Limiting port 25 access is a best practice. Please call your ISP or IT department for assistance with configuring your router or firewall correctly.
Remediation

The device(s) or computer(s) that caused this issue should be found and secured. The following information should address most cases, but please seek professional assistance if it is necessary:

    The cause of this problem is frequently found to be coming from an phone or laptop with "free" VPNs, channel unlockers, streaming type apps installed.
    Programs like Windows Defender, Windows Malicious Software Removal Tool (MSRT), Malwarebytes, Norton Power Eraser, CCleaner and/or McAfee Stinger can help. There is also a version of Malwarebytes for Mac/OSX. These tools are free of charge!
    Update your enterprise anti-virus/anti-malware programs, and run full scans on every device that is available
    If you have a CMS or website, ensure it is up to date. All plug-ins, extensions & patches for it should be updated and maintained
    We can only see what's coming from the NAT (public) IP; anything inside your network is visible only to you. Packet capture is the best way to identify which devices are generating unwanted traffic. In general, only mailservers are supposed to generate traffic to port 25, as mail clients rely on the dedicated ports 587 or 465.
    If this IP address is a NAT gateway, firewall or router: in some cases, the compromised device can also be the router/firewall itself. Please consult the documentation of your device regarding how to make sure its software is up to date, and how to ensure that the device is properly secured.

# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
inet_protocols = all

Well in this case, your mailserver was breached and is sending spam, you should fix it

The most recent detection was on: May 23 2023, 07:40:00 UTC (+/- 5 minutes). The observed HELO values were dushonaghxjf.com, pnoleonorapu.com, razarleenbc.com, olobrynstu.com, ckjohannaugv.com, wgdmadelinerm.com, brrjazmineqds.com, hfodanicaxq.com, mgksimranvg.com, wnsfernga.com, prajaylinnss.com, macjaniyaijt.com, hrlaurenxx.com.

2001:41d0:304:300::/64 is making SMTP connections which indicate that it is potentially misconfigured. Unfortunately it appears some elements of your existing configuration create message characteristics identical to previously identified spam messages.

Please correct the mail server's HELO 'p2s6j4bpn0sh.io' and if needed, configure it with correct DNS (forward and reverse) and HELO/EHLO values. Here is an example:

Correct HELO/DNS/rDNS alignment for domain example.com:
- Mail server HELO: mail.example.com
- Mail server IP: 192.0.2.12
- Forward DNS: mail.example.com -> 192.0.2.12
- Reverse DNS: 192.0.2.12 -> mail.example.com

Correcting an invalid HELO or a HELO/forward DNS lookup mismatch will stop the IP from being listed again.

Points to consider:

* Alignment: it is strongly recommended that the forward DNS lookup (domain name to IP address) and rDNS (IP to domain) of your IP should match the HELO value set in your server, if possible
* The IP and the HELO value should both have forward and rDNS, and should resolve in public DNS
* Ensure that the domain used in HELO actually exists!

Additional points:

* According to RFC, the HELO must be a fully qualified domain name (FQDN): "hostname.example.com" is an FQDN and "example.com" is not an FQDN.
* The domain used should belong to your organisation.
* HELO is commonly a server setting, not DNS.

Contact your hosting provider for assistance if needed.

Please verify your HELO. If all settings are correct, you have a different problem, probably malware/spambot.

Again, the HELO we are seeing is 'p2s6j4bpn0sh.io'. The last detection was at 2023-12-18 21:10:00 (UTC).