regular email through Webmail and email apps (when correctly configured) will continue to work normally.

What Is SMTP Port 25?

SMTP (Simple Mail Transfer Protocol) port 25 is the method that email servers use to talk to each other directly. Most home users and businesses don't need this port because:

• Webmail (like Gmail, Outlook.com, Yahoo Mail) doesn't use SMTP from your local network at all.
• Email programs (like Outlook, Thunderbird, Apple Mail) use different ports (587 or 465).

• Email apps on phones use the same secure ports (587 or 465).

   

For more information about SMTP and email ports, see:

• Cloudflare's explanation of SMTP
• Microsoft's guide to email ports
   

Common Causes

Here are the most common reasons for high port 25 traffic:

1. Modified Amazon Firestick
   The most common device we see causing problems is an Amazon Firestick that has been modified or had apps side-loaded to stream premium content for free. These apps often come bundled with viruses and malware. Some of that malware can be used to send large amounts of spam email from your network.
   See Be Stream Wise for more information.

    

2. Another Malware or Virus Infection
   A computer or device on your network may be infected with malware that's trying to send spam emails without your knowledge. 

    

3. Misconfigured Email Program
   An email client (like Outlook or Thunderbird) might be incorrectly configured to use port 25 instead of the proper port 587.

    

4. Running an Email Server
   You may have software running that operates as an email server (requires a static IP from FibreNest – see below).

    

5. Network-Attached Storage (NAS) or Smart Home Device
   Devices like Synology NAS, security cameras, or smart home hubs might be configured to send email notifications using port 25.
    
6. Compromised IoT Devices
   Internet of Things devices with default or weak passwords may have been compromised. These can include: smart plugs, doorbells, cameras, TVs, fridges, thermostats etc that are connected to the Internet.

How to Identify the Problem Device
Follow these steps to find which device on your network is responsible:
 

Step 1: List Your Devices
Make a list of all devices connected to your Internet:
    * Computers (Windows, Mac, Linux).
    * Phones and tablets.
    * Network storage devices (NAS).
    * Smart home / IoT devices (cameras, doorbells, thermostats).
    * Printers with email features.
    * Game consoles. 
    * Any other internet-connected devices.

Step 2: Check Your Router's Connected Devices
Most routers show you which devices are connected. Follow the instructions for your specific router model:
 

For Adtran 841-t6 Routers (with Plume)
Your router is managed through the Homepass app:
    1.    Open the HomePass app on your phone or tablet.
    2.    Tap on the Network icon at the bottom.
    3.    Click on Devices.
    4.    Tap on any device to see more details including:
                  * Device name.
                  * Connection type (Wi-Fi or Wired).
                  * Time online.
                  * Data usage.

    5. Look for unfamiliar devices or devices using unusually high amounts of upload data.
    6. Look for reports in the Activity (Security) section.
    7. You can pause or block suspicious devices using the Timeout option.
 

For Linksys Velop WHW03HB Routers
Your router is managed through the Linksys app or via the web interface:
App
    1.    Open the Linksys app on your phone or tablet.
    2.    Tap the menu icon (three lines) in the top-left corner.
    3.    Select Device List or Devices.
    4.    You'll see all connected devices organised by connection type.
    5.    Tap on any device to see:
                  * Device name.
                  * IP address.
                  * MAC address.
                  * Connection status.
    6.    Note any unfamiliar devices.

Web Interface
    1.    Open a web browser and go to <http://192.168.1.1> 
    2.    Log in with your router password.
    3.    Click on Device List or Connectivity.
    4.    Review all connected devices.

For a Router You Manage
    1.    Open your web browser.
    2.    Type your router's address (usually 192.168.1.1 or 192.168.0.1).
    3.    Log in with your router credentials.
    4.    Look for "Connected Devices," "Device List," or "DHCP Clients".
    5.    Note any unfamiliar devices.
 

Step 3: Investigate Each Device
If there is any device showing as connected that you don’t know what it is, disconnect it.
For the remaining devices (if you haven’t identified a clear suspect device in steps 1 +2), check the following:

Amazon Firesticks & other Streaming Sticks:
Unofficial apps that provide free access to paid for content often come bundled with viruses and malware. If you have installed any of these apps then this is likely the problem.
    1.    Factory reset the Firestick / Streaming Stick.
    2.    Only install official apps.
    3.    Check other hosts on your network. It is possible the Firestick has been used as a jumping off point to            infect other machines on your network.
 

Windows Computers:
    1.    Run a full antivirus scan using Windows Security or your antivirus software.
Windows antivirus guides:
    * Microsoft's guide to Windows Security
    * How to run a virus scan
 

Mac Computers:
    1.    Apple's Mac security guide

Email Programs:
If you use Outlook, Thunderbird, or another email client:
    1.    Open your email program.
    2.    Go to Account Settings.
    3.    Check the Outgoing Server (SMTP) settings.
    4.    Correct settings should be:
                * Port: 587 (or 465 for SSL).
                * Encryption: TLS or SSL.
                * Authentication: Enabled.
Email configuration guides:
    * Outlook SMTP settings
    * Thunderbird SMTP settings

NAS and Smart Devices:
    1.    Log into your device's web interface or app.
    2.    Look for Notifications, Email Settings, or SMTP Settings.
    3.    If configured to send emails, update to use:

• Port 587 with your email provider's SMTP server.
• Or disable email notifications if not needed.
  
  Common NAS guides:
      * Synology email notification setup
   

Step 4: Disconnect and Test
If you find a suspicious device:
    1.    Disconnect it from your network.
    2.    Wait a few days.
    3.    Contact us to check if the issue has stopped.

Solutions Based on Your Situation
If You Found Malware:
    1.    Run a complete antivirus scan and remove any threats.
    2.    Update your operating system and all software.
    3.    Change passwords for important accounts.
    4.    Once your network is free of SMTP/25 traffic for 5 days, you will be automatically removed from Quarantine.
Malware removal resources:

* Microsoft Safety Scanner
* Malwarebytes

If Your Email Was Misconfigured:
    1.    Update your email client to use port 587.
    2.    Enable authentication (username/password).
    3.    Enable TLS/SSL encryption.
    4.    Contact us after making changes to request unblocking.
 

If You're Running an Email Server:
If you're operating a legitimate email server for your business, you'll need:

• A Static IP address from us.
• SPF, DKIM, and DMARC records configured. (We don't require this but for email to reach all of the intended recipients you will need this in place.)

If You Have Smart Devices Sending Notifications:
    1.    Reconfigure them to use port 587 with your email provider.
    2.    Or use the device manufacturer's notification service instead.
    3.    Ensure devices have strong, unique passwords.

If You Can't Find the Cause:
    1.    Consider resetting your router to factory settings (back up your settings first).
    2.    Change your Wi-Fi password to ensure no unauthorised devices are connected.
    3.    Rule out all of your devices one by one by disconnecting them, waiting a few days and asking us if the            spam has stopped
    4.    If you are an advanced user, consider adding firewall rules to your router that log port 25 traffic. This              will quickly show you which devices on your network are to blame.

How to Prevent This in the Future
✓ Keep all devices updated with the latest software.  

✓ Use strong, unique passwords for all devices .


✓ Install and maintain antivirus software.  

✓ Configure email programs to use port 587 (not port 25).  

✓ Only install software from trusted sources.  

✓ Regularly review connected devices on your network. 

Password and security guides:
       * Creating strong passwords
       * CISA's cybersecurity tips

Once the issue is resolved, after 5 days of your network being SMTP port 25 free, our automated systems will remove you from Quarantine.

Additional Resources
       *  Cyber security advice for you & your family 
       *  StaySafeOnline.org