I followed the links to abuseat.org. It says my IP hasn't been appeared in the past 28 days. I followed the links to spamhaus. It says my IP is listed in the SBL and the PBL. I contacted them, and they said that they'd seen spam behaviour at 7am on Sunday morning. Which is a neat trick, as I was sound asleep at that time, with my Win 10 laptop switched off.
I've scanned my laptop using MalwareBytes, and found a potentially unwanted program in Chrome from videodownloader ask.com. Which doesn't sound like anything spam-capable - but I've cleared that.
I've scanned my Android phone with Malwarebytes - clean.
My Thunderbird outgoing email settings haven't changed in a couple of years.
smtp.virginmedia.com port 465 Security = SLS/TLS Authentication method = Normal password Username = my ntlworld email address
For lack of anything better, I changed it to @VirginMedia.com - no dice.
All advice gratefully received.
[MOD EDIT: Personal and private information has been removed from this post. Please do not post personal or private information in your public posts. Please review theForum Guidelines]
As you have discovered, your public IP address has been listed on Spamhaus' CSS list and as such Virgin Media's mail system will actively block you from connecting - as far as I am aware, being included on the CSS list is the one and only cause of the VM305 message.
So think carefully, how many devices do you actually have on your network, any Amazon Firesticks, Chromecasts, Android TV boxes? All of these are potential hosts for malware and the source of the spam messages being sent out which got you on the list - and until you identify and remove the source you will keep being re-added to the block list.
So for a start you need to read through this post (and at first glance it might look daunting and too technical but it's not as bad as it seems and there is plenty of help available here)
Malwarebytes is very good, I often recommend it myself, but it's not perfect and it's by no means definite that the infected device is your PC or phone anyway, so we'll just have to do this the long way.
It happened to us 3 weeks ago and, after following Ravenstar68's instructions, we finally found out the culprits were a Firestick and a Sony Android TV. We couldn't check them out with Malwarebytes (or Kaspersky Total Security which we use on our laptops and phones) but the output from the Wireshark monitoring firmly pointed out their guilt. Since resetting them back to factory settings we've had no more IP blacklisting and running Wireshark periodically has also shown us that no more spam emails are being sent through Port 25.
Spamhaus have reported that the last spam was sent at 6am yesterday. Which points to it being a phone, firestick or pi. Rather than either of the wired PCs or the smart TVs.
I've followed the Wireshark instructions with all of these connected to the hotspot for 4-5 hours - nothing found. I confirmed it's listening by installing a telnet app on the devices and hitting blueyonder's smtp on 25 as in the instructions.
As soon as I exit that, it reverts to no hits.
Is there any way VM can offer some assistance in perhaps listing additional information on the outgoing packets that are being seen?
I'd put my phone on the Wireshark laptop first, leaving it there for most of the day. Not a sausage.
I've just fired up my GMail app - I'd not been using it because I'm on my laptop, and Wireshark has started recording port 25 hits.. .Except neither of the settings for my 2 accounts (Virgin and Yahoo) are using port 25. I've saved the results file, if it'll help? It was showing port xxx -> 25 (xxxx being a 4 digit code - I can't get near the monitoring laptop just now)
I've scanned my phone (again) with Malwarebytes, Play Protect and Kapersky - nothing.
So I've uninstalled the GMail app, and will try something like Outlook... See how that goes.