Beglebone Black img send Email automaticaly on port 25

I’m trying a Beaglebone Black with the latest image downloaded from here:

Debian image for BeagleBone Black using external microSD Kernel: 5.10.168-ti-r71 U-Boot: v2022.04 default username:password is [debian:temppwd] For flashing instructions or other images, see https://forum.beagleboard. org/t/debian-11-x-bullseye-monthly-snapshot-2023-09-02/31280
The module works well with external SD

Looking at the TCP interface with Wireshark I see that the module tries to automatically connect to port 25 and send emails to random mail servers every 30 seconds.
This creates problems for me because the mail server puts my fixed IP on the blacklist after a certain time.
The SD card is original, I don’t have any type of application

Has anyone had my problem?

Which module? I’m trying to think, what software package automatically sends packets over 25 this day and age…

P. S. the IP address of the board is

The module is BeagleBone Black with serial number 3914BBBK2833.
Effectively it is a strange behaviour . It seems like a virus .

Wireshark Beaglebone Black.pcapng (2,5 MB)
These files are Wireshark capture on TCP port

okay, module = beaglebone black, here i thought it was something else you plugged in…

nc localhost -v 25


But I think is a Server SMTP no client . It can not send Email

whith Nmap I can see port 25 open ssh

i’m checking the image, console, iot or xfce?


Sorry before i 've confused port 25 with port 22
The only port open is 22 ssh

Correct 22 is open, for ssh access…

So is port 25 sending emails by default, and which image, so i can disable/kill it…


Is that out of the box image?

Was your board locked down before/while connected to the internet?

That would not be an isssue locally, make sure your gateway is blocking 22 inbound from the internet.

How can I disable/Kill port 25 ?

At this point, pull the board from your network.

Are you in the Netherlads?

% This is the RIPE Database query service.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to ' -'

% Abuse contact for ' -' is ''

inetnum: -
netname:        WORLDSTREAM
country:        NL
admin-c:        WS1670-RIPE
tech-c:         WS1670-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-WORLDSTREAM
mnt-domains:    MNT-WORLDSTREAM
mnt-routes:     MNT-WORLDSTREAM
created:        2019-02-05T09:20:16Z
last-modified:  2019-02-05T09:20:16Z
source:         RIPE # Filtered

role:           WORLDSTREAM DBM
address:        Industriestraat 24
address:        2671CT NAALDWIJK
address:        The Netherlands
phone:          +31174712117
admin-c:        DV1495-RIPE
tech-c:         DV1495-RIPE
nic-hdl:        WS1670-RIPE
mnt-by:         MNT-WORLDSTREAM
created:        2008-05-15T09:52:38Z
last-modified:  2013-08-20T11:17:59Z
source:         RIPE # Filtered

% Information related to ''

origin:         AS49981
remarks:        ------------------------------------------------
remarks:        Abuse notifications to:
remarks:        ------------------------------------------------
mnt-by:         MNT-WORLDSTREAM
created:        2022-11-22T09:53:05Z
last-modified:  2022-11-22T09:53:05Z
source:         RIPE

After pulllng the board continue PCAP and see what else is going on.

ufw… UncomplicatedFirewall - Ubuntu Wiki

but still an out of box image should not be sending emails over port 25, please let us know exactly what image it was… File name…


Tomorrow i’ll repeat flash immage and write you the result

AM335x 11.7 2023-09-02 4GB microSD IoT
Download software images
AM335x 11.7 2023-09-02 4GB microSD IoT
Debian image for BeagleBone Black using external microSD

Kernel: 5.10.168-ti-r71
U-Boot: v2022.04
default username:password is [debian:temppwd]
For flashing instructions or other images, see Debian 11.x (Bullseye) - Monthly Snapshot - 2023-10-07

okay, downloading and testing:


I uploaded and tested this morning img.xz

I edited the file
beaglebone:/etc/network interfaces

The primary network interface

car eth0
iface eth0 inet static

to have static IP

Unfortunately, everything is as before

I will now try to buy a new BeagleBone Black and repeat all the tests


car eth0 is
auto eth0