Spamhaus blacklisted my MailEnable Server

[michahwee]

I have configured my MailEnable Server (on Windows 2022) by following the recommendations on KB ME020727 Best practices for securing MailEnable services.
i have only 3 mailboxes created and passwords are set to 12 characters with complexity. Somehow Spamhaus still blacklist my MailEnable IP. i have gone through all the mail logs and i dont see any suspicious activities.
Going through my firewall logs, i don't see any abnormal outbound connections as well.

Where else can i check? if there any tools i can use to further lockdown my mail server?

[Admin]

What blacklist from Spamhaus are you on? It is an existing listing? You can use https://check.spamhaus.org/ to check your IP. You generally have to send a number of unsolicited emailsbefore Spamhaus will list you. You can also check https://www.mailenable.com/kb/content/article.asp?ID=ME020339 for help if someone has guessed a password on your server.

[michahwee]

My mail server was on Spamhaus Zen. managed to delist. They don't give any detail on why it was listed. everyday i go through the smtp logs to extract those suspicious IPs and block them on my firewall. Ran out of options to further lockdown my server. Am thinking of doing OS hardening. Not sure if that helps.
I have gone through the logs. The MailEnable is doing its job by stopping unauthenticated relays.

*** debug log ***
09/11/23 23:03:03 ME-I0135: Authenticating User:ripley using Authentication Provider Credentials failed (unknown user or invalid password)
09/11/23 23:03:04 ME-I0074: [1640] (Debug) End of conversation
09/11/23 23:07:44 ME-I0135: Authenticating User:backup using Authentication Provider Credentials failed (unknown user or invalid password)
09/11/23 23:07:44 ME-I0074: [1536] (Debug) End of conversation
09/11/23 23:12:50 ME-E0109: [1704] Relay Denied: Failed to meet all relay criteria. Attempt to relay to [SMTP:xzkbtrmfh9cb169o@mydomain] was denied for requesting IP address 191.36.147.184
09/11/23 23:12:50 ME-E0109: [1704] Relay Denied: Failed to meet all relay criteria. Attempt to relay to [SMTP:yxz@mydomain] was denied for requesting IP address 191.36.147.184
09/11/23 23:12:50 ME-E0109: [1704] Relay Denied: Failed to meet all relay criteria. Attempt to relay to [SMTP:kwi@mydomain] was denied for requesting IP address 191.36.147.184

*** W3C log ***
2023-09-12 02:28:16 171.212.103.245 SMTP-IN - 192.168.98.8 1768 EHLO EHLO+[171.212.103.245] 250-mydomain+[171.212.103.245],+this+server+offers+5+extensions PTCMAIL 241 24 -
2023-09-12 02:28:17 171.212.103.245 SMTP-IN - 192.168.98.8 1768 MAIL MAIL+FROM:<eelrtixullp6@abeon.ru> 250+Requested+mail+action+okay,+completed PTCMAIL 43 35 -
2023-09-12 02:28:19 171.212.103.245 SMTP-IN - 192.168.98.8 1768 RCPT RCPT+TO:<dy2x14w5ku8yi3q@mydomain> 503+This+mail+server+requires+authentication+when+attempting+to+send+to+a+non-local+e-mail+address.+Please+check+your+mail+client+settings+or+contact+your+administrator+to+verify+that+the+domain+or+address+is+defined+for+this+server. PTCMAIL 235 3943 -
2023-09-12 02:28:19 171.212.103.245 SMTP-IN - 192.168.98.8 1768 RCPT RCPT+TO:<whd@mydomain> 503+This+mail+server+requires+authentication+when+attempting+to+send+to+a+non-local+e-mail+address.+Please+check+your+mail+client+settings+or+contact+your+administrator+to+verify+that+the+domain+or+address+is+defined+for+this+server. PTCMAIL 235 0 -
2023-09-12 02:28:19 171.212.103.245 SMTP-IN - 192.168.98.8 1768 RCPT RCPT+TO:<cfk@mydomain> 503+This+mail+server+requires+authentication+when+attempting+to+send+to+a+non-local+e-mail+address.+Please+check+your+mail+client+settings+or+contact+your+administrator+to+verify+that+the+domain+or+address+is+defined+for+this+server. PTCMAIL 235 0 -