Menu
Reply
Highlighted
  • 90
  • 0
  • 7
thompa
Dialled in
415 Views
Message 11 of 16
Flag for a moderator

Re: NTLWorld email problems on Google Pixel mobile

Hi Tim,

I checked the ip address on a number of lists and was successful in removing it from a few blacklists.

The ones that are still listed are:-

 dnsbl.sorbs.net

dul.dnsbl.sorbs.net

and dnsbl.spfbl.net

I have one Windows 10 desktop which has not revealed any issues when running Malwarebytes and Malwarehunter.

ON our Netgear Orbi mesh network, we have:

  • 1 Chromebook
  • 1 Samsung Tab 4 tablet
  • 2 Android phones
  • 4 IP cameras
  • Ring doorbell
  • 2 Amazon Echo dots
  • 1 Amazon Firestick
  • 1 Slingbox
  • 1 Virgin Tivo
  • 1 NEO Hub
  • 1 Cosy thermostat
  • 1 Goodwe Solar inverter

I cannot understand why my IP address should be listed - especially as we spend 6 months each year away from home!

I did recieve a couple of letters from Virginmedia about remote access to the cameras which seemed to suggest this was illicit - but it wasn't, so I ignored the letters. Could that be the issue, I wonder? Though why it would only affect my mobile phone in sending email's I cannot imagine!

Hope this helps!

regards,

Allan

0 Kudos
Reply
  • 90
  • 0
  • 7
thompa
Dialled in
407 Views
Message 12 of 16
Flag for a moderator

Re: NTLWorld email problems on Google Pixel mobile

Hi again,

Just checked the phone again and seeing:

'Can't connect to server ([525 #5.7.13 Authentication Denied (VM305)])'

when trying to use : smtp.virginmedia.com

Allan

0 Kudos
Reply
  • 17.52K
  • 959
  • 7.17K
Very Insightful Person
Very Insightful Person
395 Views
Message 13 of 16
Flag for a moderator

Re: NTLWorld email problems on Google Pixel mobile

There are a number of different classes of blacklist.

IP addresses where email SERVERS - should not be sending from - or Policy Blacklists.  The majority of these are addresses that are allocated via DHCP, although some will also list static addresses known NOT to be running mail servers.

Examples of Policy Blacklists are:

SORBS DUHL (dul.dnsbl.sorbs.net
Spamhaus PBL

It's actually expected that your IP be on one of these lists.  They are NOT SPAM SOURCES but addresses that aren't suitable to run mail servers on.

IP addresses seen to be transmitting spam - commonly to honeypots run by third parties.  It's important to note that when I say transmitting spam, I mean connecting directly to the honeypot.

Examples of these are.

Spamhaus SBL
Spamhaus CSS
SORBS Spam

If your IP is on one of these lists, then it would strongly suggest that at least one device on your network has been hacked and being used to send out emails.

Exploit black lists.

A number of bots "phone home" to command and control servers.  Where law enforcement or other third party security agencies get access to these IP addresses, they'll often keep it partially active so that they can listen out for these bots and report the IP addresses, either to the relevant ISP or apply them to exploit blacklists.

Examples of such lists are:

Spamhaus XBL
Spamhaus CBL

Again if your IP address is on one of these lists then you have a problem.

Blacklists are essentially DNS databases, If your IP address is on there, it's usually added to the zone and looked up in a similar way to finding a PTR record.

Where the IP address is a.b.c.d  Then the DNS lookup is d.c.b.a.<blacklist zone>

For example looking at 80.195.90.xxx (my IP address)  if I want to see if it's on SORBS DUHL then I can do the following

C:\Users\timdu>nslookup xxx.90.195.80.dul.dnsbl.sorbs.net
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    xxx.90.195.80.dul.dnsbl.sorbs.net
Address:  127.0.0.10

dnsbl.sorbs.bet is actually the master zone for SORBS - if you are in any of their blacklists then you will be in the main zone.

C:\Users\timdu>nslookup xxx.90.195.80.dnsbl.sorbs.net
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    xxx.90.195.80.dnsbl.sorbs.net
Address:  127.0.0.10

Note that in the case of SORBS the number in red actually tells you which database you are on.

Spamhaus also has a master zone Spamhaus Zen - that's supposed to work in the same way.

I did check SPFBL as well

C:\Users\timdu>nslookup xxx.90.195.80.dnsbl.spfbl.net
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    xxx.90.195.80.dnsbl.spfbl.net
Address:  127.0.0.4

I actually put the IP into their website so I can already tell you that the 4 means that my IP is in a range that is allocated dynamically.

So in short I'm not really worried about these particular entries.

Bear in mind that entries like the CSS are real time blacklists.  If you are on there it's usually because traffic has been seen recently (The CSS delists entries after 48 hours)

That said I will repeat my earlier comment.

VM should not be using these lists, on their outbound relays.  Protecting outbound relays is what authentication is designed to do.  These blacklists are designed to protect the relays at the destination.  i.e.  I send an email from blueyonder to google.  Google's servers will check to see if the IP delivering the mail (Virgin Media's mail server) is blacklisted.  Google doesn't look at the IP address the mail originally came from.

I do get what VM are trying to do - but it's a flawed strategy IMHO.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

0 Kudos
Reply
  • 90
  • 0
  • 7
thompa
Dialled in
366 Views
Message 14 of 16
Flag for a moderator

Re: NTLWorld email problems on Google Pixel mobile

Hi ravenstar68,

0 Kudos
Reply
  • 90
  • 0
  • 7
thompa
Dialled in
355 Views
Message 15 of 16
Flag for a moderator

Re: NTLWorld email problems on Google Pixel mobile

Interesting there is an entry from 2008 in the SORBS database:-

Usage classification (only important if you run your own mailserver.)
1 "DUHL" entries [03:37:01 19 Dec 2008 GMT-05].

 

I have not knowing used my computer as a 'mailserver'!

I changed my Virginmedia password.

I struggled to change the 'Outgoing' settings on my phone with 'Couldn't connect to server' errors when changing to 'smtp.virginmedia.com' - but eventually the changed entry held and now my email appears to be functioning on the Mobile

Allan

0 Kudos
Reply
  • 17.52K
  • 959
  • 7.17K
Very Insightful Person
Very Insightful Person
350 Views
Message 16 of 16
Flag for a moderator
Helpful Answer

Re: NTLWorld email problems on Google Pixel mobile

You and I are both meant to be on the DUHL - virtually all residential customers on all ISP's should be on there as our IP addresses are allocated dynamically.

Be aware that most people misunderstand DHCP - There is of course the advice that if you switch your router off and then back on you'll get a different IP address, after all Dynamic means changing.

This is wrong,  DHCP simply means that a device can set itself up dynamically according to the network it finds itself connected to.  Such IP addresses may be as short or as long lived as the network administrator deems appropriate.  Indeed Virgin Media DHCP allocated IP addresses can remain the same for years at a time.

However because there is the possibility that these addresses MAY change, they are not suitable for hosting mail servers (especially on the inbound side).  Thus these IP addresses should never be connecting to mail exchangers directly.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

0 Kudos
Reply