Menu
Reply
  • 3
  • 0
  • 0
jimg1953
Joining in
305 Views
Message 1 of 6
Flag for a moderator

Email blocked as spam by receiving server

Morning all

This seems to be a similar problem to one in another thread active recently, but that discusses multiple issues so I felt it better to start a new one.

An email I sent yesteday bounced back with a message that it had been blocked because "Messages from your IP have been determined to be suspicious as a device on your current network may have malware." Virgin media help weren't that helpful and just wanted to change my email client (T'bird) configuration settings, but I don't think that's the problem as other messages have gone through without problems. Can anybody tell me what's going on and whether there's a real problem?

Message details:

From: mailer-daemon@virginmedia.com

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed permanently:

*.*@marriott.com

Reason: This is the mail system at host know-smtprelay-1-imp.

I am sorry to have to inform you that your message, "AC Marriott at The Banks, Cincinnati", could not be delivered to *.*@marriott.com.

Messages from your IP have been determined to be suspicious as a device on your current network may have malware. Please refer to the spamhaus listing below for further infomation;

https://www.spamhaus.org/query/ip/138.68.150.73

Please be aware that if you are not sending mail from your own broadband connection that the listing may have been caused by a previous user The remote server returned the below error when attempting delivery:

554:554-hdqncvmmailin16.marriott.com
554 The IP address was identified as potential Spam Source. Please see http://senderbase.org for additional details.


Reporting-MTA: dns; know-smtprelay-1-imp [62.252.172.2]
Received-From-MTA: dns; [10.102.39.42] [138.68.150.73]
Arrival-Date: Wed, 01 May 2019 19:06:09 +0100

Final-recipient: rfc822; *.*@marriott.com
Diagnostic-Code: smtp; 554-hdqncvmmailin16.marriott.com

Last-attempt-Date: Wed, 01 May 2019 19:06:10 +0100

 

Received: from [10.102.39.42] ([138.68.150.73])
by cmsmtp with ESMTPA
id LtcOhCF40ixsKLtcPhWbRS; Wed, 01 May 2019 19:06:09 +0100
X-Originating-IP: [138.68.150.73]
X-Authenticated-User: *.*@virgin.net
X-Spam: 0
X-Authority: v=2.3 cv=XtvUx2N9 c=1 sm=1 tr=0 a=LmXD0kQIzC+1HxvJ9qEyzg==:117
a=LmXD0kQIzC+1HxvJ9qEyzg==:17 a=IkcTkHD0fZMA:10 a=kBeRHAJh8_rPCveJCjQA:9
a=ovha_tOfMh9y64Lr:21 a=LL5jCU2Mt3T7vafF:21 a=QEXdDO2ut3YA:10
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virgin.net;
s=meg.feb2017; t=1556733969;
bh=b5d5Og8mEnzomDuW5uvn2YCSMZHEbYkQXiE0pEhLZsI=;
h=FromSmiley Frustratedubject:To:CcSmiley Very Happyate;
b=RtWYHNnESFithzuqclHVadtDGn7EUzk+f6Luy7BzJ2b9nNdhB9xbnpVEVEdzY57kM
8Q1f8fuZPI4f4/L0eY1aZpw5c4JW8NjKzOjJ7uL/Irc+sfE7JYBvRq4M7BPA/o6nXt
LKkjXjmfX7m47WQ/I1uZkb+iTUOH7Nofb0icDPx/ZUpSKq5SbKcMieZYJJmikgONYV
M2kLrnVrHeDweoH7dSi5+CHfqWaWbF6K/bPatqfvLpR+jYM/4zi9Ql1RNA2IWRUKej
VvMMcePpv9+CM5WrSyziNEoB4n7AwIFgA2v0XipfiRIdeoeaXgqx99fSHx5MJpP5XT
5yq9sPd5Wv8Yg==
From: * * <*.*@virgin.net>
Subject: AC Marriott at The Banks, Cincinnati
To: *.*@marriott.com
Cc: "*.*@marriott.com
Message-ID: <0a03ad89-0f6b-7f12-7907-dd5f6242eedb@virgin.net>
Date: Wed, 1 May 2019 19:05:56 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
Thunderbird/60.6.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfG+casrvRqzqOdxuw2mUoUXQmfv+k3doFmtBQ4jQfQZTqzTS2sfGi0Io23gJXqwuO/Tcm0DmPBfsBxndHuY6gs9bCsY99SuquR1SCSn/ZOrlp/RDDQCt
sExQGrKsLMyHsXtPFrosnwYm3hR4CUrG4TJFxDapRIrRxmmIjhBC6zaoFi6vVuJ/KRoyPC6ONFrWS2ZiW9H4dINb+gMMekqNBeDKMNRwtAWA6iPr5soij0NB


138.68.150.73 apparently belongs to an organisation called Digital Ocean in London

 

Thanks

Jim

0 Kudos
Reply
  • 1.46K
  • 77
  • 194
Forum Team
Forum Team
258 Views
Message 2 of 6
Flag for a moderator

Re: Email blocked as spam by receiving server

Hello jimg1953

Thanks for your post and welcome to our forums 

Can I please ask if you are sending this email over our WiFi

Or has it been sent over a VPN?

Gareth_L

0 Kudos
Reply
  • 3
  • 0
  • 0
jimg1953
Joining in
240 Views
Message 3 of 6
Flag for a moderator

Re: Email blocked as spam by receiving server

Gareth - hi

Thanks for the reply: the messages were from my PC over a wired Ethernet connection, so no WiFi involved, and no VPN. I've since sent messages to other email addresses with no problems, although I haven't yet re-tried the ones that failed (it was getting very late): I'll do that and report back.

Jim

0 Kudos
Reply
  • 739
  • 22
  • 39
Forum Team
Forum Team
236 Views
Message 4 of 6
Flag for a moderator

Re: Email blocked as spam by receiving server

Thank you Jim.

 

Look forward to hearing back from you soon. 

David_Pn
Forum Team

Need help changing SIM card? Find out more about activating your 4G ready SIM. 4G SIM Swap Help


0 Kudos
Reply
  • 17.13K
  • 939
  • 6.87K
Superuser
Superuser
227 Views
Message 5 of 6
Flag for a moderator

Re: Email blocked as spam by receiving server

There's a whole lot of strange about the error message.  Not least that Virgin Media appear to be making things harder on themselves than they need to be in terms of error reporting.

Let's look at a mail my mail server received that was sent via Virgin Media's relays.  My own server runs Spamassassin checks on inbound mail.  Here's part of it.

 

X-Spam-Report: 
	* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
	*      https://www.dnswl.org/, no trust
	*      [80.0.253.70 listed in list.dnswl.org]
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*       valid
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	*      author's domain
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

Note that the IP address being checked actually belongs to one of Virgin Media's outbound mail relays.  I actually created a setup that signs mail for my domain with DKIM and then passes it on to those relays (Set up just to demonstrate it's possible).

 

Now were I sending to the Marriott this is the IP address the Marriott should be checking (there's actually up to 32 IP addresses that the mail could go out on - so yours may have been different) and certainly that IP does not appear on any major blacklists.

So I personally am very confused as to where this line comes from:

X-Originating-IP: [138.68.150.73]

Considering you say there's no VPN involved.

Digital Ocean are a hosting company who among other things host Virtual Private servers (they call them Droplets - no doubt a play on the company name).  I use a similar thing myself albeit from a different company.

Looking at the actual mail headers in your case:

Received: from [10.102.39.42] ([138.68.150.73])
by cmsmtp with ESMTPA
id LtcOhCF40ixsKLtcPhWbRS; Wed, 01 May 2019 19:06:09 +0100
X-Originating-IP: [138.68.150.73]
X-Authenticated-User: *.*@virgin.net
X-Spam: 0
X-Authority: v=2.3 cv=XtvUx2N9 c=1 sm=1 tr=0 a=LmXD0kQIzC+1HxvJ9qEyzg==:117
a=LmXD0kQIzC+1HxvJ9qEyzg==:17 a=IkcTkHD0fZMA:10 a=kBeRHAJh8_rPCveJCjQA:9
a=ovha_tOfMh9y64Lr:21 a=LL5jCU2Mt3T7vafF:21 a=QEXdDO2ut3YA:10
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virgin.net;
s=meg.feb2017; t=1556733969;
bh=b5d5Og8mEnzomDuW5uvn2YCSMZHEbYkQXiE0pEhLZsI=;
h=From:Subject:To:Cc:Date;
b=RtWYHNnESFithzuqclHVadtDGn7EUzk+f6Luy7BzJ2b9nNdhB9xbnpVEVEdzY57kM
8Q1f8fuZPI4f4/L0eY1aZpw5c4JW8NjKzOjJ7uL/Irc+sfE7JYBvRq4M7BPA/o6nXt
LKkjXjmfX7m47WQ/I1uZkb+iTUOH7Nofb0icDPx/ZUpSKq5SbKcMieZYJJmikgONYV
M2kLrnVrHeDweoH7dSi5+CHfqWaWbF6K/bPatqfvLpR+jYM/4zi9Ql1RNA2IWRUKej
VvMMcePpv9+CM5WrSyziNEoB4n7AwIFgA2v0XipfiRIdeoeaXgqx99fSHx5MJpP5XT
5yq9sPd5Wv8Yg==
From: * * <*.*@virgin.net>
Subject: AC Marriott at The Banks, Cincinnati
To: *.*@marriott.com
Cc: "*.*@marriott.com

Everything in blue is added by Virgin Media's server prior to sending it on to the Marriott.  This tells me that the mail client sending the message was connected "directly" to that IP address.  The mail client sees the RFC1913 address and announces itself using that, whereas Virgin Media's server sees the Public IP address making the connection as well.

Received: from [10.102.39.42] ([138.68.150.73])

That's what made me think you are on a VPN - you  confirmed that you sent this mail and certainly the Superhubs all use RFC1918 IP's from the 192.168.0.x range.

Either way - while the public IP is definitely blacklisted - The Marriott wouldn't check that IP address itself when deciding whether or not to accept the mail.

Using blacklists on originating IP's is unwise IMHO anyway.  I can see why Virgin Media might see it as a good idea, but the principle is that outbound relays SHOULD be protected by some form of authentication (usually email address and password) whereas inbound mail servers can't be.  So they check the address they are talking to directly to see if it can be trusted.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 3
  • 0
  • 0
jimg1953
Joining in
164 Views
Message 6 of 6
Flag for a moderator

Re: Email blocked as spam by receiving server

Thanks for the further exploration - it's interesting to get a further insight into how it should work. 

I re-sent the message to one of the addresses, as I discovered that the other wasn't active anyway, and it clearly got through without a problem as there was no error message and I had a reply back yesterday. I don't see how including an invalid address could cause this - I'd just expect the standard 'could not deliver' message from their end. It's all a bit bizarre as I had sent two messages sucessfully within the 40 minutes prior to the one that failed, and several Test messages the next morning that also got through without problems. As far as I can tell, no-one else would have been using the wifi (Hub 3.0) at that point.

I guess that it will just have to go down as 'one of those things', but thanks to those who took time to look into it for me.

Cheers, Jim

0 Kudos
Reply